WHO WE ARE
Neerja Softwares Pvt Ltd ("Neerja", "we", "us") is a software company registered in India at 399A Shri Gopal Nagar, Gopalpura Bypass, Jaipur 302019, Rajasthan, India. We provide a customer-engagement and CRM / omnichannel support platform (the "Platform") used by businesses ("Clients") to manage sales and customer support across web chat, email, phone and messaging channels, including integrations with e-commerce stores such as Shopify.
This policy explains how we handle personal data. It covers two distinct roles: - As a data CONTROLLER for our own business contacts and Client account users. - As a data PROCESSOR when we process end-customer personal data on behalf of, and under the instructions of, our Clients (e.g., a Shopify merchant's customers).
SCOPE
This policy applies to personal data we process through the Platform and our websites. Where we act as a processor for a Client, that Client is the data controller and their own privacy policy governs the end-customer relationship; we process such data only to provide the Platform to that Client.
PERSONAL DATA WE PROCESS
As a controller (our Clients' account users and business contacts): - Name, work email, phone, role, and account/usage data needed to provide and secure the Platform. As a processor (end-customer data, on behalf of Clients):
- Identity & contact data: name, email address, phone number, postal/shipping address.
- Commerce data: orders, order/fulfillment status, products viewed or enquired about, cart contents, and support conversation history.
We request and process only the data necessary to deliver the contracted features (data minimisation).
HOW WE COLLECT IT
- Directly from Clients during onboarding and use of the Platform.
- From connected systems the Client authorises — for example, the Shopify Admin API and Storefront API — via credentials the Client provides through their own store.
- From end-customers' interactions with Client channels we operate on the Client's behalf (e.g., the chat widget).
PURPOSES OF PROCESSING
- Provide customer support and respond to enquiries across web chat, email, phone and messaging.
- Product discovery, recommendations and assisted shopping.
- Order tracking, fulfillment status, and processing of replacements and refunds on the Client's instruction.
- Where the end-customer has consented, transactional and marketing communications.
- Securing, maintaining, and improving the Platform; fraud prevention; and legal compliance.
LEGAL BASES (where GDPR / similar laws apply)
- Performance of a contract; legitimate interests (operating and securing the Platform); consent (for marketing); and compliance with legal obligations. Where we act as a processor, the Client is responsible for establishing the legal basis for the underlying processing.
HOW WE SHARE DATA / SUB-PROCESSORS
We do not sell personal data. We share it only with sub-processors strictly necessary to deliver the Platform, under data-processing agreements that require appropriate safeguards. Current sub-processors include:
- [[email protected]] — transactional/marketing email delivery.
- [GetGabs / WhatsApp Business] — WhatsApp messaging.
- [Bolna] — voice/telephony. - [Cloud hosting / infrastructure provider] — hosting and storage.
- [Other: ____]
We may also disclose data where required by law or to protect rights and safety.
INTERNATIONAL TRANSFERS
The Platform is operated from [region/country]. Where personal data is transferred across borders, we apply appropriate safeguards (e.g., standard contractual clauses) as required by applicable law.
HOW WE PROTECT DATA
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Encrypted storage of credentials and API tokens.
- Role-based, least-privilege access; per-Client data isolation; and audit logging of access to personal data.
- Documented incident-response and breach-notification procedures consistent with applicable law (e.g., GDPR 72-hour notification).
- Personnel handling personal data receive data-protection training.
DATA RETENTION
We retain personal data only as long as necessary for the purposes above. End-customer data processed on a Client's behalf is retained for the duration of that Client's active subscription and deleted within 30 days of contract termination, or upon a verified deletion request, unless a longer period is required by law.
YOUR RIGHTS
Subject to applicable law, individuals may request access to, correction of, or deletion of their personal data, and may object to or restrict certain processing. Where we act as a processor, we will forward such requests to the relevant Client (controller) and assist them in responding.
For data processed via Shopify, we support Shopify's mandatory data-protection requests and implement the required compliance webhooks (customers/data_request, customers/redact, shop/redact), completing redaction within 30 days.
To exercise your rights, contact us at [[email protected]].
COOKIES / WIDGET
Our embeddable chat widget may store a session identifier in the browser solely to maintain conversation continuity. It does not use advertising cookies.
CHILDREN
The Platform is not directed to children and we do not knowingly process children's personal data.
CHANGES TO THIS POLICY
We may update this policy from time to time. Material changes will be posted on this page with a revised "Last updated" date.
CONTACT & GRIEVANCE OFFICER
Data Protection / Privacy contact:
Neerja Softwares Pvt Ltd 399A Shri Gopal Nagar, Gopalpura Bypass, Jaipur 302019, Rajasthan, India
Email: [[email protected]]
Grievance Officer (as required under Indian law):
Name: [Dr. Naveen Kumar Sharma]
Email: [[email protected]]
We act as a data processor on behalf of our Clients for end-customer personal data; the Client is the data controller. For data tied to a specific store, please also refer to that store's own privacy policy.
