Privacy Policy

ERPNext Cloud Services ("Company," "we," "us," or "our") operates the ERPNext Cloud platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, website, and applications (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. By accessing and using ERPNext Cloud Services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Registration: When you create an account, we collect your name, email address, company name, phone number, and billing information (address, payment method).

Business Data: Information you input into your ERPNext instance, including but not limited to:

• Customer information
• Vendor/supplier data
• Financial records and transactions
• Inventory management data
• Employee information
• Contracts and agreements

Communication: Information you provide when you contact us via email, phone, contact forms, or support tickets.

Payment Information: Credit card numbers, bank account details, and billing addresses (processed securely through third-party payment processors).

1.2 Information Collected Automatically

Usage Data: We automatically collect information about your interactions with our platform:

• Login times and activities
• Features used and frequency
• System performance data
• Reports generated
• API calls and integrations

Device Information:

• IP addresses
• Browser type and version
• Operating system
• Device identifiers
• Mobile device information

Cookies & Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and analyze platform usage.

1.3 Information from Third Parties

• Payment processors (Stripe, Fawry, PayPal, etc.)
• Analytics providers (Google Analytics)
• Communication platforms (SendGrid, Twilio)
• Shipping and logistics providers
• Public databases and credit verification services

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Providing, maintaining, and improving our Services
• Processing transactions and sending related information
• Creating and managing your account
• Delivering customer support and technical assistance
• Sending service-related announcements
• Performing system backups and maintenance

2.2 Communication

• Responding to inquiries and support requests
• Sending newsletters and educational content (with your consent)
• Notifying you of changes to our Services
• Sending promotional materials (which you can opt out of)
• Conducting surveys and feedback requests

2.3 Security & Compliance

• Detecting and preventing fraud and abuse
• Monitoring for security incidents
• Investigating violations of our Terms of Service
• Complying with legal obligations
• Protecting our rights and property

2.4 Analytics & Improvement

• Analyzing usage patterns and platform performance
• Understanding user behavior and preferences
• Developing new features and functionality
• Conducting research and analytics
• Creating statistical data and aggregated reports

2.5 Marketing & Business Development

• Personalizing your experience
• Sending targeted marketing communications
• Measuring campaign effectiveness
• Identifying potential new customers

3. Data Storage & Your Business Data

3.1 Ownership of Your Data

You retain full ownership and control of all data you input into your ERPNext instance. This includes customer data, financial records, inventory, and any other business information. We do not own, claim rights to, or use your data for our own purposes (except as expressly permitted in this Privacy Policy and our Terms of Service).

3.2 Data Storage Location

Your data is stored on secure cloud servers located in Egypt and potentially other secure data centers at EU in compliance with applicable laws. If you are located in the EU or other regions with data localization requirements, please contact us to discuss options.

3.3 Backups & Data Retention

• Automatic Backups: We maintain automatic daily, hourly, or real-time backups depending on your plan
• Backup Retention: Backups are retained for 30-90 days for recovery purposes
• Data Recovery: We can assist with data recovery in case of accidental deletion
• Account Termination: Upon account termination, we retain data for 30 days before permanent deletion

3.4 Data Portability

You have the right to request your data in a portable format (PDF, CSV, XML). We will provide this within 30 days of your request. There may be a fee for large data exports.

4. Data Sharing & Disclosure

4.1 When We Share Your Information

We do not sell your personal information to third parties. We share information only in the following circumstances:

4.2 Service Providers

We share information with trusted third parties who assist us in operating our Services:

• Cloud Infrastructure: AWS, DigitalOcean, or other hosting providers
• Payment Processors: Kashier, Fawry, PayPal for payment processing
• Communication Services: SendGrid, Twilio for email and SMS
• Analytics Services: Google Analytics
• Backup Services: Third-party backup providers
• Support Services: Zendesk or similar support platforms

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information when required by law, including:

• Court orders or subpoenas
• Government requests or investigations
• Compliance with applicable regulations (tax, labor, etc.)
• Enforcement of our Terms of Service
• Protection of rights, safety, and property

4.4 Business Transfers

In the event of merger, acquisition, bankruptcy, or sale of our company or assets, your information may be transferred as part of that transaction. We will notify you of such change and any choices you may have regarding your information.

4.5 Aggregated & De-identified Data

We may share aggregated, anonymized data that cannot identify you personally. This may include industry benchmarks, usage statistics, and trends.

5. Security Measures

5.1 Data Protection Measures

We implement comprehensive security measures to protect your information:

• Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
• Firewalls: Advanced firewalls and DDoS protection
• Access Control: Role-based access control and authentication
• Two-Factor Authentication: Available for enhanced account security
• Regular Audits: Regular security audits and penetration testing
• Intrusion Detection: 24/7 monitoring for suspicious activity
• Compliance: SOC 2 compliance and regular security assessments

5.2 Password Security

• Passwords are hashed using industry-standard algorithms
• We enforce strong password requirements
• We support multi-factor authentication
• We never store passwords in plain text

5.3 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your login credentials.

6. Your Rights & Choices

6.1 Access & Correction

You have the right to access, review, and correct your personal information. You can update your account settings or contact us to request access to your data.

6.2 Deletion (Right to be Forgotten)

You have the right to request deletion of your personal information, subject to legal retention requirements. We will delete your data within 30 days unless we need to retain it for legal or contractual reasons.

6.3 Opt-Out Options

• Marketing Communications: You can unsubscribe from promotional emails using the unsubscribe link in each email
• Cookies: You can manage cookie preferences in your browser settings
• Tracking: You can opt-out of analytics tracking through Do Not Track settings

6.4 Data Portability

You can request your data in a portable format. We will provide it within 30 days in a commonly used format.

6.5 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@yourcompany.com
• Phone: +20 122 229 9085
• Mail: Cairo, Egypt

7. International Data Transfers

If you access our Services from outside Egypt, your information may be transferred to, stored in, and processed in Egypt and other countries. By using our Services, you consent to such transfers. We ensure that any transfers comply with applicable data protection laws.

8. Cookies & Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic functionality and security
• Analytical Cookies: Help us understand how users interact with our platform
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising and campaigns

8.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking cookies may affect your ability to use some features of our Services.

9. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete such information and terminate the child's account. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links & Services

Our website and Services may contain links to third-party websites and services. This Privacy Policy applies only to our Services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party services before providing your information.

11. Regulatory Compliance

11.1 GDPR (General Data Protection Regulation)

If you are located in the European Union, you have rights under the GDPR, including:

• Right of access to your data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

11.2 CCPA (California Consumer Privacy Act)

If you are a California resident, you have rights under the CCPA, including the right to know, delete, and opt-out of the sale or sharing of personal information.

11.3 Egypt's Personal Data Protection Law

We comply with Egypt's Personal Data Protection Law and regulations issued by the Egyptian National Authority for Cybersecurity.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovery
• Provide details of the breach and affected data
• Advise you of steps to protect your information
• Notify relevant authorities as required by law

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification
• Posting a prominent notice on our website

Your continued use of our Services after changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

15. Data Processing Agreement

For business customers, we offer a separate Data Processing Agreement (DPA) that outlines our responsibilities as a data processor. A copy of our standard DPA can be requested by contacting us.