1. Data We Collect
- Account data: your name, email, phone, company details, and role.
- Lead & CRM data: contacts, conversations, tasks, and notes you create or import from connected sources.
- Usage data: log events, device/browser info, and feature usage for security and product improvement.
- Billing data: plan, invoices, and payment status. Card details are handled by our payment gateways (Cashfree, PayPal) and are never stored on ASH servers.
2. How We Use Your Data
We use your data to provide and secure the platform, deliver lead-management features, process payments, provide support, send service communications, and comply with legal obligations. We do not sell your personal data.
3. Data Security
Sensitive fields (contact names, emails, phone numbers, API secrets) are encrypted at rest using AES-256-GCM. Data is isolated per tenant, access is role-controlled, auth uses HTTP-only cookies, and transport is secured over HTTPS. While we follow strong security practices, no system is perfectly secure.
4. Third-Party Providers
ASH relies on providers such as Supabase (database/auth), Resend (email), Cashfree and PayPal (payments), Sentry (error monitoring), and PostHog (analytics), plus any client-configured integrations (WhatsApp/Meta, IndiaMART, Justdial, Google). Data flows to these per their terms.
5. Client Responsibility
Clients control their own connected APIs and must use valid credentials, authorized numbers, lawful contact lists, and compliant communication practices.
6. Data Retention
We retain your data while your account is active and as required for legal, accounting, or security purposes. You may request export or deletion, subject to legal retention requirements.
7. Your Rights
You may access, correct, export, or request deletion of your personal data. To exercise these rights, contact us using the details below.
8. Changes
We may update this policy. Material changes will be communicated via the platform or email.