Privacy Policy

Note: This Privacy Policy covers all intueri.io, zni.in, znicrm.com, teamspoor.com, and their subdomains. It is designed to align with GDPR, CCPA/CPRA, India’s DPDP Act, and AI-specific considerations.
1. Introduction

At Intuerias Technology Private Limited (“Intuerias,” “we,” “our”), accessible from zni.in, intueri.io, znicrm.com, teamspoor.com, and their subdomains, the privacy of our visitors and customers is a top priority. This Privacy Policy describes what personal data we collect, how we process it, and the rights you have regarding your data across our CRM, Helpdesk & Ticketing, AI Chatbots, Field Force/TeamSpoor, Invoicing, and Marketing modules.

2. Scope & Applicability

This Policy applies to our websites, cloud-hosted platform, mobile applications, APIs/webhooks, and related services. It does not apply to third-party services we do not own or control.

3. Information We Collect
  • Account Data: name, email, phone, business details, role, and authentication identifiers.
  • CRM & Helpdesk Data: contacts/leads, notes, tickets, attachments, connected inbox metadata, and conversation history.
  • Messaging Data: email/SMS/WhatsApp sender IDs, templates and approvals, delivery/read events, consent/opt-out records, device/time-zone and campaign metadata.
  • Chatbot Data: prompts, uploaded files, knowledge sources connected by you, and AI outputs.
  • Field Force & Location: GPS coordinates, geofences, check-in/out, route/visit logs, device and permission status (when you enable TeamSpoor features).
  • Invoicing & Payments: billing address, tax IDs, invoice details, payment status (payment instruments are processed by payment gateways).
  • Usage & Technical: IP address, browser/OS, device IDs, app version, event logs, and diagnostics.
  • Cookies & Similar Tech: session cookies, preference/analytics pixels, and identifiers—see Section 7.
4. How We Use Information
  • To provide, maintain, secure, and improve CRM, Helpdesk, Chatbots, Field Force/TeamSpoor, Invoicing, and Marketing features.
  • To generate AI responses, route conversations, and automate workflows with human review where required.
  • To personalize and optimize deliverability (e.g., domain verification, sender reputation, template approvals).
  • To process invoices/payments and support tax compliance configurations you choose.
  • To protect against fraud/abuse, ensure platform integrity, and support/diagnose issues.
  • To comply with telecom/platform rules (e.g., DLT, carrier/WhatsApp quality controls) and legal obligations.
  • For analytics and product improvement (including de‑identified/aggregated telemetry).
5. Legal Bases (GDPR)

We rely on the following legal bases under GDPR:

  • Consent — e.g., marketing emails/SMS/WhatsApp, non‑essential cookies.
  • Contract — provision of subscribed services and support.
  • Legitimate Interests — security, analytics, product improvement, anti‑fraud.
  • Legal Obligations — tax, accounting, regulatory and telecom requirements.

India (DPDP): We process personal data based on consent or as otherwise permitted under the DPDP Act and applicable rules. See Section 22.

6. AI Chatbot Data Processing

When you use AI features, your inputs (prompts, context, files) and AI outputs are processed to provide responses. We may retain de‑identified or aggregated logs for safety, troubleshooting, and improvement. Customer prompts and AI outputs are not used to train third‑party foundation models. You should avoid submitting unlawful or highly sensitive personal data unless strictly necessary and lawful.

7. Cookies & Tracking

We use cookies and similar technologies for functionality, analytics, and performance. Strictly necessary cookies are required for core operations and cannot be disabled within the Service. Where required by law, we seek consent for non‑essential cookies via our consent tools. You can also control cookies through your browser settings; some features may not function properly if disabled.

8. Third-Party Services

We integrate third-party providers (e.g., hosting/CDN, analytics, AI model APIs, telecom/SMS aggregators, WhatsApp Business Platform providers, email senders, payment gateways). These providers may process data under their own policies. We implement contractual safeguards (including data processing terms) and share only what is necessary to operate the Service.

9. Data Sharing & Disclosure

We may share data with:

  • Service Providers/Subprocessors supporting our platform (see Section 17).
  • Telecom/Platform Partners (DLT registries, carriers, WhatsApp BSPs) for messaging compliance and delivery.
  • Affiliates for internal administration consistent with this Policy.
  • Law/Regulators when required or to protect rights, safety, and security.
  • Business Transfers in connection with a merger, acquisition, or asset sale.
10. Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Operational logs (including messaging delivery events and location pings when enabled) are retained for a commercially reasonable period and then deleted or anonymized, subject to legal holds and regulatory requirements.

11. International Data Transfers

We may process and store data in countries where we or our subprocessors operate. For EEA/UK transfers, we use appropriate safeguards (e.g., Standard Contractual Clauses). For India, cross‑border transfers are subject to applicable law and any government notifications from time to time under the DPDP Act.

12. Security Measures

We implement administrative, technical, and physical safeguards such as encryption in transit, access controls (including MFA options), monitoring, and periodic reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

13. Children’s Privacy

We do not knowingly collect data from children. In India, a “child” is an individual under 18 years; in the United States, under 13 years; and in the EEA/UK, under 16 years (or lower age permitted by local law) without appropriate parental consent. If we learn that a child’s data was collected without required consent, we will delete it promptly.

14. Your Rights (GDPR, CCPA, etc.)
  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where permitted by law.
  • Restriction — request limitation of processing.
  • Portability — receive data in a portable format.
  • Objection — to processing based on legitimate interests or for direct marketing.
  • Opt-Out (US state laws) — opt‑out of targeted advertising or certain data “sharing” where applicable.
  • DPDP (India) — rights of access, correction, erasure, grievance redress, and nomination (see Section 22).

To exercise your rights, contact us via the methods in Section 21. We may need to verify your identity and account ownership.

15. Automated Decision-Making & AI

We do not engage in fully automated decisions that produce legal or similarly significant effects without appropriate lawful basis and human review. You may request human review of decisions influenced by AI features where required by law.

16. AI Output Responsibility

AI-generated responses may be inaccurate or inappropriate. Customers are responsible for validating outputs and ensuring compliance with applicable laws and platform rules before acting on them.

17. Subprocessors & Third-Party AI Models

We use subprocessors (including hosting, analytics, messaging platforms, and AI providers) to deliver the Service. A current list is available upon request. We will provide notice of material changes consistent with our Terms of Service, and we maintain appropriate data processing agreements with subprocessors.

18. Marketing & Communications

With your consent where required, we may send promotional communications via email, SMS, or WhatsApp. You may opt out at any time using unsubscribe links, STOP keywords (for SMS), WhatsApp opt‑out, or by contacting support. We maintain consent/opt‑out records as required by law.

19. Do Not Track & Opt-Outs

Our websites do not respond to browser “Do Not Track” signals. Where applicable law requires, we will honor recognized signals (e.g., Global Privacy Control) for certain jurisdictions. You may also manage cookies/analytics preferences through provided tools or your browser settings.

20. Changes to this Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or prominent notice on our site at least 30 days in advance.

21. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Support: https://hd.znicrm.com

Email: [email protected]

Grievance Redressal (India): Please submit requests via the support portal above; we will route your request to our designated Grievance Officer under the DPDP Act.

22. India (DPDP) Supplement

This section applies to processing of personal data subject to India’s Digital Personal Data Protection Act, 2023 (DPDP) and applicable rules.

  • Notice & Consent. We provide concise notices describing purposes of processing. Where required, we obtain your consent; you may withdraw consent at any time.
  • Children. We treat individuals under 18 as children and rely on verifiable consent of a parent/guardian where required.
  • Your Rights. You may request access, correction, and erasure of your personal data; make a complaint via our grievance mechanism; and nominate another individual to exercise your rights in the event of death or incapacity.
  • Cross‑Border Transfers. Transfers outside India may occur subject to the DPDP Act and any government notifications from time to time.
  • Grievance Redressal. Submit complaints via our support portal; unresolved grievances may be escalated to the competent authority as permitted by law.
23. California & US State Privacy Supplement

For residents of California and certain US states with comprehensive privacy laws, the following applies:

  • Categories Collected. Identifiers (e.g., contact details), commercial information (subscriptions, billing), internet activity (usage logs), geolocation (when TeamSpoor is enabled), inferences (product usage patterns), and communications data.
  • Purposes. As described in Sections 3–4, including service delivery, security, compliance, and marketing with consent.
  • Sources & Recipients. From you, your organization, and your devices; shared with service providers for business purposes (hosting, analytics, messaging, payments).
  • Your Rights. Right to know/access, delete, correct, portability, and to opt out of “sale” or “sharing” for targeted advertising where applicable. Submit requests via Section 21.
  • Sale/Sharing. We do not sell personal information. We do not “share” personal information for cross‑context behavioral advertising unless explicitly stated; if we do, we will provide a “Do Not Sell or Share” mechanism.
  • Non‑Discrimination. We will not discriminate against you for exercising your rights.
24. Messaging Platforms (Email, SMS & WhatsApp)
  • Consent & Records. You must obtain and document valid consent from your recipients. We process sender IDs, templates, delivery events, and opt‑outs to operate messaging and comply with telecom/platform rules (e.g., India DLT, carrier codes, WhatsApp policies).
  • Template & Quality Controls. Certain messages require pre‑approved templates and are subject to platform quality ratings and throughput limits.
  • Opt‑Outs. We process unsubscribe links, STOP keywords for SMS, and WhatsApp opt‑out handling; you must honor opt‑outs promptly.
  • Content Guidelines. Prohibited content (e.g., illegal, deceptive, harmful) may be blocked or reported by carriers/platforms.
25. Field Force & Location Data (TeamSpoor)
  • What We Collect. With your configuration and device permissions, we may collect location pings, check‑ins, geofences, routes, timestamps, and device signals needed for attendance/visit logging.
  • Why. To enable workforce planning, proof of visit, routing, and related features; to secure the Service and prevent abuse.
  • Lawful Basis & Notices. You are responsible for informing and, where required, obtaining consent from employees/contractors and complying with applicable labor and monitoring laws.
  • Controls. Users may manage device-level permissions (e.g., GPS/background location). Disabling permissions may limit functionality.