1. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our websites and web applications
• Companies registering or subscribing to LeadsForce360
• Authorized users, employees, and field executives using the platform
• Data processed on behalf of our business customers

LeadsForce360 acts as: a Data Processor for employee, lead, and customer data uploaded by client organizations, and a Data Controller for its own business, billing, account, and operational data.

2. Information We Collect

2.1 Company & Account Information We may collect:

• Company or organization name
• Business email address
• Contact person name
• Phone number
• GST and other business identifiers (if applicable)
• Subscription plan details, selected services, and user limits

2.2 User & Employee Information

When companies use LeadsForce360, we may process:

• Employee or user names, roles, and system user IDs
• Attendance punch-in and punch-out records
• Visit check-in and check-out data
• GPS location only at the time of attendance or visit actions
• Uploaded images, notes, visit outcomes, and task details
• Activity timestamps, logs, and audit trails

This data is collected strictly for business operations, including attendance tracking, visit verification, reporting, and performance analytics.

2.3 Communication & Engagement Data

If enabled by the customer, LeadsForce360 may process:

• WhatsApp or messaging metadata (timestamps, delivery status)
• Email campaign activity (delivery, open, and engagement logs)
• Call interaction logs, call status, and call notes
• Campaign analytics and engagement metrics

LeadsForce360 does not monitor or access personal conversations beyond what is required to deliver the service.

2.4 Payment & Billing Information

Payments are securely handled by third-party payment gateways such as Razorpay. LeadsForce360:

• Does not store credit card, debit card, UPI, or banking credentials
• Stores only transaction references, subscription IDs, invoices, and billing status for compliance and record-keeping

2.5 Technical & Usage Data

We automatically collect limited technical data, including:

• IP address
• Browser type and device information
• Log files and usage statistics
• Cookies and session identifiers

This data is used for security, analytics, troubleshooting, and performance optimization.

3. How We Use Your Information

We use collected information to:

• Create and manage company accounts
• Deliver CRM, lead management, and field-force services
• Enable WhatsApp, email, and campaign automation
• Process subscriptions, trials, and payments
• Provide dashboards, analytics, and operational reports
• Ensure platform security and prevent fraud
• Improve features, usability, and performance
• Comply with legal, regulatory, and contractual obligations

4. Data Storage, Authentication & Security

We implement a defense-in-depth security framework to protect personal, business, and operational data in accordance with Indian law, including the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

• Authentication & Identity Security: Secure JWT-based authentication using RS256 (public–private key cryptography)
• Tokens are digitally signed by a centralized authorization service and verified using public keys
• Role-based and tenant-aware claims enforce user identity, permissions, and company-level isolation
• Token expiration and refresh mechanisms reduce the risk of unauthorized access
• Tenant-Based Data Isolation: Multi-tenant architecture with strict logical separation
• Each company’s data is accessible only within its authorized tenant scope
• Cross-tenant access is technically restricted, logged, and monitored
• Data Protection & Encryption: Encrypted data transmission using HTTPS / TLS
• Encryption of sensitive data at rest where applicable
• Secure key-management practices to protect cryptographic materials
• Infrastructure & Access Controls: Hosted on secure cloud infrastructure with restricted network access
• Role-Based Access Control (RBAC) limits data access to authorized users
• Administrative access is logged, monitored, and audited
• Monitoring, Logging & Compliance: Continuous system monitoring, audit logging, and anomaly detection
• Regular vulnerability assessments and security updates
• Security practices aligned with confidentiality, integrity, availability, and data-minimization principles

5. Location & Tracking Data

• GPS location is collected only during attendance punch-in/punch-out or visit actions
• No continuous or background location tracking is performed
• Field tracking starts only after punch-in and automatically stops on punch-out, leave, or day-off
• Location data is used solely for verification, reporting, audit, and operational compliance purposes
• Access to location data is governed by company-defined policies and limited to authorized roles
• Location data is not used for surveillance, marketing, profiling, or sold to third parties

6. Cookies & Tracking Technologies

LeadsForce360 uses cookies and similar technologies to:

• Maintain secure login sessions
• Enable core platform functionality
• Improve performance and user experience
• Analyze usage trends

Disabling cookies may limit certain platform features.

7. Data Sharing & Disclosure

We do not sell, rent, or trade personal or business data. We may share limited and necessary data only with:

• Payment processors (e.g., Razorpay) – billing references and transaction status
• Cloud hosting and infrastructure providers – securely stored application data
• Messaging and communication service providers – contact details and delivery metadata
• Legal or regulatory authorities – where required by law

All third parties are contractually bound by confidentiality and data-protection obligations.

8. Data Retention

Data is retained for the duration of an active subscription. After subscription termination, data may be retained for:

• Legal and regulatory compliance
• Audit and accounting requirements
• Dispute resolution

Customers may request data export or deletion, subject to applicable laws.

9. Your Rights & Choices

Subject to applicable laws, you may have the right to:

• Access your data
• Request correction of inaccurate information
• Request deletion of data (where legally permitted)
• Deactivate or terminate your account

Requests can be submitted through our official support channels.

10. Third-Party Services & Links

LeadsForce360 may integrate with third-party services such as messaging platforms, email providers, and payment gateways.

We are not responsible for the privacy practices of these third parties. Please review their policies separately.

11. Children’s Privacy

LeadsForce360 is a business-focused platform and is not intended for individuals under 18 years of age.

We do not knowingly collect data from minors.

12. Compliance With Indian Law

This Privacy Policy complies with:

• Information Technology Act, 2000
• IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Applicable consumer and data-protection laws in India

13. Changes to This Policy

We may update this Privacy Policy from time to time.

Updates will be posted on this page with a revised “Last Updated” date. Continued use of the Services constitutes acceptance of the revised policy.

14. Contact Information

For privacy-related questions or requests:

• 📧 Email: support@leadsforce360.com
• 🌐 Website: https://www.leadsforce360.com

WinishTech IT Solutions Pvt. Ltd.