Winline Technologies (P) Ltd
Login

CRM Software of Winline Technologies Private Limited

Winline Technologies Private Limited ("Winline", "we", "our", "us") provides a multi-tenant Customer Relationship Management platform ("Winline CRM"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.

Effective date Effective: August 11, 2025 Last updated Last updated: September 01, 2025 No selling We do not sell personal information

If you use Winline CRM under an organization/tenant account, that organization is typically the data controller of the information it uploads into the Service ("Customer Data"), and Winline acts as its data processor/service provider. For our own website operations, billing, support, and Service security ("Service Data"), Winline is the controller.

Contents
What we collect

1) What we collect

Customer Data (you/your organization upload or connect) & Service Data (we collect for operating and securing the Service)
A. Customer Data (you/your organization upload or connect)
  • Contact records, leads, accounts, deals, notes, tasks, attachments
  • User/seat details (name, email, role), team/tenant configuration
  • Custom fields and data imported via CSV/API/integrations
  • Invitation tokens and their status/expiry
  • Audit trails (e.g., who created/edited/deleted a record)
Legal basis/role: Processed under your organization's instructions to deliver the Service. You (the organization) are responsible for the lawful collection and use of Customer Data.
B. Service Data (we collect for operating and securing the Service)
  • Account & billing: name, business details, email, phone, plan, invoices, payment status (processed by a payment processor if/when enabled)
  • Usage & logs: app activity, feature usage, timestamps, IP address, device/browser, referrer, error and performance logs
  • Security data: authentication events, session identifiers, login history, CSRF tokens, role/permission checks
  • Support: messages, attachments, call/chat transcripts
  • Cookies & similar tech: session cookies, security cookies, preference cookies; optional analytics if enabled by your tenant
Legal bases: contract performance, legitimate interests (security, fraud prevention, product improvement), consent where required.
How we use information

2) How we use information

Operation, security, support, improvement, compliance
  • Provide and maintain the Service: user authentication, role-based access, multi-tenant data separation, invitation flows, token expiry, domain and SMTP configuration
  • Security & integrity: detect/prevent fraud/abuse, maintain audit trails, investigate incidents
  • Support & communications: respond to tickets, send service/transactional emails (e.g., invites, password resets), product updates
  • Product improvement: diagnose issues, monitor performance, develop new features (aggregated/de-identified where possible)
  • Compliance: meet legal, tax, accounting, and regulatory obligations
No selling We do not sell personal information.
Sharing & disclosures

3) Sharing & disclosures

Tenant visibility, processors, legal, business transfers
  • Your organization (tenant): Admins may view/manage user activity, logs, and configurations within their tenant.
  • Sub-processors/Service providers: hosting, email delivery, logging/monitoring, analytics (if enabled), backup and storage, customer support tools.
    Examples (subject to your actual setup): cloud infrastructure provider, email/SMS providers, error logging, backup service. We contractually require appropriate confidentiality and security measures. A current list of sub-processors is available on request.
  • Legal & safety: to comply with law, enforce terms, or protect rights, property, or safety.
  • Business transfers: in mergers, acquisitions, or asset sales, subject to this Policy.
International transfers

4) International transfers

Appropriate safeguards for cross-border data movement

If data is transferred outside your jurisdiction, we use appropriate safeguards (e.g., contractual clauses or comparable mechanisms) as required by applicable law. Details available upon request.

Data retention

5) Data retention

Retention by data class with purge windows
  • Customer Data: retained for the subscription term. Upon tenant termination, we provide a [30–90] day window for export, then delete or irreversibly anonymize within [30] days unless law requires longer retention.
  • Logs & security records: typically [90–180] days (shorter for high-volume logs).
  • Backups: rolling backups are kept for [30] days and then aged out.
Retention periods may vary by your configuration or legal requirements.
Your rights

6) Your choices & rights

Jurisdiction-dependent rights; we honor applicable law

Your rights depend on your jurisdiction and role (end-user vs. tenant admin). We will honor requests in line with applicable law (e.g., India's DPDP Act, EU/EEA GDPR, UK GDPR, California CCPA/CPRA).

  • Access/Portability: get a copy of your personal data.
  • Correction: fix inaccurate or incomplete data.
  • Deletion: request deletion (subject to our legal obligations and your organization's policies).
  • Restriction/Objection: limit or object to certain processing.
  • Consent withdrawal: where processing relies on consent.
  • Grievance/Appeal: contact our grievance officer/DPO; you may also have the right to complain to a supervisory authority/Data Protection Board.

How to exercise:

  • If your data is within Customer Data, contact your organization's admin.
  • For Service Data or if you are unsure, email support@winlinetech.com.
Cookies & tracking

7) Cookies & tracking

Essential, preferences, and optional analytics
  • Required cookies: session, authentication, security (cannot function without these).
  • Preferences: remember settings (e.g., language, UI options).
  • Analytics (optional): usage metrics to improve reliability and performance (tenant-level toggle where applicable).
Browser settings may allow you to block cookies; essential cookies are needed for login and core features.
Security

8) Security

Administrative, technical, organizational measures
  • TLS in transit; encryption at rest where supported by our infrastructure
  • Least-privilege access, strong authentication, role-based permissions
  • Audit logs for admin and critical actions
  • Segregated multi-tenant architecture
  • Regular backups and vulnerability/patch management
  • Incident response procedures
No system is 100% secure; we encourage strong, unique passwords and 2FA (if enabled).
Third-party services & integrations

9) Third-party services & integrations

If you enable integrations (e.g., email/SMS gateways, storage, calendars, reCAPTCHA on forms), those providers may process personal data under their own privacy terms. Your organization controls which integrations are enabled. Review third-party terms before use.

Children

10) Children

The Service is not directed to children under 18. We do not knowingly collect data from children. If you believe a child has provided personal data, you can delete it or contact us to delete it.

Data Processing Addendum

11) Data Processing Addendum (DPA)

For customers requiring a DPA or region-specific terms (e.g., SCCs, India DPDP addendum), contact support@winlinetech.com. Signed DPAs become part of your subscription agreement.

Changes to this Policy

12) Changes to this Policy

We may update this Policy to reflect changes to the Service or the law. We'll post updates with a new "Last updated" date and, where required, notify admins by email or in-app message. Continued use after the effective date indicates acceptance.

Contact

13) Contact us

Winline Technologies Private Limited

Address: No.3 1st Main Road, Kelgeri, Dharwad, Karnataka State, India PIN: 580007

Email Email: support@winlinetech.com

Phone Phone: +91 9481273355 / +91 836 2233559

↑ Back to top
Menu
Start Here