Privacy Policy

Bitloom Infoserv Pvt. Ltd. ("Bitloom," "we," "us," or "our") operates the Clienox CRM platform, accessible at https://clienox.com (the "Website"), the Clienox web application, and the Clienox Mobile application (collectively, the "Service" or "Clienox").

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Clienox as an account holder, administrator, employee, field sales representative, or other authorized user. It also describes your rights and choices regarding your personal data.

By creating an account, downloading Clienox Mobile, or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you use Clienox on behalf of an organization, you represent that you have authority to accept this policy on behalf of that organization and to bind its users to these practices where applicable.

This Privacy Policy applies to personal information processed through Clienox CRM, including field sales management, employee tracking, lead management, attendance management, and related business operations features offered on the Website and mobile applications.

Clienox is a business-to-business (B2B) platform. In most cases, your employer or the organization that provisions your account ("Customer Organization") controls the business data entered into Clienox, including leads, contacts, and employee activity records. Bitloom processes such data on behalf of the Customer Organization as a data processor. Bitloom acts as a data controller for account registration information, billing details, product analytics, and communications directly with account administrators.

This policy is designed to meet the disclosure requirements of the Google Play Store, Google Firebase services, the EU General Data Protection Regulation (GDPR), the Digital Personal Data Protection Act, 2023 of India (DPDP Act), and Android background location policies.

We collect information that you, your organization, or your device provides to us. The categories of information depend on how you use Clienox and the features enabled by your organization.

We use the information we collect for the following purposes:

• Providing the Service: Creating and managing user accounts, authenticating users, and delivering CRM, attendance, lead management, and field sales features.
• Field workforce management: Enabling attendance tracking, visit verification, route monitoring, and sales activity validation for authorized field employees.
• Communications: Sending push notifications, reminders, service announcements, and security alerts.
• Customer support: Responding to inquiries, troubleshooting issues, and resolving technical problems.
• Security and fraud prevention: Detecting unauthorized access, protecting accounts, and maintaining platform integrity.
• Product improvement: Analyzing aggregated usage patterns, monitoring crashes, and optimizing performance through Firebase services.
• Legal compliance: Meeting applicable legal obligations, responding to lawful requests, and enforcing our terms.
• Billing and administration: Processing subscriptions, invoices, and account management for Customer Organizations.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide Clienox under our agreement with you or your organization.
• Legitimate interests: Securing the platform, improving product quality, preventing misuse, and supporting business operations, balanced against your rights and expectations.
• Consent: Where required for background location access, push notifications, and certain optional features. You may withdraw consent through device settings or by contacting us, without affecting the lawfulness of processing before withdrawal.
• Legal obligation: Where processing is required to comply with applicable laws and regulations.

Under the DPDP Act, we process personal data for lawful purposes connected with the provision of Clienox, with your consent where required, and in accordance with applicable notice and rights provisions.

Location data collected through Clienox is used strictly for legitimate business purposes authorized by your Customer Organization:

• Recording attendance events with geographic proof of check-in and check-out
• Validating that field visits occurred at designated customer or prospect locations
• Displaying route history and travel patterns to authorized managers for operational oversight
• Correlating location with CRM activities such as meetings, follow-ups, and site visits
• Generating reports on field productivity, territory coverage, and compliance with work schedules
• Detecting anomalies such as missed visits or unauthorized absence from assigned territories

Foreground location may be collected when you actively use location-dependent features within the app. Background location is collected only during enabled tracking periods as described in Section 6.

We do not sell your personal information. We share information only in the circumstances described below:

• Your organization: CRM data, location records, attendance logs, and activity data are accessible to administrators and authorized users within your Customer Organization according to role permissions.
• Service providers: We engage trusted third parties that process data on our behalf under contractual safeguards, including cloud hosting providers and infrastructure vendors.
• Google Firebase (Google LLC): We use Firebase Analytics, Firebase Crashlytics, Firebase Performance Monitoring, and Firebase Cloud Messaging to deliver analytics, crash reporting, performance monitoring, and push notifications. Google's processing is governed by Google's terms and privacy policies. Learn more at firebase.google.com/support/privacy.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, safety, and security of Bitloom, our users, or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, personal information may be transferred subject to confidentiality obligations and notice where required by law.

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Account information: Retained for the duration of your organization's active subscription and for up to 90 days after account closure to facilitate recovery, billing resolution, and legal compliance.
• CRM data: Retained according to your Customer Organization's subscription terms and configuration. Organizations may export or request deletion of CRM data subject to administrator authorization.
• Location and attendance data: Retained for the period configured by your organization, typically aligned with payroll, audit, and field operations requirements, and deleted or anonymized upon organization request or account termination in accordance with our data processing agreements.
• Analytics and crash data: Firebase analytics and diagnostic data are retained according to Google Firebase retention settings, generally between 14 and 60 days for event data unless configured otherwise, and up to 90 days for crash reports.
• Support communications: Retained for up to 24 months to resolve disputes and improve support quality.

When retention periods expire, we delete or irreversibly anonymize personal information using commercially reasonable methods.

Bitloom implements administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest on our servers and databases
• Role-based access controls and authentication for administrative access
• Regular security assessments and monitoring of infrastructure
• Secure development practices and access logging
• Employee confidentiality obligations and limited access on a need-to-know basis

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and promptly notifying us of any suspected unauthorized access.

Bitloom Infoserv Pvt. Ltd. is based in India. Your information may be processed and stored in India and in other countries where we or our service providers maintain facilities, including countries that may have different data protection laws than your jurisdiction.

Where personal data is transferred from the EEA, UK, or Switzerland to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms as required by applicable law.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal and contractual limitations.
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request a portable copy of your data in a structured, commonly used format where technically feasible.
• Objection: Object to processing based on legitimate interests, including profiling, where applicable.
• Withdraw consent: Withdraw consent for processing that relies on consent, such as background location or push notifications, without affecting prior lawful processing.
• Complaint: Lodge a complaint with your local data protection authority. In India, you may contact the Data Protection Board of India once fully constituted under the DPDP Act.

If your organization is the data controller of CRM and employee data, workplace data requests may need to be directed to your employer or organization administrator. We will assist Customer Organizations in fulfilling data subject requests as required by our agreements and applicable law.

EEA and UK residents may contact us to exercise GDPR rights. We will respond within 30 days, or as otherwise required by applicable law.

Clienox is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us at privacy@clienox.com and we will take steps to delete such information promptly.

You may request deletion of your personal data at any time. The process depends on your relationship with Clienox:

We may retain certain information where required for legal compliance, dispute resolution, enforcement of agreements, or legitimate business records, and will inform you when such limitations apply.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or Service features. When we make material changes, we will post the updated policy on this page with a revised "Last updated" date and, where appropriate, notify account administrators by email or in-app notice.

Your continued use of Clienox after the effective date of an updated policy constitutes acceptance of the revised terms, except where further consent is required by law.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

For general product support unrelated to privacy, please use the contact options available on our website.