Privacy policy
Last Updated On: 16-Oct-2025
This Privacy Policy explains how Erino Tech Ventures Pvt. Ltd. (“Erino,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal data in the course of operating our services, websites, applications, and APIs (collectively, the “Erino Services”). It describes your rights regarding your personal data, how you can exercise them, and how we comply with applicable privacy and data protection laws. By using or accessing the Erino Services, you consent to the practices described in this Privacy Policy.
01. Scope and Roles
This Policy applies to individuals whose personal information is collected or processed through the Erino Services, whether as website visitors, prospective users, customers, agents, or end users of our customers. In some contexts, Erino acts as a data controller (determining the purposes and means of processing) and in other contexts as a data processor (processing data on behalf of a customer). Where Erino acts as processor, our customers determine how and why personal data is processed, subject to the terms of our Data Processing Agreement.
02. Types of Personal Data Collected
We collect various types of personal information, depending on your interactions and role. Typical categories include:
- Identifiers & contact data: name, email address, phone number, company name, job title, postal address.
- Account & authentication data: username, password hashes, multi-factor authentication tokens, account preferences.
- Usage, telemetry & analytics data: device identifiers, browser/user agent, IP address, operating system, timestamps, pages visited, feature usage metrics, log files, error reports.
- Communication data: content of messages or customer support interactions you send to us, metadata (e.g. subject, date, recipients).
- Payment & billing data: billing address, tax identification, transaction history, payment method (card / ACH / bank account), invoicing details.
- Third-party data & derived data: data received from integrations, public sources, or other third parties (where you have consent or legal basis), and any data inferred or derived from collected information (e.g. usage patterns, feature preferences).
We will only collect data necessary for the purposes described below and in accordance with applicable laws.
When you submit any form or share your contact details with us, we may use this information to contact you regarding our products, services, and offers via call, SMS, email, or WhatsApp — even if your number is registered under DND/NDNC.
We collect basic details such as your name, email address, and phone number only to serve you better. We never sell or misuse your data.
Google Ads lead data: when you connect your Google Ads account or use the Google Lead Connector, we may receive lead form submissions and campaign metadata (e.g., form ID, campaign ID) from Google Ads on your behalf, subject to your authorization.
When you submit any form or share your contact details with us, we may use this information to contact you regarding our products, services, and offers via call, SMS, email, or WhatsApp — even if your number is registered under DND/NDNC.
We collect basic details such as your name, email address, and phone number only to serve you better. We never sell or misuse your data.
Google Ads lead data: when you connect your Google Ads account or use the Google Lead Connector, we may receive lead form submissions and campaign metadata (e.g., form ID, campaign ID) from Google Ads on your behalf, subject to your authorization.
03. Legal Bases for Processing
Where required by applicable law (for example in the EU/EEA), we rely on one or more of the following legal bases to process personal data:
- Performance of contract: necessary to fulfill our obligations under your subscription agreement or to provide the services you request.
- Legitimate interests: when processing is reasonably necessary for our business operations, including service improvement, security, fraud prevention, and ensuring compliance, provided that those interests are not overridden by your rights or freedoms.
- Legal obligation: to comply with applicable laws, regulation, court orders, or governmental requests.
- Vital interests or public interest: in rare cases, to protect life, safety, or rights of individuals or for tasks carried out in the public interest.
Where we act as processor (i.e. processing on behalf of our customers), our customers are responsible for identifying and documenting the legal basis under which they process data through our system.
04. Purposes of Processing & Use of Data
We use personal data we collect for a variety of purposes, including:
- To register and manage your account, authenticate your access, and provide you with the Erino Services.
- To respond to your inquiries, requests, or support communications.
- To generate billing, process payments, and maintain transaction records.
- To monitor, diagnose, and resolve technical or security issues, protect against fraud and abuse, maintain system integrity, and enforce our policies (including the AUP).
- To analyze usage patterns and improve our products (enhancements, features, performance).
- To send you administrative messages, updates, and service notifications (e.g. maintenance notices, feature announcements).
- To send marketing or promotional communications (with your consent or where permitted by law).
- To comply with legal obligations, enforce contracts, or defend our legal rights.
- To anonymize or pseudonymize data for analytics, benchmarking, or research, in a form that does not identify you.
We will not use your personal data for any purpose incompatible with this Privacy Policy without your prior notice or consent (as required by law).
Erino accounts are organization-managed. Individual users (e.g., team members) are provisioned and deactivated by their organization’s admin. Data deletion and account management are handled by the admin on behalf of users. If you are an end user and wish to delete your account or data, please contact your organization’s Erino admin.
Erino accounts are organization-managed. Individual users (e.g., team members) are provisioned and deactivated by their organization’s admin. Data deletion and account management are handled by the admin on behalf of users. If you are an end user and wish to delete your account or data, please contact your organization’s Erino admin.
05. Cookies, Tracking & Similar Technologies
Erino uses cookies, web beacons, pixel tags, and other tracking technologies to collect information about your interactions with our websites and services. These technologies help us provide, maintain, and improve our services, to personalize content, to deliver analytics, and to operate security features.
You may control or block cookies through your browser settings or via opt-out mechanisms, although disabling cookies may degrade or limit your experience or certain functionalities of Erino Services. Where required by law, we will present a cookie consent banner or mechanism to obtain your consent prior to placing non-essential cookies.
You may control or block cookies through your browser settings or via opt-out mechanisms, although disabling cookies may degrade or limit your experience or certain functionalities of Erino Services. Where required by law, we will present a cookie consent banner or mechanism to obtain your consent prior to placing non-essential cookies.
06. Disclosure & Sharing of Personal Data
We use third-party SDKs and analytics tools (such as Firebase, Sentry, and payment gateways) to provide analytics, crash reporting, messaging, and payment services. These providers may collect device identifiers, usage logs, and related technical data solely for these functions, under their respective privacy policies and data-processing agreements.
We may share your personal data in the following circumstances:
We may share your personal data in the following circumstances:
- With your authorized users or account administrators under your account settings.
- With our service providers, subprocessors, and contractors who perform services on our behalf (such as hosting, payment processing, analytics, customer support), under confidentiality and data security obligations.
- With affiliates or corporate group companies, if necessary for business operations, provided they abide by comparable privacy commitments.
- In connection with mergers, acquisitions, or corporate reorganizations, provided that the successor entity adopts this Policy or is bound by it.
- To comply with legal requirements, regulatory obligations, court orders, or lawful requests by public authorities.
- To detect, prevent, or respond to fraud, security incidents, or abuse of our services (including enforcing the AUP).
- With third parties when aggregated or anonymized in a manner that does not identify individuals.
- To comply with legal obligations, enforce contracts, or defend our legal rights.
- To anonymize or pseudonymize data for analytics, benchmarking, or research, in a form that does not identify you.
We will not sell, rent, or otherwise commercially monetize your personal data outside of these purposes without your explicit consent (unless permitted under applicable law).
07. International & Cross-Border Transfers
Because we operate globally, personal data may be transferred to and processed in jurisdictions outside your home country (including the United States, India, or others). When we make cross-border transfers, we implement appropriate safeguards (such as standard contractual clauses, binding corporate rules, or other lawful mechanisms) to maintain data protection standards.
If you are located in a region with stricter transfer restrictions (e.g. the European Economic Area), we will ensure legal compliance for international transfers and inform you about such transfers when required.
If you are located in a region with stricter transfer restrictions (e.g. the European Economic Area), we will ensure legal compliance for international transfers and inform you about such transfers when required.
08. Data Retention and Deletion
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as required by contract, or as mandated by applicable law. When retention is no longer necessary, we will securely delete, anonymize, or irreversibly de-identify the data, except where legal obligations require continued retention (e.g. for tax, audit, or dispute resolution).
If you request deletion of your personal data and it is feasible under law and contract, we will honor that request, subject to any overriding legal obligation or legitimate interest.
If you request deletion of your personal data and it is feasible under law and contract, we will honor that request, subject to any overriding legal obligation or legitimate interest.
09. Security & Technical Safeguards
We employ industry-standard administrative, technical, and physical controls to protect personal data from unauthorized access, alteration, disclosure, or destruction. These controls may include encryption in transit (TLS), encryption at rest, access controls, role-based permissions, regular backups, vulnerability scanning, security audits, intrusion detection, and incident response procedures.
Despite our efforts, no system can be completely secure; thus, we cannot guarantee absolute protection. In the event of a data breach or security incident that materially affects your personal data, we will comply with applicable breach notification laws and inform you or relevant authorities as required.
Despite our efforts, no system can be completely secure; thus, we cannot guarantee absolute protection. In the event of a data breach or security incident that materially affects your personal data, we will comply with applicable breach notification laws and inform you or relevant authorities as required.
10. Rights of Individuals / Data Subjects
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- The right to access or obtain a copy of data we hold about you.
- The right to correct or update inaccurate or incomplete data.
- The right to erase or delete data (the “right to be forgotten”), under certain conditions.
- The right to restrict or object to certain processing activities (e.g. direct marketing, profiling).
- The right to data portability, i.e. receive your data in a structured, commonly used, machine-readable format.
- The right to withdraw consent where we process data based on your consent.
- The right to opt-out of marketing communications.
- The right to lodge a complaint with a supervisory data protection authority.
To exercise these rights, please contact us at support@erino.io. We will respond within the timeframes required by applicable law and may require verification of identity before acting on your request.We will not use your personal data for any purpose incompatible with this Privacy Policy without your prior notice or consent (as required by law).
11. Children & Minors
Erino Services are not intended for children under the age of 13 (or higher minimum age under local laws). We do not knowingly collect personal information from such individuals without parental or guardian consent. If we learn that we have collected data from a minor in violation of this Policy, we will promptly take steps to delete it.
12. Changes to this Policy
We may amend or update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our services. When we make material changes, we will notify you via in-app message, email, or prominent notice on our website before the changes become effective. Continued use of Erino Services after the effective date constitutes acceptance of the revised Policy.
13. Third-Party Links & External Services
Our websites or services may contain links to third-party websites, tools, or services outside our control. We are not responsible for the privacy practices or content of those third parties. If you provide personal data to external sites or services, you should review their privacy policies before doing so.
14. Governing Law & Disputes
This Privacy Policy, its interpretation, and your use of Erino Services are governed by the laws specified in your subscription agreement (or if not specified, by the State of Karnataka, India. Any disputes arising under or in connection with this Policy will be resolved per dispute resolution procedures in your agreement with Erino.
If you have questions, concerns, or wish to lodge a complaint or request regarding your personal data, you may contact:
Erino Support Team
support@erino.io
We will investigate your inquiry and respond in a timely manner consistent with legal requirements.
If you have questions, concerns, or wish to lodge a complaint or request regarding your personal data, you may contact:
Erino Support Team
support@erino.io
We will investigate your inquiry and respond in a timely manner consistent with legal requirements.
12. Changes to this Policy
We may amend or update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our services. When we make material changes, we will notify you via in-app message, email, or prominent notice on our website before the changes become effective. Continued use of Erino Services after the effective date constitutes acceptance of the revised Policy.
15. Google Ads API and Lead Data Integration
Erino CRM integrates with the Google Ads API to help customers capture and manage leads generated through Google Ads Lead Form Extensions.
- When a customer connects their Google Ads account to Erino via OAuth 2.0, Erino receives secure, limited access to their account for the following read-only purposes:
- Fetching Google Ads Lead Form assets and their associated fields to enable field mapping within Erino CRM.
- Receiving lead submissions through webhooks or the Ads API for real-time delivery into the customer's CRM pipeline.
- Retrieving campaign and ad metadata (e.g., campaign ID, ad group ID, form ID) for lead attribution and reporting.
- Optionally pulling historical leads upon explicit customer request.
- Erino does not create, modify, or optimize ad campaigns, ads, or budgets on behalf of customers.
- All access to Google Ads data is performed under the customer’s own authorization and may be revoked at any time through their Google account.
- Lead data received through Google Ads (e.g., name, email, phone number, form field responses) is used exclusively to populate the customer’s CRM workspace and to facilitate internal sales and follow-up workflows.
- Erino complies with the Google API Services User Data Policy, including its Limited Use requirements. Data obtained via Google APIs is not transferred, shared, or sold to any third party and is processed solely to deliver the features requested by the authenticated user.
- OAuth tokens and API credentials are encrypted at rest and can be revoked at any time by the customer from within their Erino account.
