Uppal CRM

Privacy Policy

Effective Date: March 2026 Last Updated: March 2026

Uppal Solutions (“UppalCRM,” “we,” “us,” or “our”) operates the UppalCRM platform at app.uppalcrm.com. This Privacy Policy explains how we collect, use, store, and protect information when you use our services.

1. Who We Are

UppalCRM is a cloud-based Customer Relationship Management (CRM) platform purpose-built for software licensing businesses. We act as a data processor on behalf of our customers (organizations that subscribe to UppalCRM), who are the data controllers of their end-customer data.

Contact:

Email: privacy@uppalcrm.com

Website: uppalcrm.com

2. Information We Collect

2.1 Account Information (Data We Control)

When you sign up for UppalCRM, we collect:

  • Organization name and business details
  • Administrator name and email address
  • Team member names and email addresses
  • Billing and subscription information
  • Login credentials (passwords are hashed and never stored in plain text)

2.2 CRM Data (Data We Process on Your Behalf)

When you use UppalCRM, you and your team store customer data within the platform. This may include:

  • Contact names, email addresses, phone numbers, and mailing addresses
  • Account and licensing information (including MAC addresses and device details)
  • Transaction and payment records
  • Lead information and interaction history
  • Notes, communication logs (SMS, WhatsApp, calls), and follow-up schedules
  • Any data entered into custom fields configured by your organization

Important: We process this data strictly on your behalf and under your instructions. We do not access, analyze, sell, or use your CRM data for any purpose other than providing the UppalCRM service to you.

2.3 Usage Data (Collected Automatically)

When you use our platform, we automatically collect:

  • IP address
  • Browser type and version
  • Pages viewed and features used within the platform
  • Session duration and login timestamps
  • Device type and operating system

This data is used solely to maintain, improve, and secure the platform.

3. How We Use Your Information

We use your information for the following purposes:

  • Providing the service: To operate UppalCRM, authenticate users, and deliver CRM functionality.
  • Account management: To manage your subscription, process billing, and communicate about your account.
  • Security: To detect and prevent unauthorized access, fraud, and abuse.
  • Platform improvement: To understand usage patterns and improve the performance and usability of UppalCRM.
  • Communications: To send service-related notifications, such as maintenance alerts, security notices, and product updates. You can opt out of non-essential communications at any time.
  • Legal compliance: To comply with applicable laws and respond to lawful requests from authorities.

We do not use your data for:

  • Advertising or ad targeting
  • Selling to third parties
  • Training AI or machine learning models
  • Profiling or automated decision-making about individuals

4. How We Share Your Information

We do not sell your data. We share information only with the following categories of service providers, strictly as needed to deliver the UppalCRM service:

Service Provider  Purpose  Data Shared  
Microsoft Azure  Database hosting and backup  All CRM data (encrypted at rest and in transit)  
Render  Application hosting  Application data in transit  
Twilio  SMS, WhatsApp, and voice communications  Phone numbers and message content (when you use communication features)  
Brevo  Transactional email delivery  Email addresses and email content (for system emails)  

We require all service providers to maintain appropriate security measures and to process data only as instructed by us.

We may also disclose information if required by law, court order, or government request, or if necessary to protect the rights, safety, or property of UppalCRM, our customers, or the public.

5. Data Storage and Security

  • Location: Your data is stored in Microsoft Azure’s West US 2 data center in the United States.
  • Encryption at rest: AES-256 encryption managed by Microsoft Azure.
  • Encryption in transit: TLS 1.2 or higher on all connections.
  • Password protection: All passwords are hashed using bcrypt with per-user salts.
  • Tenant isolation: Row-Level Security (RLS) enforced at the database level ensures your data is completely isolated from other customers.
  • Backups: Automated daily backups with 35-day retention and geo-redundant storage.

For more details on our security practices, visit our Security page at uppalcrm.com/security.

6. Data Retention

  • Active accounts: We retain your data for as long as your UppalCRM subscription is active.
  • After cancellation: Your data is retained for 30 days following account cancellation to allow for reactivation or data export. After 30 days, all data is permanently and irreversibly deleted, including from backups as they cycle out of the 35-day retention window.
  • Usage data: Aggregated, non-identifiable usage data may be retained indefinitely for platform analytics.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Export: Export your CRM data in CSV format at any time through the platform.
  • Restriction: Request that we limit our processing of your data in certain circumstances.
  • Objection: Object to our processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@uppalcrm.com. We will respond within 30 days.

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

Our legal basis for processing your personal data is:

  • Contractual necessity: Processing required to provide the UppalCRM service under your subscription agreement.
  • Legitimate interest: Processing for platform security, fraud prevention, and service improvement.
  • Consent: Where we rely on consent (e.g., for marketing emails), you may withdraw consent at any time.

For California Residents (CCPA)

If you are a California resident, you have the right to know what personal data we collect, request deletion, and opt out of the sale of personal data. We do not sell personal data.

8. Cookies

UppalCRM uses essential cookies required for the platform to function, including authentication tokens and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children’s Privacy

UppalCRM is a business-to-business service and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us at privacy@uppalcrm.com and we will delete it promptly.

10. International Data Transfers

UppalCRM’s infrastructure is located in the United States. If you are accessing our service from outside the United States, your data will be transferred to and processed in the United States.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure adequate protection of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the UppalCRM platform at least 14 days before the changes take effect.

We encourage you to review this page periodically for the latest information on our privacy practices.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email:privacy@uppalcrm.com

Website:uppalcrm.com