Summary: Nivo CRM is a business tool used by real estate companies to manage leads, track calls, and communicate with customers. It includes a web application, an Android application, and optional integrations such as Facebook (Meta) Lead Ads and WhatsApp. We use data only to provide the CRM service to your organisation. We do not sell your data, share it with advertisers, or use it for advertising or profiling.
This Privacy Policy describes how Synergy Solutions ("we", "us", or "our") collects, uses, and protects information when you use the Nivo CRM platform โ including the Nivo CRM web application, the Nivo CRM Android application, and connected integrations such as Facebook (Meta) Lead Ads (collectively, "Nivo CRM" or "the Service"). By using the Service, you agree to the practices described in this policy.
Nivo CRM is a business-to-business (B2B) application โ it is provided to organisations (real estate developers and brokers) and used by their employees and sales teams. All use of the Service occurs in a professional work context. For data submitted by your organisation and its customers, your organisation is the data controller and Synergy Solutions acts as a data processor on its behalf.
Business & app ownership: Nivo CRM and its Facebook integration โ including the Meta (Facebook) application "Nivo CRM Lead Ads" โ are owned and operated by Synergy Solutions, a business based in Nashik, Maharashtra, India. This Privacy Policy applies to that application and its use of the Facebook platform.
1. Information We Collect
1.1 Information you provide
- Account credentials: Your name, email address, and mobile number, registered by your organisation's administrator.
- Lead data: Customer names, phone numbers, email addresses, project interests, and notes that you or your team enter into the CRM.
- Call outcomes and notes: Outcome tags, follow-up reminders, and notes you add after calls.
- Site visit records: Scheduled visits, outcomes, and observations logged by sales staff.
1.2 Information collected from connected integrations
- Facebook (Meta) Lead Ads data: When your organisation connects its Facebook account, we receive the lead information a prospective customer voluntarily submits in your Facebook or Instagram lead forms โ typically full name, phone number, email address, and any custom fields you configure (such as project interest or budget), together with the associated Page, form, and lead identifiers. See Section 3.
1.3 Information collected automatically
- Call log data (duration only): When you initiate a call to a lead through the Android App, we read your device's call log to retrieve the duration of that call. See Section 5 for full details.
- Device information: Device model, OS version, and app version for technical support purposes.
- FCM token: A Firebase Cloud Messaging token to deliver push notifications (e.g., "Call Now" triggers from the web app to your phone).
- Usage data: Basic in-app actions such as lead status changes and login timestamps, stored in your organisation's Firebase database.
2. How We Use Your Information
We use the information collected solely to provide and improve the Nivo CRM service:
- Display and manage your assigned leads and pipeline
- Deliver leads generated from your connected Facebook / Instagram lead forms into your CRM workspace
- Auto-log call durations so sales staff do not need to enter them manually
- Send push notifications for desktop-to-phone call triggers and reminders
- Enable your organisation's managers to view team performance and call activity reports
- Deliver WhatsApp messages via the AiSynergy integration on your behalf
- Provide technical support and debug issues
- Improve app performance and fix bugs
We do not use your information for advertising, profiling, or any purpose unrelated to providing the CRM service.
3. Facebook / Meta Lead Ads Integration
Nivo CRM connects to Facebook (Meta) Lead Ads so that businesses can receive leads generated from their own Facebook and Instagram lead forms directly inside the CRM, in real time.
This integration is provided through our Meta (Facebook) application "Nivo CRM Lead Ads", owned and operated by Synergy Solutions.
3.1 What the connection does
When an organisation chooses to connect its Facebook account, it grants Nivo CRM permission to:
- View the list of Facebook Pages it manages (pages_show_list) โ so the organisation can select which Page's lead forms to connect.
- Retrieve leads submitted through that Page's lead forms (leads_retrieval) โ so new enquiries appear in the CRM.
- Subscribe to that Page's lead notifications (pages_manage_metadata, pages_read_engagement) โ so leads are delivered automatically and in real time.
3.2 What data we receive from Facebook
- The information the prospective customer voluntarily entered in the Facebook / Instagram lead form โ typically full name, phone number, email address, and any custom form fields the organisation has configured.
- Associated Page ID, form ID, and lead ID used to match each lead to the correct campaign.
3.3 How we use it
- Facebook lead data is delivered into the connecting organisation's own private CRM workspace, where its sales team follows up. The organisation is the data controller; Synergy Solutions is the data processor.
- We do not use Facebook lead data for advertising, resale, profiling, or any purpose other than delivering it into the organisation's CRM.
- We do not combine Facebook lead data across different organisations. Each organisation's data is isolated (see Section 6).
3.4 Access tokens & disconnection
- The Facebook access token obtained during connection is stored securely and used only to retrieve leads and maintain the Page subscription on the organisation's behalf.
- An organisation can revoke access at any time by disconnecting the integration within Nivo CRM, or by removing Nivo CRM from its Facebook Business Integrations settings. Upon disconnection, we stop retrieving new leads and the subscription is removed.
3.5 Compliance
Our access to and use of data received through the Facebook platform complies with the Meta Platform Terms and Developer Policies. Retention and deletion of Facebook lead data follow Sections 9 and 14 of this policy.
4. Android App Permissions
The Nivo CRM Android App requests the following Android permissions:
- READ_CALL_LOG โ To automatically read call duration after a call to a CRM lead is completed. We do not read call logs for numbers outside of your lead contacts.
- CALL_PHONE โ To initiate a phone call to a lead directly from the App with one tap.
- READ_PHONE_STATE โ To detect when an active call ends so we can trigger the call duration read at the right moment.
- INTERNET โ To sync data with your organisation's Firebase database and communicate with Nivo's backend.
- RECEIVE_BOOT_COMPLETED โ To restart background listeners after the device reboots (required for FCM push delivery).
- POST_NOTIFICATIONS โ To deliver push notifications on Android 13 and above.
- VIBRATE โ To vibrate the device on incoming notifications.
All permissions are used exclusively for the purposes described above. No permission is used to track the user outside the app or for any purpose beyond the CRM functionality.
5. Call Log Access
Nivo CRM uses the READ_CALL_LOG permission to automatically log the duration of calls made to CRM leads. This eliminates manual entry for sales staff.
How it works
- A salesperson taps "Call" on a lead's profile in the App.
- The App dials the lead's phone number using the device's native dialer.
- After the call ends, the App reads the call log to find the most recent call matching the dialled number.
- The call duration (and timestamp) is saved to the lead's activity timeline in the CRM.
What we do NOT do
- We do not read call logs for phone numbers that are not in the CRM as leads.
- We do not upload your entire call history to our servers.
- We do not record, store, or transmit the audio content of calls.
- We do not use call log data for any purpose other than logging durations against CRM leads.
Desktop-to-phone call trigger
When a manager or salesperson clicks "Call Now" on the Nivo web app (desktop), the system sends an FCM push notification to the salesperson's Android device. This causes the phone's native dialer to open and dial the lead's number. Call duration is then auto-logged as described above. No VoIP, no SIM change, and no headset is required.
6. Data Storage & Security
- Storage location: All CRM data is stored on Google Firebase (asia-south1 โ Mumbai, India). This ensures your data remains on Indian servers, in compliance with the Digital Personal Data Protection (DPDP) Act, 2023.
- Organisation isolation: All data is stored in an isolated namespace per organisation within our Firebase database. Security rules ensure no organisation can read or write another organisation's data under any circumstances.
- Access control: Firebase Security Rules ensure that only authenticated users from your organisation can read or write data. Role-based access (Admin, Manager, Salesperson) further restricts what each user can see.
- Transmission security: All data is transmitted over HTTPS/TLS. Firebase connections are encrypted end-to-end.
- No local storage of sensitive data: The App does not store lead phone numbers or call log data on the device's local storage beyond temporary processing.
7. Data Sharing
We do not sell, rent, or trade your personal data or your organisation's CRM data. We share data only in the following limited circumstances:
- Within your organisation: Data is shared with other authorised users in your organisation based on their role (e.g., managers can see their team's leads and call logs).
- Google Firebase: Data is stored and synced via Google Firebase, which acts as our cloud infrastructure provider. Google's data processing terms apply.
- Meta Platforms (Facebook): When your organisation uses the Facebook Lead Ads integration, lead data is received from Meta into your CRM. We do not send your CRM data back to Meta for advertising. Data received from Meta is handled as described in Section 3.
- AiSynergy (WhatsApp): If your organisation uses the WhatsApp integration, lead names and phone numbers are shared with AiSynergy (our META-certified WhatsApp Business API platform, hosted in India) solely to deliver WhatsApp messages you authorise. See Section 8.
- Legal requirements: We may disclose data if required to do so by law or in response to a valid legal process.
We do not share data with advertisers, data brokers, analytics companies, or any third party for marketing purposes.
8. WhatsApp & AiSynergy Integration
Nivo CRM integrates with AiSynergy โ a META-certified WhatsApp Business API (WABA) platform operated by Synergy Solutions, built and hosted in India.
- WhatsApp messages are sent only to leads whose numbers are stored in your CRM.
- Messages are sent only when authorised by your organisation (bulk campaigns, automated follow-ups, or individual messages initiated by a salesperson).
- AiSynergy does not use customer data for any purpose other than delivering WhatsApp messages on behalf of your organisation.
- Message delivery data (delivered, read) is stored in your organisation's CRM database for reporting purposes.
9. Data Retention
- Active accounts: CRM data โ including leads received from Facebook โ is retained for as long as your organisation's account is active.
- Account termination: Upon termination of your organisation's subscription, data is retained for 30 days to allow for export, after which it is deleted from Firebase.
- Facebook lead data: Leads received via the Facebook integration are stored in your organisation's CRM and follow the same retention rules as all other lead data. Disconnecting the Facebook integration stops new leads from being retrieved.
- Employee offboarding: When a salesperson's account is deactivated by an admin, their leads are reassigned and their login access is revoked. Historical activity logs are retained as part of the organisation's CRM record.
- Call log reads: Call log data (duration and timestamp) is transferred to Firebase upon read and is not stored locally on the device.
10. Your Rights
As a user of Nivo CRM, you have the following rights regarding your personal data:
- Access: Request a copy of personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data (subject to your organisation's data retention needs and applicable laws).
- Withdrawal of consent: You may withdraw consent for specific data processing at any time (e.g., by revoking the call log permission in Android Settings, or by disconnecting the Facebook integration). Note that revoking the call log permission will disable the auto-duration-logging feature.
- Data portability: Request your organisation's CRM data in a portable format.
To exercise these rights, please contact your organisation's CRM administrator or reach us directly at the contact details in Section 13.
11. Children's Privacy
Nivo CRM is a business application intended exclusively for use by adults in a professional work context. The Service is not directed at, and should not be used by, anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a minor has used this Service, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service's features, or applicable laws. When we make changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify your organisation's administrator via email or in-app notification for material changes.
We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
14. Request Account & Data Deletion
You can request deletion of your Nivo CRM account and all associated personal data by contacting us at connect@nivocrm.com with the subject line "Account Deletion Request".
What gets deleted
- Your user profile (name, email, phone number, role)
- Your login credentials
- Any personal data directly associated with your user account
- On request, lead data received from Facebook that is associated with your account
What is retained
- Lead records and activity logs you created โ these belong to your organisation's CRM data and are retained per your organisation's data retention policy
- Data required to comply with legal obligations
Deleting Facebook-sourced data
To stop new Facebook leads and remove the connection, an organisation administrator can disconnect the Facebook integration in Nivo CRM, or remove Nivo CRM from their Facebook account under Settings โ Business Integrations. To request deletion of Facebook lead data already stored in the CRM, email us at the address above.
Timeline
We will process your deletion request within 7 business days and send you a confirmation email once complete.