Privacy Policy

Last updated: [DATE]

Before going live: this is a starting template, not a finished legal document. Fill in every [BRACKETED] placeholder with your actual practices, and review against the real privacy law that applies to you (e.g. India's DPDP Act, GDPR if you have EU customers, or your local equivalent) before accepting real customer data.

1. What we collect

When you sign up, we collect your name, work email, phone number (if provided), and company details. Once you're using Iris Ledger CRM, your team's own data is stored on your behalf: leads, contacts, deals, quotes, invoices, and anything else you or your team enters. We also collect basic technical data (IP address, browser type, login times) for security and to operate the Service.

2. How we use it

To provide and operate the Service you signed up for
To send account-related email — verification, billing receipts, overdue reminders, security alerts
To respond to support requests
[Add: any analytics, marketing, or other use you actually do — don't list uses you don't perform]

3. Payment information

Online payments are processed by our payment gateway provider(s) (e.g. Razorpay). We do not store your full card or bank details ourselves — these are handled directly by the gateway under their own security standards (PCI-DSS). We do store payment confirmations, amounts, and invoice records as part of normal billing.

4. Who we share data with

We don't sell your data. We share it only with: service providers needed to run the platform (hosting, email delivery, payment processing), and where required by law. If you connect a third-party integration (e.g. WhatsApp, Google Sheets, Meta Lead Ads), data flows to that provider per their own terms — that's your choice to enable, not something we initiate.

5. Data retention

We keep your data for as long as your account is active. If you cancel, we retain it for [RETENTION PERIOD — e.g. 30/90 days] in case you want to reactivate, then delete it unless you request earlier deletion or we're required to keep records longer for legal/tax reasons.

6. Your rights

You can export your own data at any time from within the app (Settings → Data backup). You can request correction or deletion of your account data by contacting [SUPPORT EMAIL]. Depending on your location, you may have additional rights under local law (access, portability, objection) — contact us to exercise them.

7. Security

We use industry-standard measures to protect your data, including encrypted storage of sensitive credentials (e.g. payment gateway keys) and access controls limiting who can see your company's data. No system is perfectly secure, and we'll notify you if we become aware of a breach affecting your data, as required by applicable law.

8. Changes to this policy

We may update this Privacy Policy from time to time. We'll notify you of material changes by email or in-app notice.

9. Contact

Questions about this Privacy Policy or your data: [SUPPORT EMAIL].