Privacy Policy

This Privacy Policy describes how ITIFFY CONSULTANTS LLP (“we,” “us,” or “our”) collects, processes, uses, stores, and protects information while providing software development, SaaS, ERP, CRM solutions, and related services to clients globally.

 

1.Scope and Applicability

1.1 This Policy applies to:

  • Visitors to our website
  • Our clients (businesses/organizations worldwide)
  • End users of systems, applications, and platforms developed, delivered, or managed by us

 

1.2 Depending on the engagement, we act as either:

  • Data Controller (for our own website and direct interactions), or
  • Data Processor / Service Provider (when processing data on behalf of clients)

 

2. Information We Collect

2.1 Information You Provide

  • Name, email, phone number, company details
  • Billing and payment information
  • Account credentials
  • Communications (emails, support tickets, chats)

 

2.2 Client & End-User Data (Processed on Behalf of Clients)

In delivering SaaS/ERP/CRM systems, we may process:

  • Customer and user data
  • Employee and HR data
  • Financial and transactional records
  • Documents, files, and system-generated data

This data is owned and controlled by our clients.

 

2.3 Automatically Collected Data

  • IP address, browser/device information
  • System logs and usage analytics
  • Cookies and tracking technologies

 

3. Purpose of Processing

We process data for:

  • Designing, developing, deploying, and maintaining software systems
  • Providing SaaS, ERP, CRM functionalities
  • User authentication and system access management
  • Transaction processing and system operations
  • Technical support and troubleshooting
  • Performance monitoring, analytics, and system improvements
  • Security, fraud prevention, and compliance

We do not sell or rent personal data.

 

4. Role as Data Processor (For Client Systems)

4.1 When processing client or end-user data:

  • We act strictly as a Data Processor / Service Provider
  • We process data only based on client instructions and agreements

 

4.2 Clients are responsible for:

  • Legal basis for data collection
  • User consent and privacy notices
  • Data accuracy and lawful usage

 

5. Confidentiality and Data Handling

5.1 All client and user data is treated as strictly confidential.

 

5.2 We implement:

  • Role-based access control
  • Employee and contractor confidentiality agreements
  • Secure development and deployment practices

 

5.3 Access to data is limited to:

  • Authorized personnel
  • Service delivery, maintenance, and support needs
  • Legal or regulatory requirements

 

6. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption (in transit and, where applicable, at rest)
  • Secure infrastructure and cloud environments
  • Authentication and authorization controls
  • Monitoring, logging, and vulnerability management

However, no system is completely secure, and absolute security cannot be guaranteed.

 

7. International Data Transfers

7.1 As a global service provider, data may be transferred to and processed in countries outside the user’s jurisdiction, including India and other regions where our infrastructure or service providers operate.

 

7.2 We ensure that such transfers are conducted using appropriate safeguards, including:

  • Contractual agreements (e.g., Data Processing Agreements)
  • Standard Contractual Clauses (SCCs), where applicable
  • Equivalent legal safeguards under applicable laws

 

8. Data Retention

We retain data:

  • For as long as necessary to provide services
  • As required by contractual obligations
  • As required under applicable laws

Upon termination, data handling (return, deletion, or retention) is governed by client agreements.

 

9. Third-Party Services

We may use trusted third-party providers, including:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Communication and support tools
  • Analytics services

These providers process data only as necessary and are expected to maintain appropriate data protection standards.

 

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable essential system functionality
  • Improve user experience
  • Analyze usage patterns

Users may control cookies via browser settings.

 

11. Your Rights

Depending on applicable laws (such as GDPR, UK GDPR, and CCPA/CPRA), users may have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict or object to processing
  • Data portability (where applicable)
  • Opt out of marketing communications

For data processed on behalf of clients, requests should be directed to the respective client (data controller).

 

12. Compliance with Global Regulations

We aim to align with major data protection laws, including:

  • General Data Protection Regulation (GDPR – EU)
  • UK GDPR
  • California Consumer Privacy Act (CCPA/CPRA)
  • Applicable Indian data protection laws

 

13. Children’s Privacy

Our services are not intended for individuals under the age of 13 (or applicable local age). We do not knowingly collect such data.

 

14. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised effective date.

 

15. Contact Us

For any questions regarding this Privacy Policy or data handling practices, please contact us via the official contact details available on our website.