Privacy Policy

TargetCRM

Privacy Policy

Effective Date: March 29, 2026

Excellence Consultancy Services | connect@targetcrm.cloud | +91-8200866691

 

1. Introduction

Excellence Consultancy Services (“ECS”, “we”, “our”, “us”) operates TargetCRM, a cloud-based SaaS Customer Relationship Management platform. We are committed to protecting the privacy and security of personal data processed through our platform. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights in relation to that data.

This Policy applies to all users of the TargetCRM platform, including administrators, end-users, and business clients. By accessing or using TargetCRM, you consent to the practices described herein.

 

2. Data Controller

Excellence Consultancy Services acts as the Data Controller for personal data processed through TargetCRM. Our registered address is:

B-204, Ratnaakar Nine Square, Opp ITC Narmada, Mansi Road, Vastrapur, Ahmedabad, Gujarat – 380015, India

GST Registered Entity | Email: connect@targetcrm.cloud | Phone: +91-8200866691

For B2B clients who input their own customer data into TargetCRM, those clients act as the Data Controller for that data; ECS acts as the Data Processor.

 

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account & Registration Data

  • Full name, email address, phone number, job title
  • Company name, address, and GST/business registration details
  • Username, password (encrypted), and account preferences

3.2 Data Collected via OAuth Integrations

When you connect TargetCRM to third-party platforms via OAuth, we collect only the data necessary for CRM functionality:

  • Google Workspace / Gmail: Profile information (name, email, profile photo), email read/send/status-update access (mark as read), and Google Calendar event access for scheduling and follow-up features
  • Microsoft 365 / Outlook: Profile information, email read/send/status-update access, and Microsoft Calendar access for scheduling features

OAuth tokens are stored securely and used only to perform the functions you authorize. You may revoke access at any time through your Google or Microsoft account settings.

3.3 Lead & Contact Data from Integrations

TargetCRM captures leads on behalf of clients from the following sources, subject to client authorization:

  • IndiaMART: Lead data synced via IndiaMART API under client’s authorized account
  • TradeIndia: Lead data synced via TradeIndia API under client’s authorized account
  • Client Websites: Leads captured via API/webhook integration authorized by the client
  • Meta (Facebook/Instagram) Ads: Lead data captured through Meta Lead Ads via our registered Meta App, under client’s authorization
  • LinkedIn: Lead data captured through LinkedIn Lead Gen Forms via our registered LinkedIn App, under client’s authorization
  • Landing Pages: Lead data submitted through ECS-hosted or client-hosted landing pages integrated with TargetCRM API

All lead capture integrations require explicit client authorization. ECS does not access or store data from these sources without active client configuration.

3.4 Communication Data

  • Meta WhatsApp Business API: Message logs, delivery status, and contact data for WhatsApp-based CRM communication (subject to Meta’s policies)
  • Brevo (formerly Sendinblue): Email campaign data, delivery/open/click metrics, and subscriber information
  • Mailchimp: Email campaign data, audience lists, and engagement metrics
  • Other email/SMS platforms: As configured by clients for CRM communication workflows

3.5 AI Features Data

TargetCRM includes AI-powered features that may process:

  • CRM data (contacts, deals, notes) to generate insights, summaries, and recommendations
  • Communication content (emails, messages) for AI-assisted drafting and sentiment analysis
  • Historical activity data to power predictive analytics and lead scoring

AI features are powered by third-party AI providers. Data sent to AI providers is processed according to our data processing agreements. No personally identifiable data is used to train external AI models without explicit consent.

3.6 Usage & Technical Data

  • IP address, browser type, device information
  • Log files, session data, feature usage patterns
  • API call logs and integration activity

 

4. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To deliver the TargetCRM service and features you subscribe to
  • Legitimate Interests: For platform security, fraud prevention, and service improvement
  • Consent: For optional features such as AI processing, marketing communications, and certain integrations
  • Legal Obligation: Where required by applicable law including the Information Technology Act, 2000, and DPDP Act, 2023 (India), GDPR (EU/UK), and CCPA (California)

 

5. How We Use Personal Data

Personal data is used for the following purposes:

  • Providing and maintaining the TargetCRM platform and its features
  • Processing and syncing leads from authorized integration sources
  • Enabling email, calendar, and communication features via OAuth
  • Powering AI-assisted features (subject to settings and consent)
  • Sending transactional notifications, service updates, and support communications
  • Detecting and preventing fraud, unauthorized access, and security incidents
  • Analytics to improve platform performance and user experience
  • Complying with legal and regulatory obligations

 

6. Data Sharing and Third-Party Processors

We do not sell personal data. We share data only as follows:

6.1 Integration Partners (on client instruction)

  • Google LLC – OAuth, Gmail, and Calendar services
  • Microsoft Corporation – OAuth, Outlook, and Calendar services
  • Meta Platforms Inc. – Lead Ads and WhatsApp Business API
  • LinkedIn Corporation – Lead Gen Forms
  • Brevo SAS – Email marketing automation
  • Mailchimp (Intuit) – Email marketing automation
  • IndiaMART InterMesh Ltd. – Lead data via API
  • TradeIndia (Infocom Network Ltd.) – Lead data via API
  • AI service providers – For AI-powered platform features

6.2 Infrastructure Providers

Cloud hosting, database, and infrastructure providers who process data under strict data processing agreements.

6.3 Legal & Regulatory

We may disclose data to comply with a legal obligation, court order, or to protect the rights and safety of ECS, our clients, or third parties.

 

7. Data Retention

We retain personal data for as long as your account is active or as necessary to provide services. Specific retention periods:

  • Account data: Retained for the duration of the subscription and 90 days post-termination (for export), then permanently deleted
  • Lead and CRM data: Retained as configured by the client; clients may delete records at any time
  • OAuth tokens: Retained until revoked by the user or until account termination
  • Log and audit data: Retained for up to 12 months for security and compliance purposes
  • AI processing logs: Retained for up to 30 days unless required for dispute resolution

 

8. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication options
  • Regular security assessments and vulnerability testing
  • Secure OAuth token storage and rotation

In the event of a personal data breach affecting your data, we will notify affected users and relevant authorities within the timeframes required by applicable law.

 

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

9.1 Under Indian Law (DPDP Act, 2023)

  • Right to access your personal data
  • Right to correction and erasure
  • Right to grievance redressal
  • Right to nominate a person for data processing in case of incapacity or death

9.2 Under GDPR (EU/UK Users)

  • Access, rectification, erasure (“right to be forgotten”)
  • Restriction of processing and data portability
  • Right to object to processing and to withdraw consent
  • Right to lodge a complaint with a supervisory authority

9.3 Under CCPA (California Users)

  • Right to know what personal data is collected and shared
  • Right to deletion of personal data
  • Right to opt-out of the sale of personal data (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

To exercise any of these rights, contact us at: connect@targetcrm.cloud

 

10. Children’s Privacy

TargetCRM is a B2B platform not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors.

 

11. Cookies and Tracking

TargetCRM uses essential cookies for platform functionality, session management, and security. We may also use analytics cookies to improve platform performance. You can manage cookie preferences through your browser settings.

 

12. International Data Transfers

Your data may be processed in countries outside India where our integration partners and infrastructure providers operate (including the United States and the European Union). Where required, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) for GDPR compliance.

 

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our operations. We will notify you of material changes via email or a prominent notice within the platform at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

 

14. Contact & Grievance Officer

For privacy inquiries, data requests, or complaints:

Excellence Consultancy Services (TargetCRM) B-204, Ratnaakar Nine Square, Opp ITC Narmada, Mansi Road, Vastrapur, Ahmedabad, Gujarat – 380015, India Email: connect@targetcrm.cloud Phone: +91-8200866691 | Mon–Sat, 9 AM – 7 PM IST

We will acknowledge your request within 72 hours and endeavour to resolve it within 30 days.

 

© 2026 Excellence Consultancy Services. All rights reserved.