Privacy Policy
Last updated: December 10, 2024
Effective Date: December 10, 2024
SmallERP ("we," "us," "our," or "Company") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform ("Service").
Please read this Privacy Policy carefully. By accessing or using SmallERP, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
We collect information in the following ways:
1.1 Information You Provide Directly
Account Information:
- Full name
- Email address
- Phone number (including WhatsApp number)
- Password (encrypted)
- Business name and type
- Business address
- Trade license number (optional)
- VAT/TRN number (optional)
Business Data:
- Customer and supplier information (names, contacts, addresses)
- Invoices and sales records
- Purchase orders and expenses
- Inventory and product data
- Financial transactions and payment records
- Projects and tasks
- Staff information (if using staff management features)
Communications:
- Messages sent through our AI assistant
- Voice notes and transcriptions
- Support inquiries and feedback
- WhatsApp conversations conducted through our platform
1.2 Information Collected Automatically
Device and Usage Information:
- IP address
- Browser type and version
- Operating system
- Device type and identifiers
- Time zone and location (approximate)
- Pages visited and features used
- Time spent on the Service
- Referring website or source
Log Data:
- Access times and dates
- Error logs
- Feature usage patterns
- Search queries within the platform
1.3 Information from Third Parties
- Payment Processors: Transaction confirmations from Stripe (we do not store full card numbers)
- WhatsApp Business: Messages and media sent through WhatsApp integration
- Integrations: Data from connected services (if you enable integrations)
2. How We Use Your Information
2.1 Providing the Service
- Creating and managing your account
- Processing and storing your business data
- Generating invoices, reports, and documents
- Enabling AI-powered features and queries
- Facilitating communications (WhatsApp messages, reminders)
- Processing payments and subscriptions
2.2 AI Services
- Processing your queries and generating responses
- Analyzing your business data to provide insights
- Training and improving AI features using anonymized data
- Document processing and data extraction
2.3 Communications
- Sending transactional emails (invoices, receipts, confirmations)
- Providing customer support
- Sending service updates and announcements
- Marketing communications (with your consent)
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Account management | Contract performance |
| Payment processing | Contract performance |
| Customer support | Legitimate interest |
| Marketing (with consent) | Consent |
| AI Services | Contract performance and legitimate interest |
4. How We Share Your Information
4.1 Third-Party Service Providers
We share data with trusted service providers who assist in operating our Service:
- AI and Machine Learning: OpenAI, Anthropic, Google Cloud (for AI features)
- Payment Processing: Stripe (we do not store complete credit card numbers)
- Communication Services: WhatsApp Business API providers, email service providers
- Cloud Infrastructure: Hosting providers, content delivery networks
4.2 What We Do NOT Do
- We do not sell your personal data to third parties
- We do not share your business data with competitors
- We do not provide your customer lists to marketers
- We do not use your data for third-party advertising
4.3 Legal Requirements
We may disclose your information if required by law or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights, prevent fraud, or protect user safety.
5. Data Retention
5.1 Active Accounts
We retain your data for as long as your account is active and as needed to provide the Service.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 2 years |
| Business data (invoices, inventory) | Duration of account + 7 years* |
| AI conversation logs | 90 days (rolling) |
| Usage analytics | 2 years |
| Payment records | 7 years (legal requirement) |
*Financial records retained for legal/tax compliance purposes.
5.2 After Account Deletion
When you delete your account:
- We will delete or anonymize your personal data within 30 days
- Some data may be retained longer for legal compliance (tax records, fraud prevention)
- Backups may contain your data for up to 90 days before full deletion
- Anonymized, aggregated data may be retained indefinitely
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
Technical Safeguards:
- Encryption in transit (TLS/SSL)
- Encryption at rest for sensitive data
- Secure password hashing
- Regular security audits and penetration testing
- Firewall and intrusion detection systems
- Access controls and authentication
Organizational Safeguards:
- Limited employee access on need-to-know basis
- Employee security training
- Incident response procedures
- Vendor security assessments
6.2 Your Responsibilities
You are responsible for:
- Maintaining the confidentiality of your login credentials
- Using strong, unique passwords
- Logging out after using shared devices
- Reporting any suspected security breaches
6.3 No Absolute Security
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights and Choices
7.1 Your Data Rights
Depending on your location, you may have the following rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
- Right to Restriction: Request that we limit how we use your data
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for processing at any time
7.2 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@smallerp.com
- Subject Line: "Data Rights Request - [Your Request]"
We will respond within 30 days. We may request verification of your identity before processing requests.
8. International Data Transfers
8.1 Where We Process Data
SmallERP operates globally. Your data may be transferred to and processed in countries other than your own, including:
- United States (cloud infrastructure, AI providers)
- European Union (certain services)
- Other countries where our service providers operate
8.2 UAE Data Residency
If you are a UAE-based user, we make reasonable efforts to store your primary business data within the UAE or GCC region where feasible. However, certain processing (particularly AI features) may require international transfer.
By using the Service, you consent to the international transfer of your data as described in this section.
9. Cookies and Tracking Technologies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Login, security, core functionality | Session |
| Functional | Remember preferences, settings | 1 year |
| Analytics | Understand usage, improve Service | 2 years |
| Performance | Monitor speed, errors | 1 year |
You can control cookies through browser settings. Note: Disabling essential cookies may prevent you from using certain features of the Service.
10. AI-Specific Privacy Considerations
10.1 AI Data Processing
When you use AI features:
- Your queries and business data are sent to AI providers
- AI providers may temporarily process this data to generate responses
- We have agreements limiting AI providers' use of your data
10.2 AI Provider Privacy
Our AI providers (OpenAI, Anthropic, Google) have their own privacy policies. Key points:
- They are contractually prohibited from using your data to train their models (where such options exist)
- Data may be temporarily retained for abuse monitoring
- We use API configurations that maximize privacy protections
10.3 Voice Data
If you use voice features:
- Voice recordings are transcribed by AI services
- Original audio may be deleted after transcription
- Transcripts are treated as regular query data
11. Business Customer Data
11.1 Your Customers' Data
When you input your customers' information into SmallERP:
- You are the data controller for your customers' data
- We are the data processor acting on your instructions
- You are responsible for having appropriate consent or legal basis
- You must comply with privacy laws applicable to your customers
11.2 Your Responsibilities
As a SmallERP user handling customer data, you agree to:
- Only input data you have the right to process
- Inform your customers about how their data is used
- Honor data subject requests from your customers
- Comply with applicable privacy laws (UAE PDPL, GDPR if applicable)
12. UAE-Specific Provisions
12.1 UAE Personal Data Protection Law
We comply with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and its implementing regulations.
12.2 Data Controller
SmallERP acts as:
- Data Controller for your account and usage data
- Data Processor for business data you input (your customer information)
12.3 Sensitive Data
We do not intentionally collect sensitive personal data as defined under UAE PDPL (health data, biometric data, religious beliefs, etc.). Please do not input such data into the Service.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
General Privacy Inquiries:
Email: privacy@smallerp.com
Data Rights Requests:
Email: privacy@smallerp.com
Subject: "Data Rights Request"
Legal/DPA Requests:
Email: legal@smallerp.com
General Support:
Email: hello@smallerp.com
Website: https://smallerp.com
We aim to respond to all inquiries within 30 days.
14. Summary of Key Points
| What We Collect | How We Use It | Your Rights |
|---|---|---|
| Account info | Provide Service | Access your data |
| Business data | Enable features | Correct inaccuracies |
| Usage data | Improve Service | Delete your data |
| AI queries | Power AI features | Export your data |
| Communications | Support & updates | Opt out of marketing |
We do NOT: Sell your data, share with advertisers, or use business data to train AI models for others.
By using SmallERP, you acknowledge that you have read and understood this Privacy Policy.
© 2024 SmallERP. All rights reserved.