Automate SMB Privacy Policy

Last Updated: 04-May-2026

​

1. Introduction

AutomateCRM, operated by Automate SMB Enterprises (“AutomateCRM”, “we”, “our”, or “us”), is a unified Customer Relationship Management, business process automation, and AI-enabled productivity platform.

​

AutomateCRM helps organizations manage customer relationships, business transactions, communication workflows, operational processes, reporting, automation, and AI-assisted insights across departments.

 

This Privacy Policy explains how we collect, use, process, store, protect, disclose, and delete Personal Data and business data when you access or use AutomateCRM, our websites, applications, add-ons, integrations, APIs, automation tools, AI features, and related services.

 

This Policy applies to:

• Visitors to our websites

• Users of AutomateCRM

• Customers and administrators of AutomateCRM accounts

• Individuals whose data is processed within AutomateCRM by our customers

• Users who connect third-party services such as email, calendar, telephony, messaging, payment, analytics, or AI providers

By using AutomateCRM, you acknowledge the practices described in this Privacy Policy.

​

2. Definitions

Personal Data

“Personal Data” means any data about an individual who is identifiable by or in relation to such data.

Personal Data may include, but is not limited to:

• Name

• Email address

• Phone number

• Job title

• Organization or company association

• Communication identifiers

• Email, message, call, or calendar information linked to an individual

• CRM records associated with an identifiable individual

• Device, usage, or log data that can reasonably be linked to an individual

• Any other information that can directly or indirectly identify a person

 

Customer Data

“Customer Data” means data submitted, uploaded, generated, synced, processed, or stored by customers or users within AutomateCRM.

Customer Data may include Personal Data, business transactional data, documents, communication records, workflow records, and operational data.

 

Business Transactional Data

“Business Transactional Data” means structured or unstructured data generated during business operations across organizational functions, including but not limited to sales, marketing, service, support, projects, billing, invoicing, payments, contracts, inventory, customer communications, approvals, tasks, and workflows.

 

User

“User” means an individual who accesses or uses AutomateCRM on behalf of themselves or an organization.

 

Customer

“Customer” means an organization or individual that subscribes to, purchases, or uses AutomateCRM.

 

Third-Party Services

“Third-Party Services” means external platforms, applications, APIs, or service providers integrated with AutomateCRM, including but not limited to email providers, calendar providers, messaging platforms, telephony providers, payment gateways, cloud infrastructure providers, analytics providers, and AI service providers.

 

3. Our Role in Processing Data

Depending on the context, AutomateCRM may act as either a data processor/service provider or as a data fiduciary/controller.

 

When We Act on Behalf of Customers

When customers use AutomateCRM to store, manage, or process their own Customer Data, the customer generally determines the purpose and means of processing. In such cases, AutomateCRM processes Customer Data on behalf of the customer to provide the contracted services.

 

When We Process Our Own Operational Data

For account administration, billing, security, support, analytics, product improvement, legal compliance, and direct relationship management with our customers and users, AutomateCRM may determine the purpose and means of processing such data.

 

4. Data We Collect and Process

We may collect and process the following categories of data.

 

4.1 Account and Identity Data

This may include:

• Name

• Email address

• Phone number

• Organization name

• Designation or role

• Login credentials or authentication identifiers

• User preferences and account settings

• Billing and subscription details

 

4.2 CRM and Business Transactional Data

AutomateCRM may process Customer Data across business functions, including:

• Contacts, leads, organizations, accounts, and customer profiles

• Business transactional data across organizational functions, including but not limited to:

  • Sales and opportunity data

  • Marketing engagement and campaign data

  • Customer support and service records

  • Project, task, and delivery management data

  • Billing, invoicing, payment, and financial interaction records

  • Contracts, agreements, renewals, approvals, and operational records

  • Inventory, asset, field service, or process execution data where enabled

• Workflow execution data and automation logs

• Notes, tasks, meetings, reminders, activities, and follow-ups

• Documents, files, attachments, images, and related metadata

• Communication records associated with customers, vendors, partners, or employees

 

4.3 Communication and Collaboration Data

Where enabled, AutomateCRM may process communication-related data such as:

• Email metadata and content

• Calendar events and scheduling data

• Messaging records

• Call logs and call-related metadata

• Voice recordings or transcripts where enabled

• Chat or support conversation history

• Communication activity linked to CRM records

 

4.4 Integration Data

When a user or organization connects Third-Party Services, AutomateCRM may access and process data from those services based on the permissions granted.

 

This may include:

• Email data

• Calendar data

• Messaging data

• Telephony data

• Payment or billing data

• User profile data

• Files, documents, or attachments

• Event notifications, webhooks, logs, and sync records

 

The exact data accessed depends on the integration enabled, the permissions granted, and the functionality used.

 

4.5 Usage, Device, and Technical Data

We may collect technical and usage information such as:

• IP address

• Browser type

• Device type

• Operating system

• Login activity

• Session activity

• Feature usage

• Error logs

• Security logs

• API usage logs

• System performance data

 

This data is used for security, troubleshooting, service improvement, performance monitoring, fraud prevention, and operational reliability.

 

4.6 Support and Service Data

When users contact us for support, we may process:

• Contact information

• Support requests

• Screenshots or recordings shared by users

• System logs required for troubleshooting

• Communication history with our support team

 

5. How We Use Data

We process data for the following purposes:

• To provide, operate, maintain, and improve AutomateCRM

• To deliver CRM and business process automation functionality

• To manage customer records, workflows, activities, and business transactions

• To enable integrations with third-party systems

• To synchronize communications, events, tasks, and records

• To execute workflows, notifications, reminders, approvals, and automations

• To provide dashboards, reports, analytics, and business insights

• To provide AI-assisted features, where enabled

• To authenticate users and secure accounts

• To provide customer support and troubleshooting

• To process billing, subscriptions, and payments

• To monitor system performance and reliability

• To prevent fraud, abuse, unauthorized access, or misuse

• To comply with applicable laws, regulations, contracts, and legal obligations

• To enforce our terms, policies, and agreements

 

We do not sell Personal Data. We do not use Google Workspace data or other restricted integration data for advertising, retargeting, or unrelated profiling.

 

6. Legal Basis and DPDP Alignment

AutomateCRM operates from India and aims to process Personal Data in accordance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, as applicable.

​

We process Personal Data for lawful purposes, including:

• Providing requested services

• Performing contractual obligations

• Acting on user or administrator consent

• Supporting legitimate business and operational uses

• Complying with legal obligations

• Protecting the security and integrity of our services

 

Where consent is required, users or administrators may provide consent through account setup, integration authorization, feature enablement, contractual arrangements, or other clear affirmative actions. Where permitted by law, we may process data for legitimate uses such as service delivery, security, fraud prevention, support, compliance, and operational continuity.

 

7. Data Principal Rights

Subject to applicable law and the nature of the relationship between AutomateCRM, the customer, and the individual, users and individuals may have the right to:

• Access Personal Data

• Request correction of inaccurate or incomplete Personal Data

• Request deletion of Personal Data

• Withdraw consent where processing is based on consent

• Request information about processing activities

• Raise grievances regarding data processing

Where Personal Data is controlled by one of our customers, requests relating to such data may need to be directed to that customer. We will support our customers in responding to such requests where required by law and contract.

To exercise rights or raise a privacy request, contact us at info@automatesmb.com .

 

8. Customer Responsibilities

Customers are responsible for ensuring that they have the necessary rights, permissions, notices, and lawful basis to collect, upload, sync, process, or store Personal Data and business data in AutomateCRM.

​

Customers are responsible for:

• Configuring user access and permissions

• Managing integrations enabled within their account

• Ensuring users are authorized to access relevant data

• Providing required notices to their own customers, employees, vendors, or data subjects

• Ensuring that data uploaded or synced into AutomateCRM complies with applicable laws

 

9. Third-Party Integrations

AutomateCRM integrates with third-party applications and services to provide unified CRM, communication, automation, analytics, and business process functionality.

​

These integrations may include, but are not limited to:

• Email services

• Calendar services

• Messaging and chat platforms

• Telephony and call providers

• Payment gateways

• Cloud storage and file services

• Marketing tools

• Customer support tools

• ERP, accounting, or billing systems

• AI and machine learning providers

• Analytics and monitoring tools

 

Data Access Through Integrations

When an integration is enabled, AutomateCRM may access and process only the data necessary to deliver the requested functionality.

This may include:

• Email metadata and content

• Calendar events and participants

• Messaging and call records

• Contact and profile data

• Documents and attachments

• Transactional or payment-related data

• API responses, webhook events, and sync logs

 

User Authorization and Control

Integrations are enabled only after user or administrator authorization.

Users or administrators may:

• Enable or disable integrations

• Configure integration settings

• Control what data is synced where supported

• Revoke access through AutomateCRM or the third-party provider

• Request deletion of data stored in AutomateCRM, subject to applicable retention requirements

 

10. Automated Processing and Background Operations

AutomateCRM may perform automated processing and background operations to support enabled features, integrations, and business workflows.

​

This may include:

• Background API calls

• Webhook-based event processing

• Scheduled sync checks

• Email, calendar, message, or call synchronization

• Workflow execution

• Automation triggers

• System notifications

• Data enrichment or matching

• Error handling and retry mechanisms

• Security monitoring and audit logging

 

Such processing:

• Occurs only for enabled features or authorized integrations

• Is limited to the data required for the relevant functionality

• Is designed to support user-facing CRM, automation, and business process features

• Is not used for unrestricted data collection

• Is not used to scan unrelated accounts or unrelated data

 

AutomateCRM does not intentionally perform unrestricted scraping, unauthorized monitoring, or bulk extraction of third-party account data unrelated to enabled functionality.

​

11. AI Features and AI Data Processing

AutomateCRM may provide AI-enabled features to help users improve productivity, automate business processes, generate insights, and interact with CRM data more efficiently.

​

AI features may include:

• AI recommendations

• Natural language search

• AI-assisted report generation

• Workflow suggestions

• Conversation summaries

• Call or meeting summaries

• Email or message drafting assistance

• Voice or text-based assistants

• Customer service or support assistants

• Business insights and analytics

• Data classification, extraction, or matching

 

How AI Processing Works

When AI features are enabled, AutomateCRM may process relevant CRM, business, communication, or workflow data to generate outputs requested by users.

​

Depending on the feature, data may be processed using:

• AutomateCRM’s own systems

• Cloud infrastructure providers

• External AI service providers

• Speech-to-text, text-to-speech, language model, or analytics providers

 

Use of External AI Providers

AutomateCRM may use external AI providers, such as OpenAI or similar providers, to process data for AI-enabled functionality.

​

When external AI providers are used:

• Data is shared only as necessary to provide the requested AI functionality

• Personal Data is minimized, masked, excluded, or pseudonymized wherever feasible

• We do not intentionally send Personal Data to AI providers unless required for the enabled feature and authorized use case

• We do not use AI providers for advertising or unrelated profiling

• We contractually and technically aim to restrict providers from using customer data for unauthorized purposes, including unrelated model training, where supported by the provider’s terms and configuration

 

Human Review of AI Data

AutomateCRM does not allow unrestricted human review of customer AI inputs or outputs.

Human review may occur only in limited cases such as:

• Customer-authorized support

• Troubleshooting

• Security investigation

• Legal or compliance obligations

• Abuse prevention

• Service improvement where data has been anonymized or aggregated, where feasible

 

AI Output Disclaimer

AI-generated outputs are assistive and may be incomplete or inaccurate. Users are responsible for reviewing AI-generated outputs before relying on them for business, legal, financial, medical, or operational decisions. AutomateCRM does not make fully automated decisions with legal or similarly significant effects on individuals unless explicitly configured by the customer and permitted by applicable law.

 

12. Google Workspace Integration

AutomateCRM integrates with Google Workspace services such as Gmail, Google Calendar, and related Google APIs to provide CRM, communication, scheduling, workflow, and productivity features.

This section explains how AutomateCRM accesses, uses, stores, and protects Google user data.

 

12.1 Google Data Accessed

Depending on the Google Workspace integration enabled and the permissions granted, AutomateCRM may access:

• Basic Google profile information, such as name and email address

• Gmail message metadata, such as sender, recipients, subject, date, labels, thread ID, and message ID

• Gmail message content, only where required for enabled features such as email logging, email sync, activity creation, or user-authorized CRM actions

• Gmail attachments, only where required for enabled features and user-authorized actions

• Google Calendar event data, such as event title, description, date, time, attendees, location, meeting links, and scheduling information

• Google account or workspace identifiers required for authentication, authorization, and integration management

 

The exact Google data accessed depends on the scopes approved by the user or administrator and the features enabled.

 

12.2 How We Use Google Data

AutomateCRM uses Google user data only to provide or improve user-facing CRM and business functionality.

​

Google data may be used to:

• Display CRM context inside Gmail or Google Workspace interfaces

• Match email participants with CRM contacts, leads, accounts, or records

• Log selected or synced emails as CRM activities

• Attach emails or documents to CRM records where enabled

• Sync calendar events, meetings, reminders, or schedules with CRM records

• Trigger user-configured workflows or business process automation

• Support user-requested reporting, search, or productivity features

 

AutomateCRM does not use Google user data for advertising, retargeting, unrelated profiling, or resale.

 

12.3 Google Background Processing

Where enabled by a user or administrator, AutomateCRM may perform limited background processing of Google data to support expected integration functionality.

 

This may include:

• Receiving event notifications through secure webhook or push mechanisms

• Performing scheduled checks for updates

• Syncing emails, calendar events, or related activity data

• Maintaining consistency between Google Workspace and AutomateCRM records

• Retrying failed sync operations

• Updating CRM records based on authorized Google Workspace activity

 

Such processing is limited to authorized integrations and enabled features.

 

12.4 Google API Limited Use Compliance

AutomateCRM’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• Google user data is used only to provide or improve user-facing features that are visible and relevant to the requesting application

• Google user data is not used for advertising

• Google user data is not sold

• Google user data is not transferred except as necessary to provide or improve the service, comply with applicable law, protect users, or as otherwise permitted by Google’s policies

• Humans do not read Google restricted user data except where necessary for security, legal compliance, abuse prevention, customer-authorized support, or with explicit user consent

 

12.5 Google OAuth and Token Handling

AutomateCRM uses OAuth 2.0 or other secure authorization mechanisms provided by Google.

• Users or administrators approve the permissions requested

• Access is limited to approved scopes

• Tokens are handled securely

• Where tokens must be stored to support sync or background functionality, they are stored using appropriate security controls such as encryption and restricted access

• Users or administrators can revoke Google access through their Google account settings or AutomateCRM integration settings

 

13. Authentication, Access Control, and Security

AutomateCRM implements reasonable technical, organizational, and administrative safeguards to protect data.

Security measures may include:

• HTTPS/TLS encryption in transit

• Encryption or secure storage controls where applicable

• Role-based access control

• Tenant-level data isolation

• User authentication and session controls

• Audit logs

• Access monitoring

• Secure API access

• Principle of least privilege

• Internal access restrictions

• Security reviews and monitoring

​

Customers are responsible for managing user roles, permissions, and access within their own AutomateCRM accounts.

 

14. Data Storage

Data may be stored in AutomateCRM systems, cloud infrastructure, databases, logs, backups, and integrated service environments as required to provide the service.Data from integrations is stored only when required for CRM, business process automation, reporting, support, compliance, or user-enabled functionality.

​

Examples include:

• Emails logged as CRM activities

• Calendar events linked to CRM records

• Call logs linked to customer records

• Workflow execution logs

• Documents attached by users

• Sync logs required for reliability and troubleshooting

• Audit logs required for security and compliance

 

We do not intentionally maintain unnecessary duplicate copies of third-party data outside the scope of providing AutomateCRM functionality.

 

15. Data Retention and Deletion

We retain data for as long as necessary to provide services, comply with legal obligations, resolve disputes, maintain security, enforce agreements, and support business operations.

Retention periods may vary depending on:

• Customer configuration

• Contractual requirements

• Legal or regulatory obligations

• Backup and disaster recovery requirements

• Security and audit needs

• The type of data and feature used

Customers and authorized users may delete records within AutomateCRM, subject to permissions and applicable retention requirements. Upon account termination or valid deletion request, we will delete or anonymize data in accordance with applicable law, contractual commitments, and operational requirements.Backup copies may persist for a limited period before being securely overwritten or deleted according to backup lifecycle policies.

 

16. Data Sharing and Subprocessors

We do not sell or rent Personal Data.

We may share data with trusted service providers and subprocessors only as necessary to operate, secure, support, and improve AutomateCRM.

Subprocessors may include:

• Cloud hosting providers

• Database and storage providers

• Email and communication providers

• Telephony providers

• Payment processors

• Analytics and monitoring providers

• Customer support tools

• AI service providers

• Security and infrastructure providers

 

Such providers are authorized to process data only for the purposes of providing services to AutomateCRM or our customers and are expected to maintain appropriate confidentiality and security safeguards.

 

We may also disclose data:

• When required by law, regulation, court order, or government request

• To protect rights, safety, security, or property

• To investigate fraud, abuse, or security incidents

• In connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate safeguards

 

17. International Data Transfers

AutomateCRM may use infrastructure, service providers, or subprocessors located in India or other countries.

Where Personal Data is transferred outside India or the user’s country of residence, we take reasonable steps to ensure such transfers are performed in accordance with applicable laws, contractual safeguards, and security requirements.

 

18. Cookies and Tracking Technologies

Our websites and applications may use cookies, local storage, analytics tools, and similar technologies to:

• Maintain sessions

• Remember preferences

• Improve user experience

• Monitor performance

• Analyze usage

• Secure the service

• Detect fraud or abuse

 

Users may control cookies through browser settings. Some features may not function properly if cookies are disabled.

 

19. Children’s Data

AutomateCRM is intended for business and organizational use. It is not intended for use by children.

We do not knowingly collect Personal Data from children unless such processing is enabled and controlled by a customer in a lawful organizational context, such as healthcare, education, or service delivery, and the customer is responsible for ensuring appropriate legal basis, consent, and safeguards.

 

20. Data Breach and Incident Response

We maintain processes to detect, investigate, respond to, and mitigate security incidents.

Where required by applicable law, we will notify affected customers, users, regulators, or authorities of personal data breaches within legally required timelines.

Customers are responsible for notifying their own users, customers, employees, or other individuals where the customer acts as the primary data fiduciary/controller, unless otherwise agreed by contract or required by law.

 

21. User Controls

Users and administrators may have controls to:

• Manage account settings

• Configure roles and permissions

• Enable or disable integrations

• Revoke third-party access

• Delete or update records

• Export data where supported

• Control workflow and automation settings

• Manage AI feature enablement where applicable

 

Availability of controls may depend on subscription plan, configuration, user role, and administrator permissions.

​

22. Confidentiality

AutomateCRM treats Customer Data as confidential.

Our personnel are granted access to Customer Data only where necessary for support, troubleshooting, security, operations, compliance, or other authorized purposes.

Internal access is restricted based on role and business need.

 

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, integrations, AI features, security practices, or business operations.

 

When we make material changes, we will update the “Last Updated” date and may provide additional notice where required by law or contract.

 

Continued use of AutomateCRM after updates means the revised Privacy Policy applies from the last update date stated.

 

24. Contact Us

For privacy questions, data requests, grievances, or concerns, contact us at:

​

Automate SMB Enterprises
New 3/1, 2nd Cross, DInnnur Main Road, R T Nagar, Bengaluru, Karnataka, India 560032
Website: https://www.automatesmb.com
Email: info@automatesmb.com
 

For Google Workspace integration-related privacy questions, you may also contact us using the same details above.

​

25. Grievance Redressal

If you have concerns regarding the processing of Personal Data, you may contact our grievance/privacy contact:

Name: Nilay Khatri
Email: info@automatesmb.com
 

We will review and respond to grievances in accordance with applicable law.

​

Changes to Privacy Policy

We reserve the right to change, modify, add or remove portions of this statement from time to time and in our sole discretion, but will alert you that changes have been made by indicating on the statement the date it was last updated. Your continued access to the Sites and Services will indicate your acceptance of our updated Policy. We recommend that users revisit this statement on occasion to learn of any changes.