New Way
Privacy Policy
Effective date: 27 June 2026
New Way (“we”, “our”, or “the platform”) is a business operations platform. This policy explains what data we collect, why we collect it, and how we protect it.
1. Data we collect
- Account data: name, email address, password (hashed), and organization name provided at registration.
- Organization data: company name, address, GSTIN, logo, and contact details you enter in Company Profile.
- Operational data: CRM records (contacts, leads, enquiries, bookings), invoices, quotes, payments, and messages created by your team.
- Customer data: contact details and transaction records you add for your own customers. You are the data controller for this data.
- Usage data: browser type, IP address, pages visited, and session timestamps collected via server logs.
- Uploaded media: images and files you upload, stored via Cloudinary.
2. How we use your data
- To provide, operate, and improve the platform.
- To generate invoices, quotes, and documents on your behalf.
- To authenticate users and secure sessions.
- To send transactional notifications (invoice confirmations, payment receipts).
- To diagnose errors and maintain service reliability.
We do not sell your data. We do not use your operational or customer data for advertising.
3. Data storage and security
All data is stored in a PostgreSQL database hosted on Supabase (AWS, ap-south-1 region). Sensitive configuration values are encrypted at rest. Sessions use signed, http-only JWT cookies — not exposed to JavaScript. Every database query is scoped to your organization; no cross-tenant data access is possible.
4. Third-party services
We use the following sub-processors:
- Supabase / AWS — database hosting (India region)
- Cloudinary — image and media storage
- Twilio / Gupshup / WATI — SMS and WhatsApp messaging (only if configured by you)
- Zoho Books — accounting sync (only if configured by you)
5. Your rights
You may request access to, correction of, or deletion of your account data at any time by contacting us. Organization owners may delete their workspace, which permanently removes all associated records.
6. Data retention
We retain your data for as long as your account is active. On account deletion, operational data is purged within 30 days. Backups may retain data for up to 90 days before expiry.
7. Cookies
We use a single http-only cookie (crm_token) for authentication. No tracking cookies, no analytics cookies, no third-party cookies are set by the platform.
8. Contact
Questions about this policy? Email us at support@newwaycrm.com.