Summary: MsgCRM (operated by RadhaMadhav WebStore LLP) collects only the data necessary to provide our services. We never sell your data to third parties. We use industry-standard security to protect your information. You have full rights over your data at any time.
1. Who We Are
MsgCRM is a product of TheWebStore028 (RadhaMadhav WebStore LLP), a company registered in India. Our registered address is Thane, Maharashtra - 421204. We operate the website at https://msgcrm.in and the application at login.msgcrm.in.
For privacy-related queries, contact us at: Connect@msgcrm.in or call +919167696213.
2. Information We Collect
2.1 Information You Provide Directly
- Account Registration: Name, email address, phone number, business name, and password when you create an account.
- Billing Information: Payment details processed securely through Razorpay. We do not store your full card details on our servers.
- Communications: Messages, emails, or support tickets you send to us.
- Business Data: WhatsApp contacts, message templates, campaign data, CRM records, and any content you upload or create within the platform.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, clicks, session duration, and interaction data within the platform.
- Device & Technical Data: IP address, browser type, operating system, screen resolution, and device identifiers.
- Cookies & Tracking: Session cookies, authentication tokens, and preference cookies. See Section 8 for full cookie details.
- Log Data: Server access logs including timestamps, URLs accessed, and HTTP status codes.
2.3 Third-Party Data
- Data from connected services like Facebook Lead Ads, Google Sheets, or WhatsApp Business API that you authorise MsgCRM to access.
- Information from OAuth providers if you log in via Google or Facebook.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To create and manage your account, process payments, and provide all platform features including chatbots, CRM, campaigns, and analytics.
- Customer Support: To respond to your queries, troubleshoot issues, and provide technical assistance.
- Product Improvement: To analyse usage patterns, fix bugs, and develop new features based on user behaviour.
- Security & Fraud Prevention: To detect suspicious activity, prevent unauthorised access, and protect our platform and users.
- Legal Compliance: To meet our legal obligations under Indian law, GDPR, and other applicable regulations.
- Marketing Communications: To send you product updates, newsletters, and promotional offers (only with your consent; you can unsubscribe at any time).
- Billing & Invoicing: To process payments, generate invoices, and manage subscriptions.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your data on the following legal bases:
- Contract: Processing necessary to fulfil our Terms of Service agreement with you.
- Legitimate Interests: For security monitoring, fraud prevention, and product improvement.
- Consent: For marketing emails and optional analytics. You may withdraw consent at any time.
- Legal Obligation: When required by applicable law or court order.
5. Data Sharing and Third Parties
We do not sell your personal data. We only share data in the following limited circumstances:
- Service Providers: Trusted third-party vendors who help operate our service (e.g., Razorpay for payments, AWS for cloud hosting, OpenAI for AI features). They are bound by strict data processing agreements.
- WhatsApp / Meta API: Data required for sending messages through the official WhatsApp Business API is shared with Meta Platforms, Inc. in accordance with Meta's privacy policy.
- Legal Requirements: When required by Indian law, court order, government authorities, or to protect rights and safety.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate safeguards.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. Specifically:
- Active account data: Retained for the duration of your subscription plus 90 days after cancellation.
- Billing records: Retained for 7 years as required under Indian GST law.
- Support communications: Retained for 2 years.
- Marketing data: Until you unsubscribe or request deletion.
When data is no longer needed, we securely delete or anonymise it.
7. Your Rights
Depending on your location, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent: Withdraw consent for any processing you previously consented to.
To exercise any of these rights, email us at Connect@msgcrm.in. We will respond within 30 days.
8. Cookies Policy
We use the following types of cookies:
- Essential Cookies: Required for the platform to function (login sessions, CSRF protection). Cannot be disabled.
- Analytics Cookies: Help us understand how users interact with the platform (Google Analytics). You can opt out via your browser settings.
- Preference Cookies: Remember your language, theme, and display preferences.
- Marketing Cookies: Track interactions with our ads (only with your consent).
You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality.
9. Data Security
We implement robust security measures to protect your data:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Multi-factor authentication (MFA) available for all accounts
- Role-based access controls within the platform
- Daily automated backups with encrypted storage
- 24/7 monitoring for suspicious activity
10. International Data Transfers
MsgCRM primarily stores data on servers located in India. If we transfer data internationally (e.g., to OpenAI servers in the US for AI features), we ensure adequate safeguards are in place including Standard Contractual Clauses (SCCs) and data processing agreements compliant with GDPR.
11. Children's Privacy
MsgCRM is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or prominent notice on the platform at least 2 days before the change takes effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For any privacy questions, data requests, or concerns: