Privacy Policy
Last updated: 14 July 2026
This policy explains how Brave CRM ("we", "us") collects, uses, and protects personal data when you use the Brave CRM mobile app and the website at bravecrm.io. It is written to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act).
1. What We Collect
Account data
When you sign up, we collect your name, mobile number, optional email address, and your organization's name. Sign-in uses a one-time password (OTP) sent by SMS. We do not store a password for your account.
Customer CRM data you store
As you use Brave CRM, you store business records in your account. These may include your leads and contacts (names, phone numbers, emails), tasks and notes, quotations, invoices and orders, payment records, WhatsApp conversation history with your customers, call logs you choose to log, and details of your team members. You control this data; we process it only to provide the Service to you.
Device and usage data
We collect a device push token from Firebase Cloud Messaging so we can send notifications, plus basic usage and diagnostic data (such as app version, device type, and crash reports) to keep the Service reliable.
2. How We Use Your Data
- To provide and operate the Service, including syncing your CRM data across your team.
- To send push notifications and service messages, such as follow-up reminders and OTPs.
- To respond to support requests.
- To process subscription billing on the web.
- To secure the Service, prevent abuse, and fix problems.
3. Legal Basis and Consent
We process your personal data based on your consent, given when you create an account, and for legitimate uses permitted under the DPDP Act, such as performing the service you signed up for and meeting our legal obligations. You may withdraw consent at any time by deleting your account.
4. Sharing Your Data
We do not sell your personal data or your customers' data, and we do not show ads in Brave CRM.
We share data only with service providers who help us run the Service, and only to the extent needed:
- Google Firebase, for push notifications.
- Razorpay, for subscription payments made on the web at bravecrm.io. Payments are never taken inside the app.
- An SMS delivery provider, to send your sign-in OTP.
- Meta WhatsApp Business Platform, only if you connect your own WhatsApp Business account.
- Cloud hosting providers with servers located in India.
We may also disclose data if required by law, or to protect the rights and safety of our users and the Service.
5. WhatsApp Messaging
If you connect your WhatsApp Business account, messages between you and your customers flow through the Meta WhatsApp Business Platform, and Meta processes them under its own terms and privacy policy. Brave CRM stores those conversations in your account so your team can view and reply to them. If you do not connect WhatsApp, no message data is shared with Meta.
6. Storage and Security
Your data is stored on cloud servers located in India. Data is encrypted in transit (HTTPS/TLS). We apply access controls so that only your organization's authorized users, and the limited staff who operate the Service, can access your data.
7. Retention
We keep your data while your account is active. When you delete your account, we delete your personal data and, if you are the sole owner of your organization, the organization's CRM data, within 30 days. Records we are legally required to keep, such as tax invoices for payments made to us, may be retained for as long as the law requires.
8. Your Rights
Under the DPDP Act you have the right to:
- Access a summary of the personal data we hold about you.
- Correct inaccurate or incomplete data. Most account details can be edited in the app.
- Erase your data by deleting your account. See Delete account.
- Grievance redressal. Contact us using the details in Section 12.
- Nominate another person to exercise your rights if you are unable to.
9. Push Notifications
You can turn off push notifications at any time in your device settings or in the app's notification settings. We will still send SMS OTPs, which are required for sign-in.
10. Children
Brave CRM is a business tool for users aged 18 and above. It is not directed at children, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this Policy
We may update this policy from time to time. If we make material changes, we will notify you through the app or by other reasonable means. The "Last updated" date at the top shows the current version.
12. Grievances and Contact
If you have a question, complaint, or grievance about how your personal data is handled, email us at support@bravecrm.io. Include your registered mobile number so we can locate your account. We aim to acknowledge grievances promptly and resolve them within the timelines required under the DPDP Act.
Brave CRM