Privacy Policy

This Privacy Policy explains how Compact Services LLP ("Company", "we", "our", "us") collects, uses, stores, and discloses personal data when you use ClientScale CRM. Compact Services LLP is a limited liability partnership registered under the Limited Liability Partnership Act, 2008 of India with its principal office at [TODO: insert Compact Services LLP registered office address, India].

1. Data We Collect

We may collect account information, organization data, lead and customer details you submit, communication content, usage analytics, device and browser metadata, and support correspondence.

2. How We Use Data

We use data to provide and secure the service, process transactions, improve product performance, provide customer support, comply with legal obligations, and communicate service-related notices.

3. Technical Processing and Service Providers

To operate ClientScale CRM, data may be processed by trusted providers for hosting and databases, authentication, payments, communication APIs, cloud object storage, performance analytics, and error monitoring.

Based on current implementation, this may include Neon (database), Clerk (authentication), Razorpay (payments), Meta WhatsApp Cloud API and Vapi (voice communications), Cloudflare R2 (document storage), Vercel Analytics/Speed Insights (performance analytics), and Sentry (error monitoring). Card, UPI, NetBanking, and wallet payments are processed by Razorpay Software Private Limited.

Some service providers process data on infrastructure located outside India, including in the United States and the European Union. These transfers are made pursuant to contractual safeguards with each provider and apply only to the extent necessary to deliver the service.

4. WhatsApp Business and Meta Platform Data

ClientScale CRM uses the Meta WhatsApp Business Cloud API and Meta Lead Ads to help businesses receive and respond to enquiries. When a contact messages a business that uses our platform, or submits a Facebook or Instagram lead form, Meta sends us the message content, the contact's phone number or email, and associated metadata (campaign and referral details). We use this data solely to deliver the service to the business that received the enquiry — to display the conversation, generate replies, schedule follow-up messages, and produce reporting for that business. We do not use Meta-sourced data to build advertising profiles, do not sell it, and do not share it with third parties beyond the infrastructure providers listed in Section 3.

Contacts can opt out of WhatsApp messages at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT. On opt-out, the contact is marked do-not-contact and all scheduled outbound messages are cancelled automatically. Outbound messages are sent only within the local-time window configured by the business and respect Meta's 24-hour customer service window and approved-template requirements.

You can request deletion of your data at any time — see our Data Deletion Instructions.

5. Legal Bases and Retention

We process personal data on the basis of consent provided by the Data Principal, for the performance of a contract with the Data Principal or the business they have engaged with, and to comply with applicable law including the Digital Personal Data Protection Act, 2023. Personal data is retained only as long as is necessary for these purposes.

6. Sharing and International Transfers

We do not sell personal data. We may share data with service providers, professional advisors, or authorities when legally required. Data may be processed in countries outside your own, subject to applicable safeguards.

7. Security

We use reasonable technical and organizational measures to protect data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

As a Data Principal, you have the right to access, correct, and erase your personal data, to nominate another individual to exercise your rights in the event of death or incapacity, and to grievance redressal. To exercise these rights, see our Data Deletion Instructions or contact the Grievance Officer listed in Section 11.

9. Children

The service is not directed to children and is not intended for users below 18 years of age. Processing of personal data of children is subject to the additional protections set out under the Digital Personal Data Protection Act, 2023.

10. Policy Updates

We may update this policy from time to time. Material changes will be communicated through the service or by other reasonable means.

11. Contact and Grievance Officer

For privacy requests or questions about this policy, contact [TODO: insert Compact Services LLP support email].

In accordance with the Digital Personal Data Protection Act, 2023, our Grievance Officer is [TODO: insert Grievance Officer name], reachable at [TODO: insert Grievance Officer email]. Complaints will be acknowledged within 72 hours and resolved within 30 days.