Privacy Policy

Niro Digital d.o.o. ("we", "our", or "us") operates NiroCRM, a telecom sales management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Personal Information

We may collect personal information that you provide to us, including but not limited to:

• Name and contact information (email address, phone number)
• Account credentials (username, password)
• Company information and job title
• Payment and billing information
• Professional information (company, job title)
• Sales performance metrics
• Communication preferences

Usage Data

We automatically collect certain information when you access our service, including:

• IP address and device information
• Browser type and version
• Pages visited and features used
• Time and date of your visit
• Time spent on pages

Lead and Customer Data

As a CRM platform, we process data about your leads and customers that you input into our system. This may include:

• Contact details of leads and customers
• Communication history and notes
• Sales pipeline information
• Transaction and deal data

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative information and updates
• Respond to inquiries and provide customer support
• Monitor and analyze usage patterns and trends
• Protect against unauthorized access and abuse
• Comply with legal obligations
• AI-powered features to enhance productivity
• Lead distribution based on team member availability
• Commission calculations and performance tracking

We may share your information in the following situations:

• Service Providers: We may share data with third-party vendors who perform services on our behalf (hosting, analytics, payment processing).
• Business Transfers: In connection with any merger, acquisition, or sale of assets.
• Legal Requirements: When required by law or to protect our rights.
• With Your Consent: When you have given us explicit permission.

Third-Party Service Providers

We work with the following categories of service providers:

• Cloud hosting providers (Vercel and Cloudflare)
• Analytics services (Google Analytics)
• Payment processors (Stripe)
• Email service providers (Resend)
• Error tracking (Sentry)

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication measures
• Employee training on data protection
• Regular penetration testing
• SOC 2 compliant infrastructure providers
• Automated vulnerability scanning

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for 3 years after deletion for legal compliance.
• Usage Data: Retained for 30 days for analytics purposes.
• Legal Records: Retained for up to 7 years as required by applicable laws.

If you are located in the European Economic Area (EEA), you have certain data protection rights under GDPR:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request limitation of processing.
• Right to Data Portability: Request transfer of your data in a machine-readable format.
• Right to Object: Object to processing of your personal data.
• Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, please contact us at privacy@nirodigital.com. We will respond to your request within 30 days. You can also manage your data directly from your account settings, including exporting your data and requesting account deletion.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

We use Standard Contractual Clauses approved by the European Commission and rely on adequacy decisions where applicable to ensure your data is protected when transferred internationally. Our primary infrastructure providers (Vercel and Cloudflare) maintain data processing agreements that comply with GDPR requirements.

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us at privacy@nirodigital.com.

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

We recommend reviewing this policy periodically for any changes. Changes are effective when posted on this page.

If you have questions about this Privacy Policy or our data practices, please contact us: