Privacy Policy
Last Updated: 15th July 2019
1. Introduction
This is applicable if you are using our services:
- Subscribed to ERPNext hosted account
- 14-day trial account
- Requested for a demo
- Contact us for enquiry via e-mail
We here at Frappe Technologies, value your privacy and take serious measures in protecting your personal information and have hence updated our privacy policy to make it GDPR compliant.
This privacy policy provides you with details of how we collect and process your personal data through your use of our site https://erpnext.com.
By providing us with your data, you warrant to us that you are over 13 years of age.
Frappe Technologies Pvt. Limited is the data controller and processor, and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy policy).
We recognize the importance of maintaining your privacy. We value your privacy and appreciate your trust in us. This Policy describes how we treat user information we collect on http://www.erpnext.com, http://frappe.erpnext.com and other offline sources. This Privacy Policy applies to current and former visitors to our website and to our online customers. By visiting and/or using our website, you agree to this Privacy Policy. erpnext.com is a property of Frappe Technologies Private Limited, an Indian Company registered under the Companies Act, 1956 having its registered office at D/324 Neelkanth Business Park, Vidyavihar West, Mumbai, Maharashtra - 400086, India
2. Information we collect
2.1 Contact information
We might collect your name, email, mobile number, phone number, street, city, state, pin code, country and IP address.
2.2 Payment and billing information
We might collect your billing name, billing address and payment method when you make a purchase on our website. We NEVER collect your credit card number or credit card expiry date or other details pertaining to your credit card on our website. Credit card information will be obtained and processed by online payment management intermediary Razorpay or Paypal.
2.3 Information you post
We collect information you post in a public space on our website or on a third-party social media site belonging to erpnext.com.
2.4 Demographic information
We may collect demographic information about you, your business and business needs, events you like, events you intend to participate in, conference tickets you buy, or any other information provided by you during the use of our website. We might collect this as a part of a survey also.
2.5 Other information
If you use our website, we may collect information about your IP address and the browser you're using. We might look at what site you came from, duration of time spent on our website, pages accessed or what site you visit when you leave us. We might also collect the type of mobile device you are using, or the version of the operating system your computer or device is running.
3. We collect information in different ways
3.1 We collect information directly from you
We collect information directly from you when you make a purchase on erpnext.com, register for an event or subscribe to free trial period. We also collect information if you post a comment on our websites or ask us a question through phone or email.
3.2 We collect information from you passively
We may use other tracking tools like Google, web analytics, LinkedIN, browser cookies or other external websites for collecting information about your usage of our website.
3.3 We get information about you from third parties
For example, if you use an integrated social media feature on our website. The third-party social media site will give us certain information about you. This could include your name and email address.
4. Use of your personal information
4.1 We use information to contact you
We might use the information you provide to contact you for confirmation of a purchase on our website, registration for free trial or for other promotional purposes including sending newsletters.
4.2 We use information to respond to your requests or questions
We might use your information to confirm your purchase of service, free trial, registration for an event or contest.
4.3 We use information to improve our products and services
We might use your information to customize your experience with us. This could include displaying content based upon your preferences.
4.4 We use information to look at site trends and customer interests
We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties.
4.5 We use information for security purposes
We may use information to protect our company, our customers, or our websites.
4.6 We use information for marketing purposes
We might send you information about special promotions or offers. We might also tell you about new features or products. These might be our own offers or products, or third-party offers or products we think you might find interesting. Or, for example, if you buy our services we enrol you in our newsletter automatically. We use information to send you transactional communications. We might send you emails or SMS about your account or a purchase. We use information as otherwise permitted by law.
5. Sharing of information with third-parties
5.1 We will share information with third parties who perform services on our behalf
We share information with vendors who help us manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of India.
5.2 We may share information with our business partners
This includes a third party who may help us with implementation of the services subscribed by you and only in case we need to use their expertise on your account. Our partners use the information we give them as described in their privacy policies.
5.3 We will share information with the event organizers
We share your information with event organizers and other parties responsible for organizing events, demo sessions for you. The event organizers and other parties may use the information we give them as described in their privacy policies. We may share information if we think we have to in order to comply with the law or to protect ourselves. We will share information to respond to a court order or subpoena. We may also share it if a government agency or investigatory body requests. Or, we might also share information when we are investigating potential fraud. We may share information with any successor to all or part of our business. For example, if part of our business is sold we may give our customer list as part of that transaction. We may share your information for reasons not described in this policy. We will tell you before we do this.
6. Third party sites
If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites.
6.1 Roles
The regulation distinguishes two main types of entities:
- Data controller: Any entity who determines the purposes and means of the processing of personal data, alone or jointly. As a general rule, every organization is a controller for its own data.
- Data processor: Any entity who processes data on behalf of a data controller.
We Act As | Data Processing | Kind of data |
---|---|---|
Data Controller & Processor | erpnext.com | Personal Information like name, email, contact no. of clients, prospective clients who either email us, request for demo or sign up for a trial account |
Data Processor | Customer Data | Any data stored by our customers in their ERPNext account, they are the database owner and become the Data Controller for it. We only act as the Data Processor |
None | Self-hosted/On-Premise | Open Source users using ERPNext for their organization on their own server. |
7. What information about me is stored
We only store the information necessary for billing and contact purposes. This will include the following:
- Your Name (of course)
- Your Email ID
These are the common information stored with us when you use an Frappe cloud account. The following information is also stored:
- Phone number of the primary contact person (if shared by the user)
- Billing Address (of the company/primary user)
We also store all the data that is requested from you when you signup or request a demo.
8. Where do you host
We currently host with online.net whose servers/data centers are located in Paris, France.
9. What about backups
On the cloud, we maintain regular SQL backups (from hereon referred to as backup) of your account. A backup is taken every 6 hours.
These backups are stored on Amazon's AWS service. You can refer to its compliance information.
We recommend that you also maintain your own copy. To download them manually by going to Setup > Download Backups
.
You can also automate database backup download of your ERPNext account into your Dropbox account.
10. Who can access my account
We also have an access to your account for administrative purposes. This includes access for support and update purposes.
If anyone in our team has to access your data for support, then you will get an email mentioning that one of our engineers have accessed your data along with a reason. Your passwords are not accessible to our engineers and are generated via a program. If they need to access the account, they must go via this route. All our employees have signed a Non-Disclosure of Data agreement with us and they are fully aware of the consequences and risks involved with access of customer data.
11. How do I check all the changes you have made as an Administrator
We will report to you what changes (if any) we have done. At the bottom of each form (or doctypes as we call them) you will see who has made the recent changes. Additionally, you can view the Activity Log Report to track the activities of users in your account. Changes are also made automatically via patches when a new version gets released. In case a patch fails, an Administrator may change your data. In this case too you will receive an email notification of the same.
12. How do you use my data
Any personal information received will only be used to reply to your queries or fix your bugs (and occasionally send Newsletters which you can opt out of). We do not and never will sell or redistribute your information to any third party.
We do track your visits to the website through Google Analytics. This data is collected anonymously and viewed in an aggregated form to understand the user behavior across companies. The kind of queries we engage with here are like what is the most used transaction in ERPNext, or what do most users do after making a Sales Invoice.
13. How can I see all the information that is stored with you
Click here to initiate the request to download your data that we have stored in our systems.
14. How can I delete all my data that resides with you
We do not sell your data but for your peace of mind you can request to delete your data from our systems. You can use this link for data deletion request.
Please note that we can't delete certain details related to billing for legal and auditing purposes.
15. What if I want to move my data
ERPNext is free and Open Source. This is our biggest advantage against other cloud/SAAS ERPs. In the remote possibility that you do not want our service or we are unable to service, the entire source code with installation instructions is online at github.com.
All you have to do is download your backup and reinstall on your new server. You can also export only the necessary data in spreadsheets (Excel, CSV) and import them in your new instance.
16. Email Opt-Out
You can opt out of receiving or Unsubscribe our marketing emails. To stop receiving our promotional emails, please email support@erpnext.com.It may take about ten days to process your request. Even if you opt out of getting marketing messages, we will still be sending you transactional messages through email and SMS about your purchases.
17. Incorrect/Incomplete Information
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at support@erpnext.com. We will promptly correct any information found to be incorrect.
18. Contact Details
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below. If you have any questions about this Policy or other privacy concerns, please do connect with us.
Our full details are:
Full name of legal entity: Frappe Technologies Private Limited
Grievance Officer: Mr. Umair Sayyed
Email address: hello@erpnext.com/support@erpnext.com
Postal address:
D/324, Neelkanth Business Park,
Near Vidyavihar Railway Station,
Vidyavihar West,
Mumbai 400086.
Telephone number: +91 22 4897 0555
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at Email address: support@erpnext.com.
19. Taking care of your Password (Password security)
erpnext.com firmly believes in protecting the personal information of the customer. erpnext.com or any of its staff or official will never ask for any password or related information from its customers and the customers are also advised, in order to protect access to their accounts and to other channels, do not disclose the passwords to anyone. Generally, when you subscribe to free trial or make a purchase at erpnext.com, you are required to generate your own password. It is recommended that the customers necessarily choose their own passwords carefully such that no unauthorized access is made by a third party. You are also advised not to keep any written or other record of the password/s so that no third party could access the same. You should not disclose the password to anyone. In order that the passwords become complex and difficult for others to guess the you should carefully choose the alpha numeric passwords with combination of upper case alphabets and numbers and special characters (like @, %, &, ! etc.) The password is a private information and must be kept confidential by the owner of the username related to the password. If a password is known by someone other than the owner, that username and password could be misused to access resources and information and possibly with criminal intent—and without notice since they would appear as the registered owner. We will bear no responsibility for loss caused to you in relation to password theft or unauthorized access due to weak passwords etc.
20. Updates to this policy
From time to time we may change our privacy practices. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.
21. Jurisdiction
If you choose to visit the website, your visit and any dispute over privacy is subject to this Policy and the website's terms of use. In addition to the foregoing, any disputes arising under this Policy shall be governed by the laws of India.
22. Have more questions
Drop an email to hello@erpnext.com.