Buyer Nexus ("we", "our", or "us") provides a SaaS CRM platform that helps businesses manage customer relationships, communications and workflows. This Privacy Policy explains how we collect, use, disclose, retain and protect personal data, including data processed via the WhatsApp Business Platform (Meta).

Important Notice

This Privacy Policy is complete and up-to-date as of the effective date shown above. An incomplete or missing privacy policy may result in payment processing failures and service disruptions. We are committed to transparency in how we handle your data.

By using Buyer Nexus you agree to the practices described in this Privacy Policy. If you do not agree, do not use the service.

📋Quick Overview: Types of Data We Collect

We collect and process the following types of user data:

Personal Information: Name, email address, phone number, date of birth, address

Business Information: Company name, billing details, tax information (GST)

Account Data: Login credentials, authentication tokens, user preferences, role information

Communication Data: WhatsApp messages, SMS, customer interactions, chat history

Technical Data: IP addresses, browser type, device information, cookies, session logs

Payment Information: Credit/debit card details, bank account information, transaction history

Usage Data: Platform activity, feature usage, API calls, performance metrics

Customer Data: End-user contact information processed through your CRM

📖Introduction

This Privacy Policy describes how Buyer Nexus and its affiliates (collectively "Buyer Nexus, we, our, us") collect, use, share, protect or otherwise process your information/ personal data through our website https://buyernexus.ai (hereinafter referred to as Platform). Please note that you may be able to browse certain sections of the Platform without registering with us.

We do not offer any product/service under this Platform outside India and your personal data will primarily be stored and processed in India. By visiting this Platform, providing your information or availing any product/service offered on the Platform, you expressly agree to be bound by the terms and conditions of this Privacy Policy, the Terms of Use and the applicable service/product terms and conditions, and agree to be governed by the laws of India including but not limited to the laws applicable to data protection and privacy. If you do not agree please do not use or access our Platform.

📥Collection

We collect your personal data when you use our Platform, services or otherwise interact with us during the course of our relationship and related information provided from time to time. Some of the information that we may collect includes but is not limited to personal data / information provided to us during sign-up/registering or using our Platform such as name, date of birth, address, telephone/mobile number, email ID and/or any such information shared as proof of identity or address.

Some of the sensitive personal data may be collected with your consent, such as your bank account or credit or debit card or other payment instrument information or biometric information such as your facial features or physiological information (in order to enable use of certain features when opted for, available on the Platform) etc all of the above being in accordance with applicable law(s). You always have the option to not provide information, by choosing not to use a particular service or feature on the Platform.

We may track your behaviour, preferences, and other information that you choose to provide on our Platform. This information is compiled and analysed on an aggregated basis. We will also collect your information related to your transactions on Platform and such third-party business partner platforms. When such a third-party business partner collects your personal data directly from you, you will be governed by their privacy policies. We shall not be responsible for the third-party business partner's privacy practices or the content of their privacy policies, and we request you to read their privacy policies prior to disclosing any information.

⚠️ Important: If you receive an email, a call from a person/association claiming to be Buyer Nexus seeking any personal data like debit/credit card PIN, net-banking or mobile banking password, we request you to never provide such information. If you have already revealed such information, report it immediately to an appropriate law enforcement agency.

⚙️Usage

We use personal data to provide the services you request. To the extent we use your personal data to market to you, we will provide you the ability to opt-out of such uses. We use your personal data to assist sellers and business partners in handling and fulfilling orders; enhancing customer experience; to resolve disputes; troubleshoot problems; inform you about online and offline offers, products, services, and updates; customise your experience; detect and protect us against error, fraud and other criminal activity; enforce our terms and conditions; conduct marketing research, analysis and surveys; and as otherwise described to you at the time of collection of information.

You understand that your access to these products/services may be affected in the event permission is not provided to us.

🤝Sharing

We may share your personal data internally within our group entities, our other corporate entities, and affiliates to provide you access to the services and products offered by them. These entities and affiliates may market to you as a result of such sharing unless you explicitly opt-out. We may disclose personal data to third parties such as sellers, business partners, third party service providers including logistics partners, prepaid payment instrument issuers, third-party reward programs and other payment opted by you.

These disclosure may be required for us to provide you access to our services and products offered to you, to comply with our legal obligations, to enforce our user agreement, to facilitate our marketing and advertising activities, to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our services. We may disclose personal and sensitive personal data to government agencies or other authorised law enforcement agencies if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process.

We may disclose personal data to law enforcement offices, third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to: enforce our Terms of Use or Privacy Policy; respond to claims that an advertisement, posting or other content violates the rights of a third party; or protect the rights, property or personal safety of our users or the general public.

🔒Security Precautions

To protect your personal data from unauthorised access or disclosure, loss or misuse we adopt reasonable security practices and procedures. Once your information is in our possession or whenever you access your account information, we adhere to our security guidelines to protect it against unauthorised access and offer the use of a secure server.

However, the transmission of information is not completely secure for reasons beyond our control. By using the Platform, the users accept the security implications of data transmission over the internet and the World Wide Web which cannot always be guaranteed as completely secure, and therefore, there would always remain certain inherent risks regarding use of the Platform. Users are responsible for ensuring the protection of login and password records for their account.

🗑️Data Deletion and Retention

You have an option to delete your account by visiting your profile and settings on our Platform, this action would result in you losing all information related to your account. You may also write to us at the contact information provided below to assist you with these requests.

We may in event of any pending grievance, claims, pending shipments or any other services we may refuse or delay deletion of the account. Once the account is deleted, you will lose access to the account. We retain your personal data information for a period no longer than is required for the purpose for which it was collected or as required under any applicable law.

However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse or for other legitimate purposes. We may continue to retain your data in anonymised form for analytical and research purposes.

✋Your Rights

You may access, rectify, and update your personal data directly through the functionalities provided on the Platform.

✅Consent

By visiting our Platform or by providing your information, you consent to the collection, use, storage, disclosure and otherwise processing of your information on the Platform in accordance with this Privacy Policy. If you disclose to us any personal data relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.

You, while providing your personal data over the Platform or any partner platforms or establishments, consent to us (including our other corporate entities, affiliates, lending partners, technology partners, marketing channels, business partners and other third parties) to contact you through SMS, instant messaging apps, call and/or e-mail for the purposes specified in this Privacy Policy.

You have an option to withdraw your consent that you have already provided by writing to the Grievance Officer at the contact information provided below. Please mention "Withdrawal of consent for processing personal data" in your subject line of your communication. We may verify such requests before acting on our request. However, please note that your withdrawal of consent will not be retrospective and will be in accordance with the Terms of Use, this Privacy Policy, and applicable laws. In the event you withdraw consent given to us under this Privacy Policy, we reserve the right to restrict or deny the provision of our services for which we consider such information to be necessary.

🔄Changes to this Privacy Policy

Please check our Privacy Policy periodically for changes. We may update this Privacy Policy to reflect changes to our information practices. We may alert / notify you about the significant changes to the Privacy Policy, in the manner as may be required under applicable laws.

Detailed Privacy Practices

1Information We Collect

We collect the following categories of information:

aBusiness & Account Data

Contact and account information: name, business email, phone number, company name, billing information and identifiers.
Login credentials, authentication data and role information.

bCustomer Data (via CRM & WhatsApp APIs)

End-user phone numbers and contact records.
Messages and media shared through the WhatsApp Business Platform (message text, images, attachments), and message metadata (timestamps, delivery/read receipts).
Conversation context and CRM notes created by your users.

cTechnical Data

Device and browser information, IP addresses, cookies, session logs and API usage logs.
Error and diagnostic logs used for support and platform reliability.

dOptional Data

Support requests, survey responses and optional profile fields provided by account administrators.

eFacebook Lead Ads Lead Data

When you submit a lead through a Facebook Lead Ad form, we collect and process the information you provide (such as name, email address, phone number, and any other form responses). This data is used to:

Deliver and manage our CRM services
Contact you regarding your inquiry
Store the lead information securely in our system

We will not share Facebook lead data with third parties except as necessary to provide our services or comply with legal obligations. You may request access, correction, or deletion of your lead data by contacting us at info@buyernexus.ai.

2How We Use Information

We use collected data to:

Provide and operate the Buyer Nexus platform and related features.
Send and receive messages via the WhatsApp Business Platform on behalf of our customers.
Manage subscriptions, billing, and customer support.
Improve product performance, security and user experience.
Comply with legal obligations and enforce our Terms of Service.

3WhatsApp Business Platform Data Handling

Our Platform supports WhatsApp Business API integration through two models:

User-Managed WhatsApp Business API Integration

When you integrate your own WhatsApp Business API account using your own API credentials:

You maintain direct ownership and control of your WhatsApp Business account with Meta
Buyer Nexus acts as a technology platform that facilitates the integration but does not own or control your WhatsApp account
You are the data controller for all WhatsApp messages and customer data processed through your account
You are solely responsible for obtaining proper user consent, complying with Meta's policies, and adhering to all applicable privacy laws (GDPR, CCPA, India DPDP, etc.)
Buyer Nexus processes WhatsApp data on your behalf as a service provider/processor to enable CRM functionality
Your direct relationship with Meta governs your WhatsApp Business API usage, terms, and data processing

When you connect a WhatsApp Business number to Buyer Nexus (whether your own account or through our managed services), the following applies:

Role:You, the customer, are the Data Controller for end-user communications; Buyer Nexus acts as the Data Processor for Platform Data processed to provide the service. When using your own WhatsApp Business API account, you maintain full data controller responsibility and direct accountability to Meta for all WhatsApp-related data processing.

Scope:Platform Data may include phone numbers, message content, media and message metadata. We process Platform Data only to deliver the CRM and messaging functionalities you have requested.

Data minimization:We collect and retain only the minimum Platform Data necessary to provide the services and to comply with legal obligations.

No sale of data:We do not sell WhatsApp Platform Data or use it for third-party advertising.

Sub-processors:We may engage subprocessors (hosting, analytics, backups) limited to performing services on our behalf — see our Sub-Processor list (Annex A).

Retention:Messages and related metadata are retained only as required for CRM functionality, troubleshooting, dispute resolution, billing or as required by law. (See section "Data Retention" below.)

Opt-outs & preferences:End users may opt out of marketing or non-essential messages per the account administrator's configured messaging rules. Compliance with WhatsApp opt-in rules is the responsibility of the account administrator (Controller). When using your own WhatsApp Business API account, you are directly responsible to Meta for all policy compliance, opt-in/opt-out management, and terms of service adherence.

4Third-Party Data Sharing & Disclosure

Our Commitment

We do NOT sell, rent, or trade your personal data to third parties for their marketing purposes. We only share data as necessary to provide our services, comply with legal obligations, or with your explicit consent.

We disclose personal information only in the following circumstances:

1. Essential Service Providers (Third-Party Processors)

We share data with trusted third-party service providers who help us deliver our services:

WhatsApp / Meta

Message delivery, WhatsApp Business API services, delivery tracking

Cloud Hosting

AWS, Google Cloud, or Azure for secure data storage and infrastructure

Payment Processors

Razorpay, Stripe for secure PCI-DSS compliant payment processing

Email Services

SendGrid, AWS SES for transactional emails and notifications

SMS Providers

Twilio, Exotel for SMS delivery services

Analytics

Google Analytics (anonymized), Mixpanel for usage analytics

Customer Support

Zendesk, Freshdesk for support ticket management

Error Tracking

Sentry for application error monitoring

All service providers are bound by data processing agreements (DPAs) and process data only on our instructions.

2. Legal and Regulatory Requirements

We may disclose data when required by law:

In response to valid subpoenas, court orders, or legal processes
To comply with government or regulatory requests
To enforce our Terms of Service or protect our legal rights
To investigate fraud, security issues, or violations of law
To protect the safety and rights of our users and the public

We will review all legal requests and, where appropriate, challenge overly broad or improper requests.

3. Business Transfers

In case of merger, acquisition, sale of assets, or reorganization, your data may be transferred to the acquiring entity. We will notify you and ensure the acquiring entity maintains equivalent data protection standards.

4. With Your Consent

We may share data with third parties when you explicitly provide consent, such as when you authorize integration with third-party tools or platforms.

5. Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot identify you personally for research, analytics, marketing, or business purposes. This data does not constitute personal information.

International Data Transfers

While we primarily store data in India, some service providers may process data outside India. When data is transferred internationally, we ensure adequate safeguards through: (a) Standard Contractual Clauses (SCCs), (b) adequacy decisions by regulatory authorities, or (c) explicit user consent.

5Data Security, Protection & Storage

How We Protect Your Data

We implement comprehensive technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction.

🛡️Technical Security Measures

Encryption

TLS 1.3 for transit; AES-256 at rest

Access Controls

RBAC, MFA, least privilege principle

Network Security

Firewalls, IDS, DDoS protection

Application Security

Input validation, SQL injection, XSS, CSRF protection

Database Security

Encrypted backups, restricted access

API Security

API keys, rate limiting, OAuth 2.0, webhook verification

🏢Organizational Security Measures

Employee Training: Regular security awareness training for all employees
Background Checks: Verification of employees with access to sensitive data
Confidentiality Agreements: All employees sign NDAs and data protection agreements
Access Logging: Comprehensive audit trails for all data access and modifications
Incident Response: Documented procedures for security incident handling

📡Monitoring & Testing

24/7 security monitoring and alerting
Regular vulnerability assessments and penetration testing
Automated security scanning of code and dependencies
Security patch management and timely updates
Annual third-party security audits

Where We Store Your Data

Primary Data Storage

Your data is primarily stored and processed in secure data centers located in India. We use cloud infrastructure providers with ISO 27001, SOC 2, and other security certifications.

Data Residency

All customer data for Indian customers is stored within India to comply with data localization requirements.

Backup Storage

Encrypted backups are maintained in geographically distributed locations for disaster recovery. Backups are retained for 90 days.

Infrastructure Providers

We use trusted cloud service providers including AWS, Google Cloud, or Microsoft Azure (with data centers in India).

Data Breach Notification

In the event of a security incident or data breach affecting personal data, we will:

Investigate and contain the incident immediately
Notify affected customers within 72 hours of discovering the breach
Report to relevant data protection authorities as required by law
Provide information about the nature of the breach and remedial actions taken
Offer guidance on steps users can take to protect themselves

User Responsibility

While we implement robust security measures, users are responsible for: maintaining the confidentiality of their passwords, enabling MFA when available, using secure internet connections, keeping their devices secure, and promptly reporting any suspicious activity. No system can be 100% secure, and users share responsibility for protecting their accounts.

6Data Retention

We retain personal data only as long as necessary to provide the service, fulfill contractual obligations, or comply with legal requirements.

Active account data:Retained while the customer's account is active.

WhatsApp messages & CRM records:Retained according to customer settings, and deleted or anonymized after account termination or within 90 days unless legal requirements demand longer retention.

7Your Rights

Depending on applicable law (for example GDPR, India's DPDP, CCPA) you may have the right to:

Access: Access your personal data and obtain a copy.

Correct: Correct inaccurate or incomplete data.

Delete: Request deletion of personal data ("right to be forgotten").

Restrict: Restrict or object to certain processing activities.

Portability: Request portability of data in a structured, commonly used format.

To exercise these rights, please contact your Buyer Nexus account administrator or email us at info@buyernexus.ai.

8Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our Platform. This section explains what cookies are, how we use them, and how you can control them.

What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit our Platform. They help us recognize you, remember your preferences, and improve your experience.

Types of Cookies We Use

Essential Cookies

Strictly Necessary

Purpose: Required for the Platform to function properly

User authentication and session management
Security features and fraud prevention
Load balancing and service availability
Remembering login state across pages

Retention: Session-based or up to 30 daysCan be disabled: No — Platform will not function without these

Functional Cookies

Enhance Experience

Purpose: Enhance functionality and personalization

Remembering your preferences (language, timezone, theme)
Storing user settings and customizations
Recognizing you when you return to the Platform
Providing personalized content and features

Retention: Up to 12 monthsCan be disabled: Yes — through browser settings or cookie preferences

Analytics/Performance Cookies

Usage Insights

Purpose: Understand how visitors use our Platform

Collecting anonymous usage statistics
Measuring page performance and load times
Identifying popular features and content
Detecting errors and improving user experience
A/B testing for feature improvements

Retention: Up to 24 monthsCan be disabled: Yes — through cookie preferences or browser settings

Marketing/Advertising Cookies

If Applicable

Purpose: Deliver relevant marketing communications

Tracking ad campaign effectiveness
Limiting ad frequency
Personalizing marketing messages
Retargeting website visitors

Retention: Up to 12 monthsCan be disabled: Yes — through cookie consent manager

How to Control Cookies

Platform Cookie Settings

Access cookie preferences within your account settings or through the cookie consent banner on first visit.

Browser Settings

Most browsers allow you to view and delete cookies, block all or third-party cookies, and clear cookies when you close the browser.

Chrome: Settings → PrivacyFirefox: Settings → PrivacySafari: Preferences → PrivacyEdge: Settings → Cookies

Important Note: Disabling certain cookies may affect the functionality of the Platform. Essential cookies cannot be disabled as they are required for basic operations like authentication and security.

Other Tracking Technologies

In addition to cookies, we may use:

Web Beacons/Pixels: Small graphic images to track email opens and page views
Local Storage: HTML5 local storage for caching application data
Session Storage: Temporary storage cleared when browser closes
SDKs: Software development kits in mobile applications for analytics

9Children

Buyer Nexus is a platform for businesses. We do not knowingly collect personal information from children under the applicable minimum age (typically 16). If you believe we have collected data about a child, contact us to request deletion.

10Changes to This Policy

We may update this Privacy Policy occasionally. When we do, we will post the revised policy on this page and update the "Effective Date" at the top. For material changes, we will notify account administrators by email or via in-app notice.