Aditya CRM - Privacy Policy

Welcome to the official Privacy Policy of Aditya CRM (Devolyt Technologies Pvt. Ltd.). This document explains how we collect, use, disclose, and protect personal and business data when you use our website, demo environments, or CRM services.

1. Introduction & Scope

At Aditya CRM (operated by Devolyt Technologies Pvt. Ltd.), we recognize that privacy and data protection are not just legal requirements but also fundamental elements of trust between our Company and our Customers. This Privacy Policy explains in detail the types of information we collect, why we collect it, how it is processed, the safeguards we apply, and the rights that individuals and organizations have over their information.

This Policy is designed to be comprehensive so that you — whether you are a visitor browsing adityacrm.com, a prospective Customer exploring our demos, or an existing Customer using our production CRM systems — clearly understand how your data is handled. We believe in transparency, accountability, and security when it comes to data usage.

The scope of this Policy extends to all types of interactions you may have with us, including:

  • Website Usage: Data collected when you visit, browse, or fill forms on our official website and related subdomains.
  • Demos & Sandbox Accounts: Information processed when you sign up for a demo, use sample environments, or participate in product walkthroughs.
  • Customer Accounts: Data processed when your business purchases, licenses, or actively uses Aditya CRM solutions.
  • Support Channels: Information shared via chat, email, tickets, or recorded calls for troubleshooting or assistance.
  • Proposals & Agreements: Data exchanged during the pre-sales process, including quotations, Statements of Work (SOWs), and contract negotiations.
  • Third-Party Integrations: Data transferred when you connect Aditya CRM with SMS providers, payment gateways, telephony systems, or other APIs.

By using any of these services, you consent to the practices described in this Privacy Policy. However, we also understand that every client engagement is unique. If you have a specific Proposal, Agreement, or SOW signed with us, that document will take precedence in the event of a conflict. This ensures that any custom data handling or compliance commitments agreed in writing override the general statements contained here.

Key Principles Governing This Policy:

  • Transparency: You have the right to know exactly how your data is being used.
  • Control: You maintain ownership of your CRM data and can exercise rights such as access, correction, deletion, or portability.
  • Security: We apply industry-standard security measures — encryption, restricted access, and monitoring — to protect your data.
  • Compliance: Our practices align with Indian IT & Data Protection laws, and for global clients, we strive to comply with international standards such as GDPR.
  • Limited Purpose: Data is processed only for legitimate business purposes, such as delivering services, providing support, ensuring security, and meeting contractual obligations.

In summary, this Privacy Policy is intended to empower you with knowledge about how we handle your personal, business, and CRM data. Whether you are just exploring Aditya CRM or already using it as a critical part of your business operations, you can rest assured that your privacy is a top priority for us.

2. Data We Collect

In the course of providing our CRM software, services, demos, and support, Aditya CRM (Devolyt Technologies Pvt. Ltd.) collects different categories of data. The type of data depends on whether you are a website visitor, a demo user, a prospective client, or an active Customer of our CRM systems. This section provides a detailed overview of the categories of data we collect, the context in which it is collected, and the purposes for which it may be used.

A. Personal & Contact Information

Collected when you interact with us through our website, demos, proposals, or support channels.

  • Full name, business name, designation, and professional title.
  • Email address, mobile/landline numbers, and office address.
  • Billing and tax details such as GST/VAT, PAN, or other identifiers when required for invoicing.
  • Optional information you provide in forms, such as company size, industry, or areas of interest.

Why we collect: To communicate with you, provide proposals, issue invoices, and maintain accurate business records.

B. Account & Authentication Data

Required to securely create and manage your CRM or demo account.

  • Username and encrypted password (hashed using secure algorithms).
  • Authentication tokens, one-time passwords (OTPs), and 2FA configurations.
  • Login timestamps, originating IP addresses, browser types, and device details for auditing and security monitoring.
  • Access logs to track and protect account activity against fraud or unauthorized use.

Why we collect: To secure your CRM account, verify your identity, and comply with audit requirements.

C. Customer CRM Data

Information uploaded by Customers into their CRM instance, which we process strictly as per contract.

  • Business leads, contacts, companies, deals, projects, and tasks.
  • Notes, meeting logs, call history, and attached files such as PDFs or spreadsheets.
  • Custom fields, workflows, and any structured/unstructured data the Customer chooses to import.
  • Email/SMS history, chat transcripts, or integrations linked to the CRM.

Why we collect: To enable core CRM functionalities such as sales tracking, reporting, and customer relationship management.
Note: Ownership of all CRM data always remains with the Customer. We act only as a processor on behalf of the Customer.

D. Transaction & Payment Data

Collected during the purchase or renewal of services.

  • Invoices, receipts, and transaction reference numbers.
  • Payment gateway details (transaction IDs, authorization codes).
  • Partial payment details for reconciliation (we do not store full card details unless explicitly agreed and managed via a certified PCI-DSS compliant provider).

Why we collect: To process payments, maintain financial records, and comply with accounting/legal requirements.

E. Support & Communication Data

Data generated when you request assistance or interact with our support team.

  • Support tickets, chat logs, and email correspondence.
  • Call recordings, where disclosure/consent has been obtained.
  • Issue reports, bug submissions, or screenshots provided during troubleshooting.

Why we collect: To resolve technical issues, improve service quality, and maintain support history for future reference.

F. Device, Usage & Analytics Data

Collected automatically when you use our website, demos, or CRM instances.

  • IP address, device type, operating system, and browser information.
  • Pages visited, time spent, session duration, and navigation paths.
  • Error logs, telemetry data, and performance metrics.
  • Feature usage statistics to improve product design and customer experience.

Why we collect: To monitor system performance, detect fraud, improve user experience, and optimize services.

G. Demo & Sandbox Data

Used exclusively for trial purposes and product demonstrations.

  • Synthetic or anonymized data provided by Aditya CRM for testing product features.
  • Optional Customer data uploaded into demo/sandbox environments (processed only with explicit consent).
  • Temporary records that are deleted once the demo or trial period ends.

Why we collect: To showcase product functionality, simulate real-world use cases, and allow prospects to evaluate the CRM before purchase.

Ownership & Responsibility

Customers remain the sole owners of all data uploaded to their CRM accounts. Aditya CRM acts only as a data processor under contract for Customer CRM data, and as a data controller for information we collect for our own business purposes (e.g., marketing, lead management, invoicing, or support).

3. How We Use Data

At Aditya CRM (Devolyt Technologies Pvt. Ltd.), we process data strictly for legitimate business purposes and in ways that are necessary to deliver, maintain, and improve our CRM services. We do not sell your data. This section explains in detail how we use different categories of data we collect, and why these uses are essential for both Customers and the Company.

A. Service Delivery
  • Storing and processing CRM records (contacts, leads, deals, notes, tasks) so that the CRM features operate as intended.
  • Enabling automation workflows such as reminders, follow-ups, and notifications.
  • Running reports and dashboards to give Customers visibility into sales pipelines, performance, and customer relationships.
  • Facilitating integrations with third-party services (SMS, email, payment gateways, telephony, APIs) that the Customer chooses to connect.

Why: Without this processing, the CRM platform cannot provide its intended functionality.

B. Account Administration
  • Creating, authenticating, and managing Customer and user accounts.
  • Assigning user licenses, roles, and permissions to control access.
  • Issuing invoices, recording payments, and reconciling financial transactions.
  • Managing renewal notices, subscription periods (if applicable), and upgrades/downgrades of plans.

Why: To ensure accurate billing, account security, and smooth administration of Customer relationships.

C. Support & Maintenance
  • Investigating and resolving technical issues reported through tickets, calls, or chat.
  • Debugging CRM errors, restoring data from backups, and ensuring uptime.
  • Providing help with setup, onboarding, and user training.
  • Tracking recurring issues to improve long-term stability of the platform.

Why: To guarantee uninterrupted operations, protect customer productivity, and meet contractual support obligations.

D. Security & Fraud Prevention
  • Monitoring login activity, unusual usage patterns, and suspicious behavior.
  • Blocking brute-force attempts, spam, or unauthorized data scraping.
  • Applying firewalls, intrusion detection, and anti-abuse mechanisms.
  • Investigating incidents and taking corrective actions (e.g., disabling compromised accounts).

Why: Security is critical to protecting customer data and maintaining trust.

E. Product Analytics & Improvement
  • Collecting aggregated, anonymized usage statistics to identify popular features and pain points.
  • Measuring performance (e.g., load times, error rates) to guide optimization.
  • Analyzing workflows to design more intuitive UI/UX improvements.
  • Experimenting with new features in beta environments and gathering user feedback.

Why: Continuous improvement ensures the CRM evolves with customer needs and market standards.

F. Communications
  • Sending transactional messages like invoices, password resets, and system alerts.
  • Sharing product updates, new features, and security advisories.
  • Marketing communications such as newsletters or promotional offers, only where legally permitted and with opt-in consent where required.
  • Engaging with Customers via support follow-ups, onboarding guidance, and educational resources.

Why: To keep Customers informed, ensure compliance with billing/legal processes, and provide relevant opportunities for growth.

G. Legal & Compliance
  • Responding to lawful requests from government, regulators, or courts.
  • Fulfilling tax obligations by maintaining accurate billing and financial records.
  • Complying with data protection laws such as the Indian IT Act or GDPR for international clients.
  • Enforcing our Terms & Conditions, license restrictions, and intellectual property rights.

Why: To operate within legal boundaries and protect both Customers and the Company.

H. Demo & Evaluation
  • Providing demo accounts, trial versions, or sandbox environments to prospects for evaluation.
  • Using synthetic or anonymized data to simulate real-world usage.
  • Processing live data in demos only when explicit client consent is obtained and confidentiality is ensured.
  • Analyzing demo usage patterns to improve trial experiences and product adoption rates.

Why: Demos allow prospects to experience CRM capabilities before making a purchase decision.

In conclusion, every category of data collected by Aditya CRM is used for specific, clearly defined, and lawful purposes. We never use data for hidden profiling or unauthorized selling. All processing is designed to deliver value to the Customer while ensuring compliance, transparency, and trust.

5. Data Sharing & Processors

Aditya CRM (Devolyt Technologies Pvt. Ltd.) values transparency in how customer and user data is shared. We do not sell, rent, or trade your data to third parties. Data is only shared when strictly necessary for service delivery, regulatory compliance, or when you explicitly authorize it. This section explains the different categories of recipients, the safeguards in place, and the laws that govern such transfers.

A. Subprocessors & Service Providers
  • Hosting & Infrastructure: We rely on secure cloud providers (e.g., AWS, DigitalOcean, Google Cloud, or customer-selected servers) for hosting CRM instances, data storage, and backup management. These providers are contractually required to follow strict data protection and security standards.
  • Payment Processors: To process transactions, we integrate with secure gateways like Razorpay, PayU, Stripe, and PayPal. Sensitive payment data (such as full card details) is never stored by us; instead, it is handled directly by PCI-DSS certified providers.
  • Communication Services: Email, SMS, and telephony services may involve trusted vendors such as Twilio, SendGrid, or Indian telecom providers. These vendors ensure compliance with TRAI (Telecom Regulatory Authority of India) and international communication laws.
  • Analytics & Monitoring: We may use analytics tools for performance monitoring, usage trends, and bug tracking (e.g., Google Analytics, Mixpanel, or self-hosted platforms). Data is anonymized or aggregated wherever possible to reduce personal data exposure.
  • Data Processing Agreements (DPAs): Every subprocessor we engage must sign a DPA with us, ensuring GDPR-level protections (where applicable) and alignment with Indian IT Act, 2000 obligations under Section 43A (reasonable security practices).
B. Business Transfers & Corporate Restructuring
  • In scenarios like mergers, acquisitions, corporate restructuring, or partial sale of assets, personal and business data may be transferred to the acquiring entity.
  • We will provide advance notice to customers wherever legally required and ensure that the acquiring party continues to uphold equivalent or stronger privacy and data protection commitments.
  • Customers may exercise their right to request data deletion or export before such transfer, in line with GDPR Article 20 (Data Portability).
C. Legal & Regulatory Disclosures
  • We may be legally required to disclose data to government authorities, regulators, courts, or law enforcement agencies.
  • Typical examples include:
    • Tax Authorities: Disclosures under the Indian Income Tax Act, 1961.
    • Law Enforcement: Requests under the Indian IT Act, 2000 or Indian Telegraph Act, 1885 (Section 5(2)).
    • Cybersecurity Incidents: Reporting obligations under CERT-In Directions, 2022.
  • We only comply with lawful requests that meet the due process of law, and we document such disclosures to ensure accountability.
D. With Customer Authorization
  • We only share data with third parties when you, the customer, explicitly authorize it through settings, proposals, or agreements.
  • Examples include:
    • Authorizing a third-party consultant or integrator to access your CRM data for setup or training.
    • Enabling integrations with third-party apps like WhatsApp API, accounting tools (Tally, QuickBooks), or payment gateways.
    • Sharing anonymized case studies, success metrics, or testimonials where written consent is provided.
  • Access granted under authorization is strictly limited to the scope defined by the customer. Any misuse may lead to suspension of access and termination of related agreements.
E. Safeguards for International Transfers
  • If data is transferred outside India, such as to EU/US-based servers, we implement adequate safeguards like Standard Contractual Clauses (SCCs) under GDPR.
  • For Indian customers, cross-border transfers are permitted under the Indian IT Act, 2000, provided adequate security measures are ensured.
  • We ensure that vendors located in jurisdictions without equivalent data protection laws commit to contractual protections and secure processing practices.
Summary of Principles
  • No Unnecessary Sharing: Data is only shared on a need-to-know basis.
  • Transparency: Customers are informed of subprocessors and can request a current list of engaged vendors.
  • Accountability: All subprocessors are contractually bound to data protection and confidentiality obligations.
  • Lawful Disclosures Only: No data is disclosed without a valid legal basis or customer authorization.

In short, Aditya CRM shares data responsibly, securely, and lawfully. Whether it is cloud hosting, billing, communication, or government compliance, every data transfer is guided by contractual safeguards, applicable laws, and international best practices. Customers remain the primary owners of their CRM data, and sharing never undermines that ownership.

6. Cookies & Tracking

Aditya CRM (Devolyt Technologies Pvt. Ltd.) uses cookies and similar tracking technologies to deliver a secure, efficient, and personalized experience for visitors and customers. Cookies are small text files stored on your device when you access our website or services. They help us recognize users, maintain sessions, analyze performance, and provide tailored content. This section explains the categories of cookies we use, their purpose, your choices, and the legal frameworks that govern cookie usage.

A. Categories of Cookies We Use
  • Essential Cookies:
    • Enable basic functions like login, authentication, and secure session management.
    • Used to protect against fraud, CSRF attacks, and unauthorized access.
    • Without these cookies, our website and CRM systems cannot operate properly.
  • Performance & Analytics Cookies:
    • Collect anonymized or aggregated data about how users interact with our site and product features.
    • Examples: Page load times, most visited pages, crash/error tracking, feature adoption.
    • Tools may include Google Analytics, Mixpanel, or self-hosted analytics solutions.
    • Helps us improve usability, stability, and customer satisfaction.
  • Functional Cookies:
    • Store user preferences such as language, region, theme, or UI settings.
    • Enable smoother experiences like remembering login sessions across visits.
    • Do not collect personally sensitive data but enhance convenience.
  • Advertising & Marketing Cookies:
    • Used only with user consent (in compliance with GDPR, ePrivacy Directive, and Indian DPDP Act, 2023).
    • Help us measure campaign effectiveness, show relevant ads, and avoid repeating the same ads to users.
    • Examples: Google Ads tags, Facebook Pixel, LinkedIn Insights.
    • Marketing cookies are optional — you can opt-out at any time.
B. Tracking Technologies Beyond Cookies
  • Web Beacons: Small graphic files embedded in emails or web pages to track engagement.
  • Local Storage: Browser-based storage used for faster data access and offline features.
  • Session Storage: Temporary browser storage cleared when the session ends.
  • Third-Party Tags: JavaScript tags embedded for analytics, ads, or integrations — subject to third-party privacy policies.
C. Legal & Regulatory Compliance
  • India: We comply with the Digital Personal Data Protection (DPDP) Act, 2023 and IT Act, 2000 provisions regarding consent and data usage.
  • EU/UK: Our cookie usage aligns with GDPR (General Data Protection Regulation) and the ePrivacy Directive, requiring consent before placing non-essential cookies.
  • USA: Where applicable, we respect state-level laws such as the California Consumer Privacy Act (CCPA).
  • Consent Banners: On our websites, you may see cookie consent banners to manage preferences for marketing and tracking cookies.
D. User Choices & Controls
  • You can control or delete cookies at any time through your browser settings.
  • Options include blocking all cookies, accepting only first-party cookies, or deleting cookies after each session.
  • Please note: Disabling essential cookies may break core functionality (e.g., login, dashboards, transactions).
  • Marketing cookies are fully optional and can be opted out without affecting core services.
E. Transparency on Third-Party Cookies
  • Some cookies are placed by trusted third-party vendors (e.g., Google, Meta, LinkedIn).
  • Each vendor operates under its own Privacy Policy and Terms of Service.
  • We maintain an updated list of subprocessors and third-party cookie providers — available on request.

Summary: Cookies are vital to ensure secure logins, protect sessions, monitor performance, and enhance usability. Non-essential cookies (such as marketing or tracking) are only used with your explicit consent. You always remain in control — with full rights to manage, delete, or block cookies according to your preferences and applicable privacy laws.

7. Data Retention

Aditya CRM (Devolyt Technologies Pvt. Ltd.) follows a strict data minimization and retention policy. We retain information only for as long as it is necessary to achieve the purposes outlined in this Privacy Policy, to comply with applicable legal, tax, accounting, and regulatory obligations, and to enforce contractual agreements. Once the retention period ends, data is securely deleted, anonymized, or archived in compliance with industry best practices and applicable laws.

A. Categories of Data and Retention Periods
  • Account & Billing Records:
    • Includes invoices, tax information (GST/VAT), contracts, and payment records.
    • Retained for statutory periods such as 6–8 years (depending on jurisdiction, e.g., Indian Income Tax Act, EU VAT rules, US IRS regulations).
    • Required for legal compliance, audit trails, fraud prevention, and dispute resolution.
  • Customer CRM Data:
    • Includes customer-provided data such as leads, contacts, sales pipelines, notes, call logs, and attachments.
    • Retained only for the duration of the active customer relationship and a limited period thereafter (typically 30–90 days unless otherwise agreed in the contract or Statement of Work).
    • Customers may request export and deletion of their CRM data at any time, subject to applicable contract terms.
  • Support Tickets & Communication Records:
    • Includes support tickets, chat logs, email correspondence, and call recordings.
    • Retained for a period of 12–24 months for quality assurance, training, troubleshooting, and auditing purposes.
    • May be anonymized for internal analytics once active retention needs expire.
  • System Logs & Security Data:
    • Includes login records, error logs, IP addresses, authentication attempts, and device identifiers.
    • Typically retained for 6–18 months in line with IT security standards and regulatory requirements (such as CERT-In directives in India or GDPR Art. 32).
    • Older logs may be aggregated or anonymized for long-term trend analysis.
  • Aggregated Analytics Data:
    • Non-identifiable, anonymized usage data (e.g., feature usage, performance metrics, session counts).
    • May be retained indefinitely to improve product features, stability, and customer experience.
    • Contains no personal identifiers once anonymized.
B. Data Deletion & Customer Rights
  • When a customer account is terminated, we initiate a data deletion process within a defined timeframe (typically 30–60 days).
  • Customers may request a final data export in structured formats such as CSV, JSON, or SQL dump before deletion.
  • Backups may retain copies of deleted data for an additional 30–90 days due to automated backup cycles. Once expired, backups are overwritten or purged securely.
  • Deletion requests under applicable laws such as GDPR (Right to Erasure – Article 17) or the Indian DPDP Act, 2023 are honored within legally mandated timeframes.
C. Exceptions to Retention
  • Data may be retained longer if required by law, government authorities, or ongoing legal disputes.
  • Regulatory bodies (e.g., Income Tax Department, SEBI, RBI, GDPR supervisory authorities) may mandate retention for compliance and auditing.
  • We may retain limited identifiers (such as invoice numbers, payment confirmations) for permanent record-keeping where legally necessary.

Summary: Aditya CRM retains different categories of data for specific, legally justified periods. Customers always remain the owners of their CRM data and can request export or deletion in line with contract terms and applicable privacy regulations. Once the retention window closes, data is securely purged or anonymized to protect confidentiality.

8. Security Measures

Aditya CRM (Devolyt Technologies Pvt. Ltd.) takes the security of Customer data very seriously. We apply a layered, defense-in-depth approach that combines technical, organizational, and procedural safeguards to minimize risks of unauthorized access, misuse, disclosure, or loss of information. Security is built into every stage of our operations — from product design and software development to deployment, hosting, and ongoing support.

A. Technical Security Measures
  • Encryption: All communications are encrypted in transit using Transport Layer Security (TLS 1.2/1.3). Sensitive data is encrypted at rest using industry-standard algorithms (e.g., AES-256) where applicable.
  • Access Controls: Role-based access control (RBAC) and the principle of least privilege are strictly enforced. Admin rights are restricted and granted only to authorized personnel who require access for operational duties.
  • Authentication: Multi-factor authentication (MFA/2FA) is supported and encouraged for all accounts. Passwords are stored using strong hashing algorithms (bcrypt/argon2).
  • Network Security: Firewalls, VPNs, and intrusion detection systems (IDS/IPS) protect against unauthorized network activity.
B. Application & Development Security
  • Secure Software Development Lifecycle (SDLC): Security best practices are integrated into design, coding, and testing phases.
  • Code Review & QA: All critical code changes undergo peer review and automated testing to reduce vulnerabilities.
  • Vulnerability Scanning: Regular scans are performed to detect known security flaws in dependencies and application layers.
  • Penetration Testing: Periodic third-party penetration tests are conducted to assess system resilience against real-world threats.
C. Operational & Organizational Measures
  • Logging & Monitoring: Continuous monitoring of system activity, login attempts, and anomaly detection to identify suspicious behavior.
  • Incident Response Plan: A formal incident response process is in place to investigate, mitigate, and notify stakeholders in case of a breach, in compliance with applicable laws (such as GDPR Art. 33/34 and India’s CERT-In guidelines).
  • Data Backups: Encrypted backups are created on a regular schedule. Disaster recovery and restoration procedures are tested periodically.
  • Employee Training: Employees undergo regular training on cybersecurity, phishing prevention, and data protection awareness.
D. Compliance & Regulatory Alignment
  • Security controls are aligned with international standards such as ISO/IEC 27001, NIST Cybersecurity Framework, and OWASP guidelines.
  • We comply with Indian IT Act 2000 (as amended), DPDP Act, 2023, and global standards like GDPR for applicable customers.
  • Audit logs and security reports are retained for compliance, audit, and regulatory inspections.
E. Customer Responsibilities
  • Customers must protect their login credentials and ensure strong password hygiene.
  • Customers should implement internal access controls for their users (e.g., role-based permissions, disabling inactive accounts).
  • Customers are encouraged to enable two-factor authentication (2FA) and follow best practices for device and endpoint security.

Disclaimer: While Aditya CRM employs industry-leading safeguards and constantly monitors emerging cybersecurity risks, no system can guarantee 100% absolute security. Security is a shared responsibility, and Customers must also adopt good practices within their organizations to protect data.

9. International Transfers

Aditya CRM (Devolyt Technologies Pvt. Ltd.) operates in a global environment. This means that in the course of delivering our services, certain categories of data may be transferred outside your country of residence, including but not limited to transfers to servers, data centers, cloud providers, or subcontractors located in India and other jurisdictions. Such transfers are necessary to ensure seamless delivery of CRM services, integrations, and support functions.

A. Nature of Cross-Border Transfers
  • Data may be transferred to India, where our primary operational and support teams are located.
  • Subprocessors and service providers may operate globally (e.g., cloud platforms in the US, EU, or Asia-Pacific regions).
  • International transfers may occur for hosting, payment processing, analytics, communication services, or customer support.
B. Safeguards Implemented
  • We ensure that all transfers comply with applicable data protection laws, including the Indian DPDP Act, 2023, GDPR (General Data Protection Regulation), and other relevant local laws.
  • Data Processing Agreements (DPAs): We sign legally binding DPAs with subprocessors to ensure they meet equivalent security and privacy standards.
  • Standard Contractual Clauses (SCCs): For EU/UK data subjects, we rely on SCCs approved by the European Commission or UK authorities for lawful transfers outside the EEA/UK.
  • Technical Safeguards: Encryption, access control, and pseudonymization are applied to data in transit and at rest to minimize risks during transfer.
C. Rights of International Customers
  • EU/UK Customers may request details of cross-border transfer mechanisms, including copies of SCCs or DPAs, subject to redaction for confidentiality.
  • Customers can request that their data be stored and processed exclusively within specific regions, subject to feasibility and contract terms.
  • All Customers, regardless of jurisdiction, retain ownership of their CRM data as outlined in the Data & Privacy section.
D. Compliance With Local Regulations
  • India: Transfers comply with the Digital Personal Data Protection (DPDP) Act, 2023, including obligations related to data fiduciaries and cross-border data flows.
  • European Union: Transfers outside the EEA comply with GDPR Chapter V, including SCCs, adequacy decisions, and additional safeguards where required.
  • United States & Other Regions: Where transfers are made to jurisdictions with varying data protection laws, we implement strict contractual and technical safeguards to ensure protection equivalent to global standards.
E. Customer Transparency
  • We maintain a list of key subprocessors that may handle Customer data and make this available upon request.
  • Customers will be notified of material changes to subprocessors that affect cross-border transfers, in line with contractual commitments.

In summary, Aditya CRM takes a lawful, transparent, and secure approach to cross-border transfers. Customers can be confident that their data, whether hosted in India or another jurisdiction, is always protected by robust legal agreements, internationally recognized safeguards, and industry-standard security measures.

10. Your Rights

Aditya CRM (Devolyt Technologies Pvt. Ltd.) respects the rights of all individuals regarding their personal data. Depending on your country of residence and the applicable laws (such as the Indian DPDP Act, 2023, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, or the California Consumer Privacy Act (CCPA)), you may exercise one or more of the rights described below. These rights help you maintain control and transparency over how your personal data is collected, stored, and used.

A. Core Rights Available to All Users
  • Right of Access: You can request confirmation of whether we process your data and obtain a copy of the personal data we hold about you, along with related details such as the purpose of processing and categories of data.
  • Right to Correction/Rectification: You can request that inaccurate, incomplete, or outdated data be corrected or updated to ensure accuracy and relevance.
  • Right to Data Portability: Where applicable, you may request an export of your data in a structured, machine-readable format (e.g., CSV, JSON) so it can be transferred to another service provider.
  • Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data when it is no longer required for its original purpose, if you withdraw consent, or if processing was unlawful. Note: Certain legal, contractual, or technical limitations (e.g., data in backups or required for tax compliance) may delay or restrict full erasure.
  • Right to Restrict Processing: You can ask us to temporarily stop processing your data under specific circumstances, such as when accuracy is contested or when you object to processing pending resolution.
  • Right to Object: You may object to data processing carried out under legitimate interest (e.g., analytics, marketing). If your objection is valid, we will stop processing your data unless overriding legal or contractual obligations apply.
  • Right to Withdraw Consent: If our processing is based on your explicit consent (e.g., marketing communications, demo recordings), you may withdraw consent at any time. This will not affect lawful processing conducted prior to withdrawal.
B. Additional Rights under Specific Laws
  • GDPR/UK Law: You may request details of safeguards applied to cross-border data transfers, and you have the right to lodge a complaint with your local supervisory authority.
  • Indian DPDP Act, 2023: You have the right to know how your data is processed, nominate a representative to exercise your rights in case of incapacity or death, and request correction or erasure directly from the Data Fiduciary (Aditya CRM).
  • California CCPA/CPRA: You have the right to opt out of the “sale” or “sharing” of personal information (we do not sell personal data), and the right to request disclosure of categories of personal data collected over the past 12 months.
C. How to Exercise Your Rights
  • You may submit requests by contacting us through the details provided in the Contact section.
  • For your protection, we may require reasonable proof of identity before processing any rights request.
  • Requests will be processed free of charge unless they are excessive or manifestly unfounded, in which case we may charge a reasonable administrative fee.
  • We will respond to requests within the timeframe required by applicable law (typically 30 days, extendable by an additional 30 days for complex requests).
D. Important Notes
  • Some rights may be limited if fulfilling them would conflict with legal obligations, contractual commitments, or security requirements.
  • In cases where data is stored in backups, complete deletion may take additional time until backups are refreshed.
  • Exercising your rights does not affect the lawfulness of data processing carried out prior to your request.

In summary, you have full transparency and control

11. Children’s Privacy

Aditya CRM (Devolyt Technologies Pvt. Ltd.) provides software and services intended strictly for use by businesses, organizations, and their authorized adult representatives. Our CRM systems, demo platforms, and websites are not designed or marketed for children, nor do we intentionally collect, store, or process personal information belonging to minors under the legal age of consent as defined by applicable law.

A. Age Restrictions
  • Under the Children’s Online Privacy Protection Act (COPPA – United States), we do not knowingly collect data from children under the age of 13.
  • Under the General Data Protection Regulation (GDPR – EU/UK), we do not knowingly collect data from children under the age of 16 (or the local equivalent age of consent, which may vary by country between 13–16 years).
  • Under the Digital Personal Data Protection Act, 2023 (DPDP Act – India), we do not knowingly process data from children under the age of 18 without parental consent.
B. No Intentional Collection
  • Our products are designed for B2B use (business-to-business), not for individual minors.
  • We do not knowingly request, encourage, or collect any information such as names, email addresses, contact details, or usage data from children.
  • If a CRM customer uploads data that includes children’s personal information (for example, in industries like schools or education), the customer is fully responsible for obtaining the necessary parental or guardian consents before using our systems.
C. Parental or Guardian Rights
  • If you are a parent or guardian and believe that your child’s personal information may have been provided to us without your consent, you have the right to request deletion.
  • To exercise this right, please contact us using the details provided in the Contact section of this Privacy Policy.
  • Upon receiving a valid request, we will take prompt action to delete such data from our systems, unless retention is required by law.
D. Customer Responsibilities
  • Customers using Aditya CRM in contexts where children’s data may be processed (such as schools or training institutions) must ensure compliance with all applicable child data protection laws.
  • Such customers act as data controllers/fiduciaries and are responsible for obtaining necessary consents, providing notices, and safeguarding such data.
  • Aditya CRM acts only as a data processor under contractual instructions and does not assume responsibility for improper use of children’s data uploaded by customers.
E. Continuous Review

We continuously review and update our systems and policies to ensure that children’s data is not inadvertently collected or misused. Our internal compliance teams monitor relevant laws, including COPPA, GDPR, and India’s DPDP Act, to ensure that our practices remain aligned with global data protection standards.

In summary, Aditya CRM does not knowingly collect or process children’s personal data. If such data is identified in our systems, we take immediate steps to remove it, unless legally required otherwise. The responsibility for lawful collection and consent rests with our business customers when their operations involve children’s information.

12. Changes to this Policy

Aditya CRM (Devolyt Technologies Pvt. Ltd.) reserves the right to revise, update, or amend this Privacy Policy from time to time in order to reflect changes in law, regulatory requirements, industry practices, technological developments, or our own business operations. We are committed to ensuring that such changes are communicated in a transparent manner so that you remain fully informed of how your personal and business data is collected, used, stored, and shared.

A. How We Communicate Changes
  • All updates will be published on this page of our official website (www.adityacrm.com) with a clear "Last Updated" date.
  • For significant updates — such as changes to how we collect or process personal data, new data sharing practices, or updates required under law — we may also provide additional notifications via email, platform alerts, or contractual addendums.
  • Minor textual or clarifying updates may be made without prior notice, but they will always be reflected on this page with the updated date.
B. Legal & Regulatory Compliance
  • Under the Digital Personal Data Protection Act, 2023 (DPDP Act – India), we are obligated to keep data subjects informed about how their data is processed. Updates to this Policy form part of that obligation.
  • For EU/UK residents (GDPR/UK GDPR), any material change that affects the legal basis of processing, cross-border transfers, or individual rights will be communicated in accordance with GDPR’s transparency requirements (Articles 12–14).
  • For customers in other jurisdictions, we will comply with local data protection and consumer laws when providing notice of changes.
C. Effect of Changes
  • Unless otherwise stated, changes to this Privacy Policy take effect immediately upon posting to our website.
  • By continuing to access or use our website, demos, CRM systems, or services after the updated version is published, you are deemed to have accepted the revised Policy.
  • If you do not agree with the updated Policy, you must discontinue using our services and may exercise your rights as described in the Your Rights section.
D. Impact on Contracts
  • For customers under an active signed Proposal, Agreement, or Statement of Work (SOW), the specific contract terms shall always take precedence over this general Privacy Policy where there is any conflict.
  • If contractual customers wish to adopt updated privacy provisions, both parties may mutually agree in writing via an amendment or addendum.
E. Recommendation for Users
  • We strongly recommend that all customers and users review this Privacy Policy periodically — at least once every quarter — to remain aware of the most current practices.
  • For organizations subject to strict compliance frameworks (such as ISO 27001, HIPAA, or GDPR), reviewing our Privacy Policy updates will help ensure your own compliance obligations are met.

In conclusion, Aditya CRM ensures that any updates to this Privacy Policy will be transparent, legally compliant, and clearly communicated. Customers under contract are protected by their signed agreements, while all other users are encouraged to check this page regularly. By continuing to use our Services after updates, you acknowledge and accept the most recent version of this Policy as binding.

13. Contact & DPO

If you have questions, data access requests, or privacy concerns, please contact our team:

Company: Aditya CRM
Email: info@adityacrm.com
Phone: +91 8882653043
Address: Sector 62, Noida, Uttar Pradesh, India

If you are not satisfied with our response to a privacy-related inquiry, you may have the right to escalate the matter to an external authority. We take all privacy complaints seriously and encourage you to first contact our Data Protection Officer (DPO) at info@adityacrm.com for resolution. However, depending on your place of residence and applicable law, you may also have the right to lodge a complaint with the relevant supervisory authority:

  • India: Under the Digital Personal Data Protection Act, 2023 (DPDP Act), complaints may be escalated to the Data Protection Board of India (DPBI) once it becomes operational.
  • European Union: Residents may contact their local Data Protection Authority (DPA) as provided under the General Data Protection Regulation (GDPR), e.g., CNIL (France), ICO (UK), or equivalent.
  • United States: Depending on state law, you may contact authorities such as the Federal Trade Commission (FTC) or state Attorneys General offices.
  • Other Jurisdictions: If you reside outside these regions, you may approach the competent data protection or consumer protection authority in your country.

We encourage customers to seek resolution with us first so that issues can be addressed quickly and effectively. Lodging a complaint with a government authority does not affect your ability to pursue other remedies under your contract with us or under applicable law.

14. Disclaimer & Relationship to Contracts

This Privacy Policy serves as a general, publicly available template that outlines how Aditya CRM (Devolyt Technologies Pvt. Ltd.) typically handles data protection, privacy, and security matters. It applies broadly to all website visitors, demo users, prospects, and customers who interact with our systems. However, please note that this document is not exhaustive and does not replace the specific terms, conditions, and obligations that may be set out in a Proposal, Agreement, or Statement of Work (SOW) signed between Aditya CRM and an individual customer.

In practice, when we enter into formal agreements with customers, those agreements often include additional Data Protection Addendums (DPA) or privacy-specific provisions that go into much greater detail. For example, such documents may specify:

  • Categories of Data: A precise list of the types of personal, business, or system data processed on behalf of the customer, and the specific purposes for which processing is permitted.
  • Subprocessors & Vendors: Identification of all third-party vendors, hosting providers, or integration partners involved, along with their roles and responsibilities in handling data.
  • Security Standards: Technical and organizational measures customized for the project, including encryption configurations, frequency of backups, retention periods, and disaster recovery procedures.
  • Data Subject Rights: How customer requests for data access, rectification, export, or deletion will be handled within agreed timelines.
  • Breach Notifications: Steps to be followed in the event of a data breach, including notice periods, escalation levels, and liability allocation between Aditya CRM and the customer.
  • Termination Handling: Specific commitments around data deletion, return of customer data, and certification of destruction when an agreement ends.
  • Audit Rights: Provisions that may allow the customer or regulators to audit certain aspects of our data handling processes.

In the event of a conflict between this general Privacy Policy and a customer-specific Proposal, SOW, Agreement, or DPA, the signed contractual document will always take precedence. This ensures that each customer engagement has tailored, binding rules that govern the specific services being delivered. Nevertheless, this public Privacy Policy remains important because it provides a baseline of transparency to all stakeholders — including website visitors, prospects, partners, and regulators — about our usual approach to data protection, even outside of formal contractual relationships.

Customers and prospects are encouraged to review their specific agreements for details unique to their engagement. If you have questions about how this Policy interacts with your signed contract, please reach out to our support or legal team using the details provided in the Contact section.

Aditya CRM
Aditya CRM
Let’s Connect
Copyright © 2025 Aditya CRM

Contact Us

Copyright © 2025 Aditya CRM
WhatsApp