Privacy Policy

Nxfin Technologies Pvt. Ltd. ("we," "our," or "us") operates the Nxcar CRM system. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Customer Relationship Management (CRM) platform.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us, including but not limited to:

• Account Information: Name, email address, phone number, employee ID, and role within the organization
• Authentication Data: Username, password (encrypted), and security questions
• Profile Information: Department, designation, reporting manager, and contact details

1.2 Business Information

In the course of using our CRM system, we collect and process:

• Lead Data: Customer names, contact information, company details, and lead status
• Transaction Records: Financial transactions, payment history, and related documentation
• Communication Data: Emails, notes, and interactions with customers and prospects
• Documentation: Contracts, agreements, invoices, and other business documents

1.3 Technical Information

We automatically collect certain technical information when you access our system:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Login times, pages visited, features used, and system interactions
• Log Files: Server logs, error logs, and system performance metrics
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our CRM services
• User Authentication: To verify your identity and manage access to the system
• Business Operations: To manage leads, track sales, process transactions, and generate reports
• Communication: To send notifications, updates, and respond to your inquiries
• Security: To detect, prevent, and address security threats and fraudulent activities
• Compliance: To comply with legal obligations and regulatory requirements
• Analytics: To analyze usage patterns and improve system performance

3. Data Storage and Security

3.1 Data Storage

Your data is stored securely using industry-standard practices:

• Cloud Infrastructure: Data is stored on secure cloud servers with encryption at rest
• Geographic Location: Data is primarily stored in India, with backups in secure locations
• Retention Period: We retain your data as long as necessary for business purposes or as required by law

3.2 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: All data in transit is encrypted using SSL/TLS protocols
• Access Controls: Role-based access control (RBAC) ensures users only access authorized data
• Authentication: Multi-factor authentication (MFA) and strong password policies
• Monitoring: Continuous monitoring for security threats and unauthorized access
• Regular Audits: Periodic security audits and vulnerability assessments
• Backup and Recovery: Regular automated backups and disaster recovery procedures

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our system (e.g., cloud hosting, email services)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• With Consent: When you have explicitly consented to the sharing

5. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to your personal data stored in our system
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data, subject to legal and business requirements
• Portability: Request a copy of your data in a portable format
• Objection: Object to processing of your data for certain purposes
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze system usage and performance
• Enhance security and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect system functionality.

7. Data Retention

We retain your personal information for as long as necessary to:

• Fulfill the purposes outlined in this Privacy Policy
• Comply with legal, regulatory, or contractual obligations
• Resolve disputes and enforce agreements
• Maintain business records as required by law

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

9. Children's Privacy

Our CRM system is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the system after such changes constitutes acceptance of the updated policy.

11. Compliance with Laws

We comply with applicable data protection laws, including:

• Information Technology Act, 2000 (India): Compliance with Indian IT laws and regulations
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011: Adherence to data protection rules
• General Data Protection Regulation (GDPR): For users in the European Union
• Other Applicable Laws: Compliance with local data protection laws in jurisdictions where we operate

12. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Investigate the breach immediately
• Notify affected users and relevant authorities as required by law
• Take appropriate remedial measures to prevent further breaches
• Provide guidance on steps you can take to protect yourself