Privacy Policy

This Privacy Policy explains how Easygentech Innovations Private Limited ("Easygentech", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use The Eazy CXM (the "Service") — our customer experience management SaaS platform — including the integrations the Service offers with Google services such as Gmail, Google Calendar, and Google Drive.

This policy applies to our website theeazy.io/cxm, our application at app.theeazycxm.com, our backend APIs, and any feature or integration made available as part of the Service.

The Service is owned and operated by:

For the purposes of applicable data protection laws (including the Digital Personal Data Protection Act, 2023 of India), Easygentech Innovations Private Limited is the data controller for personal data we collect about visitors and account holders, and the data processor for personal data our customers process through the Service.

We collect the following categories of information:

3.1 Account and profile data

• Name, email address, phone number, business name, role, password (hashed).
• Profile photo, time zone, language preference, and notification preferences.
• Billing details (organization name, billing email, GSTIN if applicable). Payment card details are processed by our payment processor and are not stored on our servers.

3.2 Customer content you submit to the Service

• Contacts, accounts, deals, leads, tasks, meetings, tickets, contracts, products, and other CRM records you create or upload.
• Email content composed or imported through the Service.
• Files and attachments you upload (proposals, receipts, signed contracts, etc.).

3.3 Information from third-party integrations you authorize

• Data from Google services (Gmail, Google Calendar, Google Meet, Google Drive, Google Forms, and Google Tasks) when you connect your Google account — see Section 4 for the full breakdown.
• Data from other authorized integrations such as Razorpay (billing), Mailtrap (email delivery), Twilio (telephony), and WhatsApp Business (messaging), strictly as required to operate the features you enable.

3.4 Technical and usage information

• IP address, browser type and version, device identifiers, operating system.
• Pages visited, features used, session timestamps, error logs, and diagnostic data.
• Cookies and similar technologies used to maintain your session and remember preferences.

When you choose to connect your Google account to The Eazy CXM, we request access to specific Google APIs using OAuth 2.0. The Service integrates with Gmail, Google Calendar, Google Meet, Google Tasks, Google Drive, and Google Forms. You are shown the exact permissions before granting access, and you may revoke them at any time (see Section 14).

The scopes we request, the data each scope provides, and the specific feature each scope powers are described below:

We request only the minimum scopes necessary to provide the features you have enabled. If you do not use a feature, the corresponding scope is not exercised against your data. You can disconnect your Google account at any time from within the Service (Settings → Integrations → Google), and from your Google account at myaccount.google.com/permissions.

4.1 Sensitive and restricted scopes — how we minimize access

Some of the scopes above are classified by Google as "sensitive" or "restricted" because they grant broad access to user content. For these scopes, we apply additional restrictions on top of the Limited Use commitments in Section 5:

• Gmail scopes (gmail.readonly, gmail.modify, gmail.compose, gmail.send) — we only read or write the specific Gmail messages, threads, drafts, and labels needed to render the features you actively use (inbox view, thread view, send, draft, label sync). We do not export Gmail content to any system other than what is needed to display it back to you, and we never use Gmail content to train AI models.
• Drive scope (drive) — although this scope technically permits broad access, in practice we only read and write files that (a) you create through The Eazy CXM, (b) you explicitly choose to attach to a CRM record, or (c) the Service generates on your behalf (such as a generated proposal or signed contract PDF). We do not enumerate or scan your entire Drive without your action. The drive.metadata.readonly scope is used so the in-app file picker can show you a list of files to choose from before we touch their contents.
• Meet scopes (meetings.space.created, meetings.space.readonly) — we access only the Google Meet conference spaces that the Service itself created for meetings you scheduled through The Eazy CXM. We do not access Meet spaces created outside the Service.
• Forms scopes (forms.body, forms.responses.readonly) — we modify the structure of forms the Service helps you create, and read responses to those forms so they can be imported as leads or feedback. We do not access Forms you did not link to The Eazy CXM.
• Tasks scopes (tasks, tasks.readonly) — we read your Google Tasks list so it can be displayed alongside CRM activities, and create or update tasks that you initiate through The Eazy CXM. We do not modify tasks you did not create or update through the Service.

We use the information described above only for the following purposes:

• To provide the Service — authenticate you, render your CRM data, send messages, schedule meetings, generate documents, and operate the features you actively use.
• To maintain and secure the Service — detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
• To communicate with you — send transactional emails (sign-up, password reset, billing receipts, security alerts) and, where permitted, product announcements that you can opt out of.
• To comply with legal obligations — meet our obligations under applicable laws including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.
• To improve the Service — analyze aggregated, anonymized usage information to debug issues and improve performance. We do not use Google user data for this purpose.

The Service includes optional AI features under the name Zuno AI (lead summaries, deal summaries, email drafting assistance, sales forecasting, churn prediction, and similar). These features are powered primarily by third-party large language model providers (currently OpenAI's GPT-4o family).

With respect to AI and Google user data:

• Zuno AI does not train any AI or machine-learning model on Google user data. Google user data is never used as training input.
• When you actively invoke an AI feature on content you choose (for example, asking Zuno AI to draft a reply to a specific email), the minimum content necessary is sent in real time to the model provider only to generate the requested output for you. Our AI providers are contractually bound not to use data submitted via their API to train their models.
• AI outputs (drafts, summaries) are stored only within your own Eazy CXM workspace and are visible only to you and the users you have authorized.
• You may disable Zuno AI features for your workspace from your administrator settings at any time.

We do not transfer or disclose your information to third parties for any purpose other than those explicitly described in this policy. We share information only as follows:

• With service providers and sub-processors who help us operate the Service (hosting, database, email delivery, payments, analytics). These providers are contractually bound to protect your data and may only process it under our instructions — see Section 9.
• With other users of your Eazy CXM workspace, to the extent your organization's role-based access controls (RBAC) permit. For example, deals assigned to a team are visible to that team.
• To comply with the law — when required by valid legal process, such as a subpoena, court order, or other lawful request from a competent authority.
• To protect rights and safety — to investigate or prevent suspected fraud, security incidents, or violations of our Terms.
• In connection with a corporate transaction — if Easygentech is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your data.

We rely on the following categories of sub-processors to operate the Service. Each is bound by data-protection terms equivalent to our own commitments:

• Cloud hosting and infrastructure — hosting providers operating the Service's servers, databases, and backups.
• Email delivery — Mailtrap (and equivalent providers) for transactional and marketing email delivery initiated by you.
• Payments — Razorpay and equivalent payment processors for subscription billing. Card data is handled directly by the payment processor and not stored on our servers.
• AI model providers — OpenAI for Zuno AI features. Data submitted to AI providers via API is not used to train their models.
• Telephony and messaging — Twilio and WhatsApp Business APIs for in-product calling and messaging, where you enable those features.
• Analytics and error monitoring — privacy-respecting analytics and error monitoring services used in aggregated form to keep the Service reliable.

An up-to-date list of sub-processors can be requested at any time by writing to admin@easygentech.com.

Easygentech does not sell, rent, or trade your personal information or any Google user data to third parties for monetary or other valuable consideration. We do not provide your data to data brokers or to information resellers, and we do not use it for credit-worthiness assessments, lending, or any form of advertising (including targeted, personalized, retargeted, or interest-based advertising).

We apply industry-standard administrative, technical, and physical safeguards to protect your data, including:

• Encryption in transit — all traffic between your browser and our servers is protected with TLS 1.2+.
• Encryption at rest — databases and backups storing personal data are encrypted at rest.
• Credential protection — user passwords are stored using salted one-way hashing; OAuth tokens (including Google tokens) are stored encrypted and are accessible only to the components that need them to provide the corresponding feature.
• Access controls — role-based access control inside the Service, and least-privilege access for our own engineering and support personnel. Production access is logged and audited.
• Monitoring — we maintain logging and alerting to detect unusual activity and respond to potential incidents.
• Vendor security — sub-processors are selected and reviewed against our security and privacy requirements.

No method of electronic storage or transmission is 100% secure. If we become aware of a personal-data breach that meets the threshold of applicable law, we will notify affected users and the relevant authorities within the required timeframes.

We retain your information for as long as your account is active and as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

• Account data is retained for the lifetime of your account.
• Customer content (CRM records, emails, files) is retained as long as you keep it in the Service. You can delete records and content at any time from within the application.
• Google user data is retained only as long as the corresponding Google integration is connected and you continue to use the related feature. If you disconnect your Google account, we delete cached Google data associated with that integration within thirty (30) days, except where retention is required by law.
• Backups are retained for up to 30 days for disaster recovery purposes.
• Account deletion — you can request deletion of your account and all associated personal data by writing to admin@easygentech.com. We will action your request within 30 days, subject to legal retention requirements.

When the retention period expires for a given type of data, we delete it or anonymize it so it can no longer be associated with you.

Depending on where you live, you may have the following rights with respect to your personal information:

• Right of access — request a copy of the personal data we hold about you.
• Right of correction — ask us to correct inaccurate or incomplete information.
• Right of erasure — ask us to delete your personal data, subject to legal retention exceptions.
• Right to withdraw consent — withdraw any consent you previously gave, including by disconnecting a third-party integration.
• Right to grievance redressal — for users in India under the Digital Personal Data Protection Act, 2023, you may contact our grievance officer at the address in Section 18.
• Right to lodge a complaint — you may contact your local data protection authority if you believe we have not handled your data lawfully.

To exercise any of these rights, write to admin@easygentech.com. We will respond within the timeframes required by applicable law.

You can disconnect your Google account from The Eazy CXM at any time:

1. From inside the Service — Settings → Integrations → Google → Disconnect. This stops further data access and starts the deletion of cached Google data described in Section 12.
2. From your Google account — visit myaccount.google.com/permissions and remove access for "The Eazy CXM".

We primarily store data in data centers located in the Asia-Pacific region. Where data is transferred outside India to our sub-processors (for example, AI providers operating in the United States), we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms recognized by applicable law.

The Service is intended for use by businesses and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, our Service, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify you by email or through an in-product notice. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 Easygentech Innovations Private Limited. The Eazy CXM is a product of Easygentech Innovations Private Limited. All rights reserved.