Privacy Policy

Last updated: April 21, 2026

Cratio Software Private Limited (“Cratio”, “we”, “us”) operates the CRM platform at cratio.com. This Privacy Policy describes how we collect, use, store, and protect information about you when you use our website and services. By using Cratio, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Personal Information

When you register or use our services, we may collect:

  • Name, email address, and phone number
  • Company name and billing address
  • Call logs and call tracking data (if the call tracking feature is enabled)
  • Lead and contact data you import or create in the CRM

Mobile App Permissions

The Cratio mobile app may request the following device permissions:

  • Read Contacts — to sync leads with your phone contacts
  • Read/Write Call Logs — for call tracking and reporting
  • Phone Dialer and Phone State — to enable click-to-call functionality
  • Storage (Read/Write) — to process uploaded files and attachments
  • Foreground Service — to maintain active call tracking sessions

These permissions are used solely to deliver the features you enable. You can revoke any permission at any time in your device settings.

Usage Data

We automatically collect certain technical data when you use our platform:

  • IP address, browser type, and device identifiers
  • Pages visited, features used, and session duration
  • Error logs and performance data

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Cratio platform
  • Process payments and send billing communications
  • Respond to support requests
  • Send product updates and service notifications
  • Analyse usage patterns to improve features
  • Comply with applicable laws and legal obligations

We do not sell, rent, or trade your personal information to third parties.

3. Sub-Processors and Data Sharing

We engage the following sub-processors to deliver our services:

Sub-processorPurposeLocation
Amazon Web Services (AWS)Cloud hosting and data storageMumbai, India (ap-south-1)

We do not use AI or LLM-based sub-processors to process your customer data.

We may share your information with third parties only when required by law or court order, necessary to protect Cratio’s legal rights, or when you have given explicit consent.

4. Data Storage and Security

All customer data is stored on AWS infrastructure in the Mumbai region (ap-south-1). Data does not leave India except as required by applicable law.

We implement industry-standard security measures including SSL/TLS encryption in transit, encryption at rest, access controls, and audit logging. Your uploaded data remains yours — we will not redistribute it except as described in this policy.

If we become aware of a material security breach affecting your data, we will notify you within 72 hours.

5. Data Retention

Data TypeRetention Period
Account and CRM data30 days after subscription termination
Call recordings90 days (or as configured by account admin)
Support ticket history2 years
Billing records7 years (required by Indian tax law)
Marketing analytics cookiesSession / 13 months (Google Analytics)

After the applicable retention period, data is permanently deleted with no recovery possible.

6. Your Rights Under the DPDP Act 2023

Under India’s Digital Personal Data Protection Act 2023, you have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete personal data
  • Erasure — Request deletion of your personal data, subject to our legal retention obligations
  • Nomination — Nominate a person to exercise your rights on your behalf in the event of death or incapacity

To exercise any of these rights, email support@cratio.com. We will respond within 30 days.

7. Cookies and Tracking

We use two categories of cookies on our marketing website:

  • Strictly necessary — session management and authentication. No consent required.
  • Analytics — Google Analytics to understand site usage. You can opt out via your browser settings or Google’s opt-out tool.

The Cratio CRM product uses only strictly necessary cookies.

8. Third-Party Integrations

If you connect Cratio to third-party services (Facebook Lead Ads, IndiaMART, JustDial, Google, WhatsApp Business API), data from those services will be processed in Cratio subject to this policy.

Facebook Data

To request deletion of your Facebook-linked data, email support@cratio.com. We will process the deletion within 7 days. Deleting Facebook-linked data will remove all associated CRM history.

Google API Data

You can revoke Cratio’s access to your Google account at any time via your Google Account security settings.

9. Minors

Cratio is a business software platform. It is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page and notify active customers by email if the changes are material.

11. Contact

For privacy-related enquiries, contact us at support@cratio.com or at the address below.

Questions? support@cratio.com— End of document —