Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms an integral part of the Terms of Service between CROOHM ONE PRIVATE LIMITED ("Croohm","Data Processor") and you, the user ("Customer","Data Controller").

1. Scope and Roles

When you use Croohm as a CRM, you may input data relating to your clients, leads, and employees. For the purposes of privacy legislation (such as GDPR), you are the Data Controller determining the purpose of data collection, and Croohm is the Data Processor acting on your behalf.

2. Processing of Personal Data

Croohm will only process personal data:

• In accordance with documented instructions from the Customer.
• For the purpose of providing, maintaining, and improving the Croohm CRM software and AI features.

3. Security Measures

Croohm is committed to ensuring the security of your data. We implement robust technical and organizational measures to protect personal data against unauthorized access, accidental loss, or destruction. This includes encryption, regular security audits, and strict access controls.

4. Sub-processors

Croohm may engage third-party sub-processors (like AWS, GCP, or LLM providers) to deliver the Services. We ensure that these sub-processors are bound by data processing obligations no less protective than those in this DPA. A current list of sub-processors is available upon request.

5. Data Breach Notification

In the event of a personal data breach affecting Customer Data, Croohm will notify the Customer without undue delay, generally within 48 hours of becoming aware of the incident, and will cooperate fully to assist in mitigating the breach.

6. Return or Deletion of Data

Upon termination of the Services, Croohm will, at the Customer's choice, return or safely delete all personal data processed on behalf of the Customer, unless further storage is required by applicable law.

For inquiries related to data processing, please contact us at human@croohm.com.