Privacy Policy

Effective date: April 24, 2026

This Privacy Policy explains how Vivya Corp ("VivyaCRM", "we", "us", "our") collects, uses, stores, and shares information when you use our customer relationship management platform, marketing website, and related services (collectively, the "Services"). By using the Services you agree to the practices described below.

1. Information We Collect

We collect information you provide directly (such as account details, contacts you import, and messages you send through the platform), information generated by your use of the Services (such as logs, device metadata, and product usage analytics), and information received from third-party integrations that you explicitly connect.

  • Account information: name, email address, organization, and role.
  • Customer data: contacts, leads, deals, and messages you store in the platform.
  • Integration data: information from Meta (Facebook/Instagram), Google, Microsoft, and other providers you connect.
  • Usage and device data: IP address, browser type, pages visited, and actions taken.

2. Location Data

When you use the Check-In or Field Tracking features of the VivyaCRM mobile application, we collect precise GPS location data from your device. This data is used solely to record attendance and field activity within your organization.

  • Location is collected only while the Check-In or Field Tracking feature is actively in use — not in the background or at any other time.
  • Location data is associated with your account and visible to authorized managers within your organization.
  • We do not sell, rent, or share your location data with any third parties outside of your organization.
  • You may deny location permission at any time via your device settings; doing so will disable Check-In and Field Tracking functionality.

3. How We Use Information

We use the information we collect to operate and improve the Services, authenticate users, provide customer support, send transactional and administrative communications, enforce our terms, and comply with legal obligations.

  • Provide, maintain, and improve the Services.
  • Authenticate users and protect against fraud and abuse.
  • Send transactional email and service-related notifications.
  • Analyze usage to improve features and reliability.
  • Comply with legal, regulatory, and contractual obligations.

4. Meta Platform Data (Facebook / Instagram)

When you connect a Meta Business account, we access only the data needed to deliver the features you enable — for example, Lead Ads forms, Page messaging, and campaign performance. We do not sell Meta Platform data, use it to train generative AI models, or share it with third parties other than infrastructure sub-processors strictly acting on our behalf. Meta Platform data is retained only for as long as needed to provide the Services or as required by law.

5. How We Share Information

We do not sell your personal information. We share information only in the limited circumstances described below.

  • Infrastructure and hosting providers (e.g. {{HOSTING_PROVIDER}}) acting as processors under contract.
  • Third-party services you explicitly connect (e.g. Meta, Google, Microsoft).
  • Legal and regulatory authorities when required by law, court order, or to protect our rights.
  • Successors in interest in the event of a merger, acquisition, or sale of assets.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services. You may request deletion at any time via the /data-deletion page. Backups may persist for a limited period after deletion as part of our standard disaster-recovery rotation.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete your personal information, and to object to certain processing. To exercise these rights, contact us at the address below or submit a request via the /data-deletion page.

8. Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit, access controls, and audit logging. No system is perfectly secure; please use strong, unique passwords and enable multi-factor authentication where offered.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email. The effective date at the top of this page indicates when the policy was last revised.

11. Contact Us (Data Controller)

Vivya Corp is the data controller of record for the Services. You can reach us at system@vivyacrm.com or by mail at either of the addresses below. Personal data may be transferred to and processed in the United States and India under appropriate safeguards.

US Headquarters: Vivya Corp, 5 Independence Way, Suite 300, Princeton, NJ 08540, USA.

India Office: Vivya Corp, B-1 B-block, Morais City, Sembattu, Trichy, Tamil Nadu 620007, India.