Privacy Policy

1. Introduction

Welcome to NugaBest CRM ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management platform.

2. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Email address, name, phone number, and password
• Customer Data: Information about your customers including names, contact details, visit history, and purchase records
• Usage Data: Information about how you interact with our platform, including IP addresses, browser type, and device information
• Recovery Codes: Encrypted one-time recovery codes for account security

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and manage your account
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, prevent, and address technical issues and fraudulent activity

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit and at rest
• Secure password hashing using industry-standard algorithms
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Recovery codes for account protection

5. Data Separation and Administrator Access

We maintain strict data separation between different showrooms on our platform:

• Data Ownership: You retain full ownership of all customer data entered into your showroom
• Data Isolation: Your customer data (visitors, visits, purchases, subscriptions) is isolated and not accessible to other showroom owners
• Limited Administrator Access: Platform administrators can access basic account information (name, email, phone) and showroom metadata (name, location) for operational purposes
• No Business Metrics Access: Platform administrators cannot view your business metrics (visitor counts, visit history, purchase records, subscription data) without explicit permission
• Support Access: Administrators may access your showroom data only with your explicit consent for technical support or troubleshooting purposes
• Audit Logs: All administrative access to showroom data is logged for transparency and security

6. Data Retention

We retain your personal information for as long as necessary to provide you with our services and as described in this Privacy Policy. We will also retain and use your information to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured format (via Export function)
• Objection: Object to our processing of your personal information
• Transparency: Request information about how your data is accessed by administrators

8. Third-Party Services

Our platform uses Convex for backend services. We do not share your personal information with third parties except as necessary to provide our services or as required by law. All third-party services are required to maintain appropriate data protection standards.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be communicated via email or in-app notification.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us through your account settings or reach out to your system administrator.