Privacy Policy

Trinetra CRM ("Trinetra", "we", "us") is a WhatsApp-first customer-relationship platform built for Indian SMBs. The Service is operated by Trinetra CRM (Sole Proprietorship of Raj Kumar Upadhyay · UDYAM-DL-06-0205844). Registered office: 517, 1st Floor, Shalimar Bagh Residence, Block Bh, Shalimar Bagh, New Delhi, Delhi, 110088, India. For all privacy questions, email privacy@trinetracrm.com (subject "Privacy").

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable laws.

We collect data in three categories — what you give us directly, what your business gathers from end-users through the Service, and what is generated when you use the Service.

• Account data — name, email, phone, business name, GSTIN (if provided), password (bcrypt-hashed; we never see the plaintext).
• Billing data — invoice records, transaction IDs from Razorpay; we do NOT store full card or UPI account numbers.
• Customer data you upload — your contacts' names, phone numbers, tags, notes, and conversation history.
• Conversation metadata — message timestamps, delivery status, template IDs (the message body itself is encrypted at rest by Meta and us).
• Usage analytics — page views and feature usage so we can fix the bits that confuse people. Marketing pages use Plausible Analytics (no cookies, no PII, EU-hosted). The authenticated dashboard uses PostHog (EU region, Frankfurt) — captures page views, approximate city (IP resolved to city then dropped, $ip not stored), browser, OS, UTM source, and referrer. Identifiers (email, name, phone, message content) are stripped at the SDK boundary per DPDP §6 minimisation. OAuth callback tokens and email query parameters are redacted before any event leaves your browser.
• Device & network data — IP address, browser, operating system, approximate region (city-level only), device type — used for security and abuse prevention.

We use your data only for the following purposes — and only as needed for each:

• Service delivery — running your account, sending and receiving WhatsApp messages, syncing templates with Meta.
• Billing & invoicing — generating invoices, charging your card/UPI, complying with GST and other tax laws.
• Security — detecting fraud, abuse, brute-force login attempts, and complying with Meta's policy enforcement.
• Product improvements — understanding which features are used, fixing bugs, planning new features (using aggregated, non-identifying analytics).
• Customer support — responding to your tickets, debugging issues you report, sending service announcements.
• Legal & compliance — responding to lawful requests from authorities, defending against legal claims.

We do NOT use your data — or your customers' data — to train AI models, sell to data brokers, or run advertising of any kind.

Trinetra does not sell or rent personal data. We share data only with the sub-processors below, each contracted under a data-processing agreement that mirrors the protections in this policy.

• Meta (WhatsApp Business Platform) — message delivery; data flows directly between your account and Meta.
• Neon (Postgres database, Mumbai region) — primary data storage; data stays in India.
• Vercel (frontend hosting) — serves the marketing site and dashboard; CDN-cached static assets only.
• Render (backend hosting) — runs the API server; configured to log no request bodies.
• Razorpay — payment processing and invoicing; PCI-DSS-certified, India-based.
• Resend — transactional email (welcome, billing, password reset).
• Google LLC — optional "Sign in with Google" entry point. If you choose this path, Google returns your verified email, full name, profile photo, and an opaque Google account ID to Trinetra; that is the only data flow. We do NOT request access to your contacts, calendar, drive, or any other Google data. Consent is captured separately at the sign-in screen per DPDP §6(2); cross-border transfer is permitted under DPDP §16 with Google's Standard Contractual Clauses.
• Plausible Analytics — privacy-respecting marketing-page analytics; no cookies, no PII, EU-hosted.
• PostHog — authenticated-dashboard product analytics; EU region (Frankfurt). Captures page views, approximate city, browser, OS, UTM, and referrer. Identifiers (email, name, phone, message content) are stripped at the SDK boundary; OAuth tokens redacted before send.

A current sub-processor list is maintained at /privacy/sub-processors and updated within 30 days of any change. We give 30 days' notice on the in-app banner and via email before adding a new sub-processor that handles personal data.

We retain data only as long as it is needed for the purpose it was collected, or as required by law.

• Active account data — for the lifetime of your subscription.
• Conversations — while your account is active, then 90 days after cancellation, then deleted.
• Encrypted backups — 30 days, then securely overwritten.
• Audit logs (logins, billing events) — 1 year, for security and compliance.
• Invoices — 72 months under CGST Act §36 read with §35, and 6 years from end of relevant assessment year under IT Act §44AA + Rule 6F. Where Trinetra operates as an incorporated entity, 8 years per Companies Act 2013 §128(5).
• Marketing emails (if you opted in) — until you unsubscribe.

Under the DPDP Act and good practice, you have the following rights — exercisable at any time via the in-app privacy dashboard or by emailing privacy@trinetracrm.com:

• Access — get a copy of the personal data we hold about you.
• Correction — fix any data that is wrong or out of date.
• Erasure — delete your account and all associated personal data. See /data-deletion for the step-by-step process, timelines, and what is retained under Indian tax law.
• Portability — export your data in a machine-readable format (JSON or CSV).
• Withdraw consent — opt out of any optional processing (analytics, marketing emails) at any time.
• Grievance redressal — escalate to our Grievance Officer (see "Contact & Grievance Officer" below). Acknowledge within 24 hours, resolution within 15 days per IT Rules 2021 Rule 3(2).

We respond to verified DPDP rights requests within 30 days. If we need more time for a complex request, we will tell you within 30 days and give a final response within 90 days. Grievance acknowledgement is separate and faster — see the Grievance Officer block.

Trinetra uses only strictly necessary cookies — for keeping you logged in, remembering your theme preference, and protecting against CSRF. These are first-party only and do not require consent under DPDP.

We run two analytics surfaces. Marketing pages (trinetracrm.com) use Plausible Analytics — no cookies, no IP collection, no fingerprinting, EU-hosted. The authenticated dashboard uses PostHog (EU region, Frankfurt) for product analytics so we can see which features get used and which need fixing. PostHog stores its anonymous distinct_id in your browser's localStorage — NOT in a cookie — and aliases it to your account's opaque user_id on login. PostHog auto-captures page views with approximate city (IP resolved server-side then dropped, never stored), browser, OS, UTM source, and referrer; identifiers (email, name, phone, message content) and OAuth callback tokens are stripped at the SDK boundary before any event leaves your browser. Autocapture (DOM click/keystroke recording) and session replay are off. Both stacks are DPDP/GDPR-compliant by design.

We do not run advertising trackers (no Google Ads, no Facebook Pixel, no LinkedIn Insight). We do not embed third-party scripts that read your data.

Security is non-negotiable. The platform is built on these defaults:

• TLS 1.3 for all data in transit.
• AES-256 encryption at rest for the primary database and all backups.
• Bcrypt-hashed passwords (cost factor 12) — we cannot recover your password, only reset it.
• JWT-based session auth with short-lived access tokens and rotating refresh tokens.
• HMAC-signed webhooks for all incoming Meta payloads — invalid signatures are rejected.
• Role-based access control inside the dashboard — agents see only what their role permits.
• Audit log of every privileged action, retained for 1 year.
• Independent penetration test before public launch and annually thereafter.

No security measure is perfect. If a personal-data breach affects your data, we will notify you within 72 hours of becoming aware of the breach — per DPDP §10(6). The notice will include what was accessed, what we have done, and what you should do. We will not delay first contact while we refine details; updates follow as the picture clarifies.

Your primary data is stored in Mumbai, India (Neon). Some sub-processors operate globally (Vercel CDN, Resend, Plausible, PostHog EU). For each, we rely on contractual safeguards — Standard Contractual Clauses or equivalent — and process only the minimum data necessary outside India. The DPDP Act's cross-border list will be honoured once published; we will move processing to listed jurisdictions if required.

Trinetra accounts are for adults running a business — we require account-holders to be 18 or over. We do not knowingly create accounts for anyone under 18. If you are a parent or guardian and believe your child has signed up, email us at privacy@trinetracrm.com and we will lock the account and delete the associated data.

Note for our customers (the businesses using Trinetra to message THEIR customers): your contact list may contain end-customers of any age, governed by your own privacy notice and DPDP §9 obligations. Trinetra is not the data fiduciary for those contacts — you are. We do not target advertising, behavioural monitoring, or tracking at children inside the platform.

We may update this policy as the product evolves or as the law changes. Material changes will be notified at least 30 days in advance via in-app banner and email to your registered address. Continued use after the effective date constitutes acceptance.

For privacy questions, complaints, or to exercise any of your rights, email privacy@trinetracrm.com with subject "Privacy". You can also use the in-app privacy dashboard.

Grievance Officer per DPDP §8(9) and IT Rules 2021 Rule 4(1): Raj Kumar Upadhyay, Founder & Grievance Officer. Email grievance@trinetracrm.com (subject "Grievance"). Phone +91 83839 00820 — voice or WhatsApp — during Mon–Sat, 10:00–19:00 IST. We acknowledge within 24 hours (an automated reply confirms receipt) and resolve within 15 days.

Postal escalation: 517, 1st Floor, Shalimar Bagh Residence, Block Bh, Shalimar Bagh, New Delhi, Delhi, 110088, India.

If your grievance concerns a decision made by the Grievance Officer themselves, or you are not satisfied with the resolution, you may escalate to the Data Protection Board of India under DPDP §27 once the Board has begun accepting filings.