Privacy
Policy.
We believe privacy policies should be readable. Here's ours in plain language, covering every aspect of how we handle your data.
Introduction & Scope
Baseerat, Inc. ("Baseerat," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform available at baseerat.app (the "Service"). This Policy applies to all users of our Service, including visitors to our website, free trial users, and paying customers. By using our Service, you agree to the collection and use of information in accordance with this Policy.
Information We Collect
We collect several types of information: (a) Account Information: name, email address, company name, phone number, job title, and password when you register; (b) Billing Information: payment card details processed and stored by Stripe (we never store raw card numbers); (c) CRM Data: contacts, deals, notes, activities, custom fields, and any other data you import or create within the Service; (d) Usage Data: pages visited, features used, session duration, button clicks, and navigation paths; (e) Technical Data: IP address, browser type and version, device type, operating system, timezone, and screen resolution; (f) Communication Data: emails, chat messages, or support tickets you send us.
How We Collect Information
We collect information through: (a) Direct input: when you register, configure your workspace, import contacts, or contact support; (b) Automated tracking: our servers automatically log technical data when you access the Service; (c) Cookies and similar technologies: see Section 09 for full details; (d) Third-party integrations: when you connect Gmail, Outlook, WhatsApp, or other integrations, we receive relevant data from those platforms as permitted by your authorization; (e) Payment processors: Stripe shares transaction metadata (not full card details) with us for billing purposes.
How We Use Your Information
We use your information to: provide, operate, and maintain the Baseerat Service; process transactions and send related notices; personalize your experience and remember preferences; analyze usage patterns to improve features; communicate product updates, security alerts, and administrative messages; respond to support requests and provide customer service; detect, prevent, and investigate fraud, abuse, or security incidents; comply with legal obligations; enforce our Terms of Service. We will ask for your consent before using your information for any purpose not described in this Policy.
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data under the following legal bases: (a) Contract performance: processing necessary to deliver the Service you have subscribed to; (b) Legitimate interests: improving our Service, fraud prevention, security, and direct marketing to existing customers (where not overridden by your rights); (c) Legal obligation: compliance with applicable laws and regulations; (d) Consent: where we have obtained your explicit consent, such as for optional marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Data Storage & Security
Your data is hosted on Amazon Web Services (AWS) in SOC 2 Type II certified data centers. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We maintain automated daily backups with 30-day retention. Backups are stored separately and encrypted independently. Production system access requires multi-factor authentication and is logged. We maintain a formal incident response procedure with 24/7 on-call coverage. EU customers can request data residency within the European Union.
Data Sharing & Sub-processors
We do not sell your personal data. We share data only with trusted service providers who help us operate the Service, bound by data processing agreements: Amazon Web Services (cloud infrastructure and storage); Vercel (application hosting and edge delivery); Stripe (payment processing); Sendgrid (transactional email delivery); Twilio (SMS and WhatsApp messaging); Sentry (error tracking and performance monitoring). We may disclose data if required by law, court order, or government authority, and will notify you promptly when legally permitted to do so.
Your Rights
Depending on your location, you have the following rights regarding your personal data: Right of Access: request a copy of all personal data we hold about you; Right to Rectification: request correction of inaccurate or incomplete data; Right to Erasure: request deletion of your personal data ("right to be forgotten"); Right to Data Portability: receive your data in a structured, machine-readable format (CSV or JSON); Right to Restriction: request that we limit how we process your data; Right to Object: object to processing based on legitimate interests or for marketing purposes; Right to Withdraw Consent: withdraw consent at any time where processing is consent-based. To exercise any right, email [email protected]. We respond within 30 days. You will not face discrimination for exercising these rights.
Cookies & Tracking Technologies
We use the following types of cookies: (a) Strictly Necessary: session cookies for authentication and CSRF protection. These cannot be disabled without breaking the Service. (b) Preference: cookies that remember your language, theme, and dashboard layout settings. (c) Analytics: one first-party analytics cookie to measure aggregate page views and feature usage. We do not use Google Analytics or other third-party analytics that track users across websites. You can disable analytics cookies in your account settings. We do not use advertising cookies, retargeting pixels, or participate in cross-site tracking networks.
Data Retention
We retain your account data for as long as your account is active. When you delete your account: all personal data is purged within 30 days; backup copies containing your data are overwritten within 90 days; anonymized and aggregated analytics data (with no personally identifiable information) may be retained indefinitely. We may retain data longer if required by law or if needed to resolve disputes, enforce agreements, or complete pending transactions.
International Data Transfers
Baseerat is based in Pakistan. If you access our Service from the European Economic Area, United Kingdom, or other regions with data transfer restrictions, we ensure appropriate safeguards are in place. For EEA data, we use Standard Contractual Clauses (SCCs) approved by the European Commission when transferring data outside the EEA. We conduct transfer impact assessments for each destination country. Upon request, we can provide copies of applicable SCCs.
Children's Privacy
The Baseerat Service is designed for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly. If you believe a child has provided us with personal data, please contact [email protected] immediately.
Third-Party Links
Our Service may contain links to third-party websites, integrations, or services (such as LinkedIn, Google, Stripe, or documentation tools). We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policy of any third-party service you access through Baseerat. Our Policy applies only to information collected by us.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): the right to know what personal information we collect, use, disclose, or sell; the right to request deletion of your personal information; the right to opt out of the sale of personal information (we do not sell personal information); the right to non-discrimination for exercising CCPA rights. To submit a CCPA request, contact [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days.
Changes to This Policy
We review and update this Privacy Policy periodically. For material changes, we will notify you by email at least 30 days before the changes take effect and will display a prominent notice on our website. For minor clarifications that do not affect your rights, we may update the Policy without prior notice. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
Contact & Data Controller
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: [email protected] · Address: Baseerat, Inc., Sheikhupura, Punjab, Pakistan · For GDPR-specific inquiries, you may also contact our Data Protection Officer at the same email address. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Questions about this policy? Email [email protected].
