Privacy Policy

Last updated: 14 July 2026

This policy explains how Brave CRM ("we", "us") collects, uses, and protects personal data when you use the Brave CRM mobile app and the website at bravecrm.io. It is written to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

1. What We Collect

Account data

When you sign up, we collect your name, mobile number, optional email address, and your organization's name. Sign-in uses a one-time password (OTP) sent by SMS. We do not store a password for your account.

Customer CRM data you store

As you use Brave CRM, you store business records in your account. These may include your leads and contacts (names, phone numbers, emails), tasks and notes, quotations, invoices and orders, payment records, WhatsApp conversation history with your customers, call logs you choose to log, and details of your team members. You control this data; we process it only to provide the Service to you.

Device and usage data

We collect a device push token from Firebase Cloud Messaging so we can send notifications, plus basic usage and diagnostic data (such as app version, device type, and crash reports) to keep the Service reliable.

2. How We Use Your Data

3. Legal Basis and Consent

We process your personal data based on your consent, given when you create an account, and for legitimate uses permitted under the DPDP Act, such as performing the service you signed up for and meeting our legal obligations. You may withdraw consent at any time by deleting your account.

4. Sharing Your Data

We do not sell your personal data or your customers' data, and we do not show ads in Brave CRM.

We share data only with service providers who help us run the Service, and only to the extent needed:

We may also disclose data if required by law, or to protect the rights and safety of our users and the Service.

5. WhatsApp Messaging

If you connect your WhatsApp Business account, messages between you and your customers flow through the Meta WhatsApp Business Platform, and Meta processes them under its own terms and privacy policy. Brave CRM stores those conversations in your account so your team can view and reply to them. If you do not connect WhatsApp, no message data is shared with Meta.

6. Storage and Security

Your data is stored on cloud servers located in India. Data is encrypted in transit (HTTPS/TLS). We apply access controls so that only your organization's authorized users, and the limited staff who operate the Service, can access your data.

7. Retention

We keep your data while your account is active. When you delete your account, we delete your personal data and, if you are the sole owner of your organization, the organization's CRM data, within 30 days. Records we are legally required to keep, such as tax invoices for payments made to us, may be retained for as long as the law requires.

8. Your Rights

Under the DPDP Act you have the right to:

9. Push Notifications

You can turn off push notifications at any time in your device settings or in the app's notification settings. We will still send SMS OTPs, which are required for sign-in.

10. Children

Brave CRM is a business tool for users aged 18 and above. It is not directed at children, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this Policy

We may update this policy from time to time. If we make material changes, we will notify you through the app or by other reasonable means. The "Last updated" date at the top shows the current version.

12. Grievances and Contact

If you have a question, complaint, or grievance about how your personal data is handled, email us at support@bravecrm.io. Include your registered mobile number so we can locate your account. We aim to acknowledge grievances promptly and resolve them within the timelines required under the DPDP Act.