This Privacy Policy explains how Zivo CRM (“Zivo CRM”, “we”, “us” or “our”) collects, uses, shares, retains and protects information when you use our website at zivocrm.in, our web application at app.zivocrm.in, and related services (together, the “Service”). We are committed to handling your data responsibly and in line with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.
1. Who this policy covers
Zivo CRM is a business tool. We process two broad categories of people’s data:
- Customers (account users): the businesses and their team members who sign up for and use Zivo CRM.
- Customer contacts: the leads, contacts and end-customers whose information our customers store and manage inside the Service.
For data that our customers put into Zivo CRM about their own leads and contacts, the customer is the Data Fiduciary / controller and Zivo CRM acts as a Data Processor, processing that data on the customer’s instructions. If you are a lead or contact of a business that uses Zivo CRM, please direct privacy requests to that business; we will assist them as required.
2. Information we collect
Information you provide
- Account & profile: name, business name, email address, phone number, password and role.
- Billing: plan details and payment information (processed by our payment partners — we do not store full card numbers).
- CRM content: leads, contacts, companies, deals, tasks, notes, messages and any files you upload.
- Communications: messages you send to us for support, and content of messages you send to your contacts through the Service (WhatsApp, SMS, email, calls).
Information we collect automatically
- Usage & device data: IP address, browser type, device and operating system, pages viewed, actions taken and timestamps.
- Cookies & similar technologies: used to keep you signed in, remember preferences and understand usage (see Cookies & analytics).
Information from third parties
- Lead sources: when you connect channels such as Meta (Facebook/Instagram) Lead Ads, Google, JustDial or WhatsApp, we receive the lead information those platforms pass to you.
- Integration providers: message delivery, open and call status from providers you connect (see Third-party integrations).
3. How we use information
- Provide, operate, secure and improve the Service.
- Authenticate users and manage accounts, roles and billing.
- Capture leads, sync contacts and deliver messages across WhatsApp, SMS, email and calls on your instruction.
- Power AI features such as account summaries, lead scoring and drafting follow-ups (see AI features).
- Provide customer support and respond to your requests.
- Monitor performance, prevent fraud and abuse, and maintain security.
- Comply with legal obligations and enforce our terms.
We do not sell your personal data, and we do not use the content you store in Zivo CRM to train third-party advertising profiles.
4. Legal basis for processing
Depending on the situation, we process personal data on the basis of your consent, to perform our contract with you, to meet a legal obligation, or for our legitimate business interests (such as securing and improving the Service) in a way that does not override your rights. Where consent is the basis, you may withdraw it at any time.
5. How we share information
We share information only as needed to run the Service:
- Service providers / sub-processors: cloud hosting, databases, and the integration providers listed below, who process data on our behalf under appropriate safeguards.
- At your direction: when you send messages, place calls or sync data to a connected platform.
- Legal & safety: where required by law, regulation or valid legal process, or to protect the rights, property and safety of Zivo CRM, our users or the public.
- Business transfers: in connection with a merger, acquisition or sale of assets, subject to this policy.
6. Third-party integrations
When you connect an integration, data is shared with that provider under their own terms and privacy policies. Key providers include:
| Provider | Purpose |
|---|---|
| Meta (Facebook, Instagram, WhatsApp) | Lead capture and two-way WhatsApp messaging |
| Lead capture and sign-in | |
| JustDial | Lead capture |
| MSG91 | SMS delivery |
| Exotel | Click-to-call telephony |
| Resend | Email delivery and open tracking |
| Anthropic | AI features (see below) |
You control which integrations are connected and can disconnect them at any time from your account settings.
7. Meta / Facebook & WhatsApp data
If you connect Facebook or Instagram Lead Ads, we receive lead form data (such as name, email and phone number) that the user submitted and consented to share, solely to deliver those leads into your CRM. If you connect WhatsApp Business, we send and receive messages using approved templates on your behalf and log them to the relevant contact’s timeline. We use Meta data only to provide these features to you, we do not sell it, and you can revoke access at any time by disconnecting the integration in Zivo CRM or by removing the app from your Facebook settings. To request deletion of data obtained through Meta platforms, see Data deletion.
8. AI features
Our AI Sales Agent is powered by Anthropic. When you use AI features, relevant content from your workspace (such as the leads, deals, tasks or contacts your query relates to) is sent to the AI provider to generate a response. This data is used only to produce the output you requested and is not used to train the provider’s foundation models. AI output can be imperfect, so we recommend reviewing it before acting.
9. Cookies & analytics
We use strictly necessary cookies to keep you signed in and secure, and limited analytics to understand how the Service is used so we can improve it. You can control cookies through your browser settings; disabling some cookies may affect functionality.
10. Data retention
We retain personal data for as long as your account is active or as needed to provide the Service. CRM content is retained while your account exists and is deleted or anonymised within a reasonable period after account closure, unless we are required to keep it to comply with legal, tax or accounting obligations, resolve disputes or enforce our agreements.
11. Security
We use technical and organisational measures to protect your data, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect your information and to notify affected users and authorities of any significant breach as required by law.
12. Your rights & choices
Subject to applicable law, you may have the right to:
- Access and obtain a copy of your personal data.
- Correct or update inaccurate or incomplete data.
- Request deletion of your personal data.
- Withdraw consent where processing is based on consent.
- Nominate another individual to exercise your rights in the event of death or incapacity (as provided under the DPDP Act).
- Raise a grievance with us, and escalate to the Data Protection Board of India if unresolved.
To exercise any of these rights, contact us using the details below. We will verify your identity and respond within the timelines required by law.
13. Data deletion
You can delete individual records from within the app, or request deletion of your account and associated data by emailing privacy@zivocrm.in with the subject line “Data Deletion Request”. We will confirm and process the request within a reasonable period, except where we must retain certain data to meet legal obligations. If you connected a Meta (Facebook/Instagram/WhatsApp) integration, disconnecting it or removing the app from your platform settings, together with a request to the email above, will result in deletion of the associated data we hold.
14. International transfers
Some of our service providers may process data outside India. Where data is transferred internationally, we take steps to ensure it is protected consistently with this policy and applicable law.
15. Children
The Service is intended for use by businesses and is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
17. Contact us
If you have questions, requests or grievances about this policy or your data, contact our Grievance Officer: