Privacy Policy

Howdy Analytics Privacy Policy

This statement explains how RealTech CRM collects, uses, discloses, and protects personal data when you access our products and services.

1. Who We Are and Roles

Howdy Analytics Private Limited operates RealTech CRM from our registered office in India. We act as a Data Fiduciary under the DPDP Act and a Controller under GDPR for our own account, billing, marketing, product analytics, and security data.

When you upload or sync customer and lead information into RealTech CRM, we primarily operate as your Data Processor, processing that data strictly on your documented instructions. Enterprise customers may execute a dedicated Data Processing Addendum (DPA) with us when required.

We operate under multiple privacy frameworks:

  • Indian Information Technology Act, SPDI Rules, and the Digital Personal Data Protection Act (DPDP Act)
  • EU / UK GDPR where applicable
  • Relevant US state privacy laws when thresholds are met

2. Data We Collect

We collect the minimum personal data necessary to operate, secure, and improve RealTech CRM. The data we process depends on how you configure the platform and which features you enable.

Account and business data

  • Name, email, phone number, business name, job title, team or role
  • Business address, time zone, language preferences
  • Login identifiers and authentication data such as hashed passwords or SSO IDs

CRM customer and lead data you upload

  • Contact details including names, emails, phone numbers, and addresses
  • Property, deal, and transaction information
  • Notes, tasks, reminders, tags, lists, segments
  • Communications metadata such as emails, calls, SMS logs, and campaign data

Telephony, voice, and AI features (optional)

  • Call metadata including caller and receiver numbers, timestamps, and status
  • Call recordings and transcripts when you enable recording or transcription
  • AI-generated summaries, suggestions, scoring, and other content

Usage and technical data

  • IP address, device identifiers, browser type, operating system, and app version
  • Log data such as pages viewed, buttons clicked, and features used
  • Session data, performance metrics, security events, and error diagnostics

Billing and payment data

  • Billing contact details, GST or other tax identifiers
  • Subscription plan information, invoices, and payment status
  • Card or payment data processed via PCI-compliant payment processors (we do not store full card numbers or CVV)

Support interactions

  • Support tickets, emails, chat messages, and the attachments you choose to share
  • Call recordings and transcripts with support teams where permitted and disclosed

We do not intentionally collect sensitive personal data unless it is strictly necessary and lawful. If you upload sensitive data, you must obtain the required consents and ensure compliance with applicable laws.

3. Legal Basis and Purpose of Processing

We process personal data to deliver RealTech CRM, comply with legal obligations, and continually improve the service.

Core purposes include

  • Provision and operation of the Services including account creation, CRM operations, workflows, and automations
  • Security and maintenance such as authentication, access control, fraud detection, and incident response
  • Product development and improvement using aggregated analytics and de-identified learnings
  • Communications including transactional emails, product updates, onboarding, and marketing where permitted
  • Legal and regulatory compliance relating to accounting, tax, audits, and record-keeping

Where GDPR or UK GDPR applies, our lawful bases include contract performance, legitimate interests, consent (for marketing or optional features), and legal obligation. Under the DPDP Act we act as a Data Fiduciary for our own data and as a Data Processor for customer-provided CRM data.

4. Cookies and Tracking

We use cookies and similar technologies to operate, secure, and enhance RealTech CRM. Depending on your location, we request consent for non-essential cookies and provide in-product controls to manage preferences.

Typical cookie categories

  • Essential cookies for login sessions, security, load balancing, and basic functionality
  • Analytics cookies to understand feature adoption, performance, and product usage
  • Marketing pixels used for campaign measurement and retargeting where permitted

5. Data Sharing and International Transfers

We do not share personal data with third parties except as described in this Policy or with your consent. When we do share data, it is governed by written agreements and appropriate safeguards.

We may share data with

  • Affiliates and group companies under common ownership, subject to equivalent safeguards
  • Service providers and sub-processors offering cloud hosting, telephony, email delivery, analytics, payment processing, and customer support
  • Partners and resellers that assist with onboarding or support, according to contractual terms
  • Law enforcement, regulators, or courts when required by law or to protect rights and safety
  • Successor entities in mergers, acquisitions, financing, or asset transfers, under continued protection of this Policy

Data may be processed and stored in India and other countries where we or our service providers operate. For EU/EEA/UK users, we rely on Standard Contractual Clauses or other approved transfer mechanisms when required.

6. Security

We implement reasonable and appropriate technical and organisational measures aligned with the DPDP Act, GDPR, and industry best practices. While no system is perfectly secure, we strive to prevent unauthorised access, maintain data integrity, and ensure availability.

Representative safeguards

  • Encryption in transit (HTTPS/TLS) and at rest for sensitive data stores
  • Role-based access control, least-privilege principles, and periodic access reviews
  • Multi-factor authentication options, session management, and network protections
  • Continuous monitoring, vulnerability management, and documented incident response procedures

If we become aware of a significant personal data breach, we will notify affected users and appropriate authorities without undue delay, consistent with DPDP Act and GDPR timelines.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or to comply with legal obligations.

Typical retention periods

  • Account and profile data: lifetime of the account plus up to 12 months
  • CRM customer or lead data: until you delete it or your subscription ends (backup copies follow standard cycles)
  • Telephony recordings and transcripts: typically 12–24 months unless configured otherwise
  • Support tickets and communications: around 3 years after closure
  • Billing and payment records: 7 years for tax and accounting requirements
  • Usage and log data: 12–24 months for security and analytics

When data is no longer required we delete or irreversibly anonymise it, subject to legitimate archival or backup constraints.

8. Your Privacy Rights

Your privacy rights vary by jurisdiction, but we provide a high baseline of transparency and control to all customers.

Under the DPDP Act, you may

  • Request confirmation and access to personal data we process
  • Request correction or updating of inaccurate or incomplete data
  • Withdraw consent where processing is based on consent
  • Request deletion of personal data, subject to legal retention requirements
  • Raise grievances and approach the Data Protection Board of India once operational

Under GDPR / UK GDPR, you may also

  • Access personal data and receive a copy
  • Rectify inaccurate or incomplete data
  • Request erasure, restriction, or portability in specific circumstances
  • Object to processing based on legitimate interests or direct marketing
  • Lodge a complaint with a supervisory authority

US state privacy laws (e.g., CCPA/CPRA) may provide

  • Rights to know, access, or delete certain personal data
  • Opt-out options for defined data “sales” or “sharing”
  • Protection from discrimination when exercising privacy rights

To exercise your rights, contact contact@realtechcrm.online with sufficient information to verify your identity. We aim to respond within 30 days or within legally mandated timeframes.

9. Children's Data

RealTech CRM is designed for business use and is not directed to children under 18. We do not knowingly collect personal data from children.

If you believe a child has provided data to us, please contact contact@realtechcrm.online so we can delete it as required by law.

10. AI Features and Automated Processing

RealTech CRM may provide AI-driven features such as call scripts, summaries, lead scoring, and content recommendations. AI outputs are suggestions intended to augment—not replace—your professional judgment.

You remain responsible for reviewing AI outputs and ensuring compliance with all applicable marketing, telemarketing, privacy, and consumer protection laws. Unless explicitly stated, we do not use identifiable customer or lead data to train public models; aggregated and de-identified data may be used to improve algorithms.

11. Third-Party Links and Integrations

RealTech CRM may link to or integrate with third-party services. Their privacy practices are governed by their own policies, and we encourage you to review them carefully.

We select and contract with processors to align with applicable privacy laws, but we are not responsible for how third parties handle your data once shared at your instruction.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our business. Material updates will be communicated via email, in-app notices, or banners. The effective date at the top of the policy indicates the latest version.

Continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

13. Contact

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact:

Howdy Analytics Private Limited – RealTech CRM

Email: contact@realtechcrm.online

You may also reach our Data Protection Officer at dpo@realtechcrm.online when required. If you are unsatisfied with our response, you may contact your local data protection authority or the Data Protection Board of India, as applicable.