Privacy Policy

1. Introduction

ReFollo is a cloud-based Follow-Up Operating System owned and operated by Crazydes Pvt Ltd("we", "our", or "us"). This Privacy Policy applies to all users of our website at refollo.com and our application at app.refollo.com (collectively, the "Service").

We take your privacy seriously. We collect only what we need, we use it only for what we say, and we don't sell your data. Ever.

This policy should be read alongside our Terms & Conditions, which govern your use of the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a securely hashed password. If you represent an organisation, we also collect the organisation name.

Billing Information

Payments are processed by a third-party payment gateway. We do not store your card number, CVV, or full payment details. We retain only what is necessary to manage your subscription: billing status, plan type, and transaction references.

Usage Data

We collect information about how you interact with the Service. This includes feature usage patterns, session activity, and event logs. We use this to improve the product and diagnose issues.

Technical Data

We automatically collect certain technical information when you access the Service: your IP address, browser type and version, operating system, referring URLs, and timestamps. This helps us maintain security and performance.

User Content

Client records, follow-up notes, reminders, and other content you enter into ReFollo are your data. We store it on your behalf to provide the Service. We do not analyse, mine, or use your content for any purpose other than operating the Service for you.

Communications

If you contact us via email or a support channel, we retain that correspondence to respond to you and to improve our support.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Provide, operate, and maintain the Service
• Process your subscription and send billing confirmations
• Send transactional emails: account alerts, trial reminders, and renewal notices
• Respond to your support requests and enquiries
• Monitor and improve service performance, reliability, and security
• Analyse usage patterns to inform product decisions
• Comply with legal obligations and enforce our Terms
• Detect and prevent fraud, abuse, or unauthorised access

We do not use your information for automated decision-making that produces legal or significant effects on you.

4. Legal Basis for Processing

We process your personal data on the following bases:

• Contract performance. Most processing is necessary to provide the Service you've subscribed to. This includes account management, billing, and service delivery.
• Legitimate interests. We process technical and usage data to maintain security, prevent fraud, and improve the Service. These interests don't override your rights.
• Legal obligation. Some processing is required to comply with applicable laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act).
• Consent. Where we rely on consent (for example, marketing communications), you can withdraw it at any time by contacting us at privacy@refollo.com.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We share it only in these limited circumstances:

• Service providers. We share data with third-party vendors who help us operate the Service. These include hosting providers, payment processors, and email delivery services. They are bound by confidentiality obligations and may only use your data to perform services for us.
• Legal compliance. We may disclose your data if required to do so by law, court order, or a government authority. We'll notify you where legally permitted.
• Business transfers. If Crazydes Pvt Ltd is acquired, merged, or its assets are transferred, your data may be transferred to the acquiring entity. You'll be notified before that happens.
• Protection of rights. We may share data to protect the rights, property, or safety of Crazydes Pvt Ltd, our users, or the public — where permitted by law.

We never share your client records or follow-up data with any third party except as strictly necessary to operate the Service.

6. Third-Party Services

ReFollo uses a small set of trusted third-party services to operate. These may include:

• Cloud hosting. Our infrastructure runs on Vercel. Your data is stored on secure, industry-standard cloud infrastructure.
• Payment processing. Payments are handled by a PCI-DSS compliant payment gateway. We do not process or store card data directly.
• Email delivery. Transactional emails (account alerts, receipts) are sent via a third-party email service provider.

Each of these providers has their own privacy policy. We choose providers who meet high standards of data security and handle data responsibly. We do not control their practices, and we encourage you to review their policies.

7. Cookies

What are cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your session and preferences.

What we use

• Essential cookies. These are required for the Service to function. They keep you logged in and maintain your session. You cannot opt out of these while using the Service.
• Analytics cookies. We may use analytics tools to understand how the Service is used. This data is aggregated and does not identify you personally.

Most browsers allow you to control cookies through their settings. Disabling cookies may affect your ability to use certain features of the Service.

8. Data Retention

We retain your personal data for as long as your account is active. After your subscription ends, your data is retained for up to 12 months from the date of cancellation or termination. After this period, your data may be permanently deleted.

We may retain certain information for longer where required by law — for example, billing records for tax compliance purposes.

If you'd like to request early deletion of your data, contact us at privacy@refollo.com. Note that deletion requests may be subject to legal retention obligations.

9. Data Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure.

These measures include:

• Encryption of data in transit using HTTPS/TLS
• Secure, access-controlled infrastructure
• Hashed storage of passwords
• Regular security reviews of our platform and practices

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at privacy@refollo.com.

10. Your Rights

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, you have the following rights regarding your personal data:

• Right to access. You can request a summary of the personal data we hold about you.
• Right to correction. You can request that we correct inaccurate or incomplete personal data.
• Right to erasure. You can request deletion of your personal data, subject to legal retention obligations.
• Right to grievance redressal. You can raise a complaint about how we handle your data and expect a response within a reasonable time.
• Right to nominate. Under the DPDP Act, you may nominate another person to exercise your rights in the event of your death or incapacity.
• Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time. Withdrawal does not affect processing that occurred before withdrawal.

To exercise any of these rights, email us at privacy@refollo.com. We'll respond within 30 days. We may need to verify your identity before processing your request.

If you're unsatisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India, once it is constituted under the DPDP Act.

11. Children's Privacy

ReFollo is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us at privacy@refollo.com and we'll delete it promptly.

12. Links to Other Websites

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before sharing any personal information with them.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the effective date at the top of this page. For material changes, we'll make reasonable efforts to notify you via email or in-app notice before the change takes effect.

Your continued use of the Service after any update constitutes acceptance of the revised policy. If you don't agree, you should stop using the Service and cancel your subscription.

14. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or how we handle your data, contact us at: