Privacy Policy

Effective date: June 24, 2026

HSR Hi-Tech Solutions ("HSR Hi-Tech Solutions", "we", "us", "our") develops and operates Leadflow CRM (the "Service"), available at https://crm.hsrsolutions.co.in and related websites including https://www.hsrsolutions.co.in. HSR Hi-Tech Solutions is the data controller for personal data processed through the Service, including data received from third-party platforms such as Meta (Facebook).

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.

1. Information We Collect

1.1 Account information

When you register, we collect your name, email address, password (stored in hashed form), and workspace details such as company name and team membership.

1.2 Lead and business data

You may manually enter, upload via CSV, or sync lead data including names, email addresses, phone numbers, companies, job titles, notes, tags, and custom fields. You are responsible for ensuring you have a lawful basis to collect and process this data.

1.3 Meta (Facebook) Platform Data

If you connect Facebook Lead Ads, we receive Platform Data from Meta as authorized by you, including:

• Facebook user and Page access tokens
• Page IDs, Page names, and Lead Gen form metadata
• Lead form submissions (e.g. name, email, phone, company, and other fields submitted by the lead)
• Facebook lead IDs and form IDs used to prevent duplicate imports

We use this data solely to import leads into your workspace so you and your team can contact people who submitted your Lead Gen forms and manage your sales pipeline. We do not use Meta Platform Data for advertising, audience building, selling to third parties, or any purpose unrelated to your CRM use.

1.4 Integration and technical data

We store OAuth tokens and integration settings needed to sync data from services you connect. We may also collect IP address, browser type, device information, log files, and usage data for security, troubleshooting, and service improvement.

2. How We Use Your Information

• Provide, operate, and maintain the Service
• Authenticate users and manage workspaces and team access
• Sync, store, and display leads from connected integrations
• Send in-app and service-related notifications
• Respond to support requests and communicate about the Service
• Improve features, security, and reliability
• Comply with applicable laws and enforce our Terms of Service

3. Legal Basis for Processing

Depending on your location, we process personal data based on:

• Contract — to provide the Service you signed up for
• Consent — when you connect third-party integrations or opt in to optional features
• Legitimate interests — to secure, improve, and operate the Service
• Legal obligation — where required by applicable law

Where the EU/UK GDPR applies, the above bases apply accordingly. Where India's Digital Personal Data Protection Act (DPDP Act) applies, we process data in accordance with its requirements.

4. Data Processors and Service Providers

We use trusted third-party service providers ("data processors") that process personal data on our instructions to help us deliver the Service. These may include:

• MongoDB, Inc. (MongoDB Atlas) — cloud database hosting and storage of application data, including integration tokens and lead records
• Cloud hosting providers — application server and infrastructure hosting for our API and backend services
• HSR Hi-Tech Solutions — authorized personnel for development, maintenance, security, and customer support

Processors are permitted to access personal data only as needed to perform services for us and are required to protect it appropriately. We do not sell personal data to third parties.

5. Data Sharing and Disclosure

We may share personal data only in these circumstances:

• Within your workspace — with team members you authorize in your account
• Service providers — as described in Section 4, under contractual safeguards
• Integration partners — e.g. Meta, when you authorize a connection (data flows as directed by you)
• Legal requirements — as described in Section 6
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required by law

We do not share Meta Platform Data with other customers, advertisers, or unrelated third parties.

6. Requests from Public Authorities

If we receive a request from a public authority for personal data or personal information (including data received from Meta), we follow these practices:

• Legal review — we review the legality and validity of the request before disclosing any data
• Challenge unlawful requests — we may challenge requests through lawful means, including legal counsel, if we believe a request is unlawful or overbroad
• Data minimization — we disclose only the minimum information necessary to comply with a valid and lawful request
• Documentation — we maintain internal records of requests received, our responses, the legal reasoning, and the parties involved, subject to applicable law

In the past 12 months, we have not provided personal data received from Meta to public authorities in response to national security requests, excluding standard criminal law enforcement requests handled under the process above.

7. Data Retention

We retain account and lead data while your account is active or as needed to provide the Service. If you disconnect an integration, associated tokens are removed or deactivated. Upon account deletion or a verified deletion request, we delete or anonymize personal data within 30 days unless a longer retention period is required by law or legitimate business needs (e.g. fraud prevention).

8. Security

We implement appropriate technical and organizational measures including HTTPS encryption in transit, hashed passwords, workspace-level data isolation, and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data (including lead export features in the app)
• Restrict or object to certain processing
• Withdraw consent where processing is consent-based
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at info@hsrsolutions.co.in. We will respond within the timeframe required by applicable law.

10. International Transfers

Your data may be stored or processed in countries other than your own, including where our service providers operate (e.g. cloud database regions). We take appropriate safeguards for cross-border transfers as required by applicable law.

11. Children's Privacy

The Service is intended for business users aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page with an updated effective date. Material changes may also be communicated by email or in-app notice where appropriate.

13. Contact Us

HSR Hi-Tech Solutions (Data Controller)
Haldia, West Bengal, India
Website: https://www.hsrsolutions.co.in
Email: info@hsrsolutions.co.in
Phone: +91 9102538091

For Meta Platform Data inquiries related to Leadflow CRM, please reference Leadflow CRM in your message.