Privacy Policy
Effective: May 23, 2026 · Last updated: June 22, 2026
Verdeshell Technologies ("Verdeshell", "we", "us") operates the Verdeshell CRM platform (the "Service"). This Privacy Policy explains how we collect, use, disclose and protect information about you when you use our Service.
1. Our Role: Controller & Processor
Verdeshell plays two different roles depending on the data involved:
- As a Controller: for the account, identity, billing and usage data of the Subscriber and its Users, and for data submitted through our public website forms, we determine the purposes of processing, and this Policy governs that processing.
- As a Processor: for the data a Subscriber enters about its own clients and contacts ("CRM Data"), the Subscriber is the data controller and Verdeshell processes that data only on the Subscriber's instructions, as set out in our Data Processing Agreement. If you are a client or contact of a Subscriber, please direct privacy requests to that Subscriber.
2. Information We Collect
- Account & Identity Data: Name, email, phone, role and organization details provided at registration.
- CRM Data: Client records, deal information, project details, consultation notes, service contracts and any other data a Subscriber enters into the platform about its own clients. The Subscriber controls this data; some modules (for example, Nutrition) may include special-category health data, for which the Subscriber is responsible for obtaining explicit consent and a lawful basis.
- Billing Data: Subscription plan and payment history (payment processing is handled by our payment provider; we do not store card numbers).
- Document Data: Files and attachments uploaded to the Service.
- Public Form Data: Name, email, phone and message submitted through our public contact and demo-request forms.
- Device & Usage Data: IP address, browser type, OS, pages visited and feature usage.
3. How We Use Your Information
- Provide, maintain and improve the CRM Service.
- Process transactions and send billing-related communications.
- Send product updates, support responses and service notifications.
- Detect, investigate and prevent fraudulent or unauthorized activity.
- Comply with legal obligations.
4. Legal Basis for Processing
We process personal data on the basis of contract performance (to deliver the Service you subscribe to), legitimate interests (platform security, product improvement), consent (marketing communications), and legal obligation (tax, compliance records). For CRM Data, the Subscriber (as controller) is responsible for establishing the lawful basis and consents for the data it processes through the Service.
5. Data Sharing & Disclosure
We share data only in the following circumstances:
- Your Organization: Administrators in your Verdeshell CRM organization can access data within their tenant.
- Sub-processors: Amazon Web Services (file storage, hosting — Mumbai region), Microsoft Graph API (transactional email sent by Verdeshell), Razorpay (subscription payment processing — India), and our WhatsApp Business Solution Provider (WhatsApp message delivery, where you enable WhatsApp messaging). Where you configure your own email provider to send client-facing messages, that provider is engaged by you, not by Verdeshell. A current list is maintained in our Data Processing Agreement.
- Legal Requirements: When required by law, court order, or government authority.
- Business Transfer: In the event of a merger, acquisition or asset sale, with prior notice.
6. Data Retention
We retain your CRM data for the duration of your subscription and for 90 days after account termination, allowing you to export your data. Billing records are retained for 7 years as required by Indian tax law.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- GDPR (EU/UK): Access, rectification, erasure, restriction, portability, and objection to processing.
- DPDP Act 2023 (India): Access, correction, erasure and nomination rights.
- CCPA (California): Know, delete and opt-out of sale of personal information.
To exercise any right, contact us at connect@verdeshell.com. If you are a client or contact of a Subscriber, please address your request to that Subscriber, who is the controller of your data; we will assist them in responding.
8. International Data Transfers
Your data is primarily stored in AWS Mumbai (ap-south-1). If data is transferred outside India or the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.
9. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access control, and regular security reviews. No system is 100% secure; we will notify you of breaches as required by law.
10. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us immediately.
11. Cookies & Tracking
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You can configure your browser to reject non-essential cookies; this may affect some features.
12. Grievance Officer & Data Protection Contact
In accordance with the Information Technology Act, 2000 (and the rules made thereunder) and the Digital Personal Data Protection Act, 2023, you may contact our Grievance Officer for any complaint regarding your personal data or content on the Service:
The Grievance Officer, Verdeshell Technologies
Sector 58, Gurgaon, Haryana, India — 122011
connect@verdeshell.com
We will acknowledge and address grievances within the timelines required by applicable law.
13. Changes to This Policy
We may update this policy periodically. We'll notify you by email and in-app notice at least 14 days before material changes take effect. Continued use after the effective date constitutes acceptance.
14. Contact Us
Verdeshell Technologies, Sector 58, Gurgaon, Haryana, India — 122011
connect@verdeshell.com