Privacy Policy

Last Updated: January 01, 2026

WinishTech IT Solutions Pvt. Ltd. (“WinishTech”, “we”, “our”, or “us”) operates the LeadsForce360 platform (“Platform”, “Service”).
This Privacy Policy describes how information is collected, used, stored, protected, and disclosed when you access or use LeadsForce360.

1. Scope of This Policy

This Privacy Policy applies to:

Visitors to our websites and web applications
Companies registering or subscribing to LeadsForce360
Authorized users, employees, and field executives using the platform
Data processed on behalf of our business customers

LeadsForce360 acts as: a Data Processor for employee, lead, and customer data uploaded by client organizations, and a Data Controller for its own business, billing, account, and operational data.

2. Information We Collect

2.1 Company & Account Information We may collect:

Company or organization name
Business email address
Contact person name
Phone number
GST and other business identifiers (if applicable)
Subscription plan details, selected services, and user limits

2.2 User & Employee Information

When companies use LeadsForce360, we may process:

Employee or user names, roles, and system user IDs
Attendance punch-in and punch-out records
Visit check-in and check-out data
GPS location only at the time of attendance or visit actions
Uploaded images, notes, visit outcomes, and task details
Activity timestamps, logs, and audit trails

This data is collected strictly for business operations, including attendance tracking, visit verification, reporting, and performance analytics.

2.3 Communication & Engagement Data

If enabled by the customer, LeadsForce360 may process:

WhatsApp or messaging metadata (timestamps, delivery status)
Email campaign activity (delivery, open, and engagement logs)
Call interaction logs, call status, and call notes
Campaign analytics and engagement metrics

LeadsForce360 does not monitor or access personal conversations beyond what is required to deliver the service.

2.4 Payment & Billing Information

Payments are securely handled by third-party payment gateways such as Razorpay. LeadsForce360:

Does not store credit card, debit card, UPI, or banking credentials
Stores only transaction references, subscription IDs, invoices, and billing status for compliance and record-keeping

2.5 Technical & Usage Data

We automatically collect limited technical data, including:

IP address (used only transiently for security, fraud prevention, and request integrity, and not stored in raw form for advertising or profiling purposes)
Browser type and device information
Log files and usage statistics
Cookies and session identifiers

This data is used for security, analytics, troubleshooting, and performance optimization.

3. How We Use Your Information

We use collected information to:

Create and manage company accounts
Deliver CRM, lead management, and field-force services
Enable WhatsApp, email, and campaign automation
Process subscriptions, trials, and payments
Provide dashboards, analytics, and operational reports
Ensure platform security and prevent fraud
Improve features, usability, and performance
Comply with legal, regulatory, and contractual obligations

4. Data Storage, Authentication & Security

We implement a defense-in-depth security framework to protect personal, business, and operational data in accordance with Indian law, including the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Authentication & Identity Security: Secure JWT-based authentication using RS256 (public–private key cryptography)
Tokens are digitally signed by a centralized authorization service and verified using public keys
Role-based and tenant-aware claims enforce user identity, permissions, and company-level isolation
Token expiration and refresh mechanisms reduce the risk of unauthorized access
Tenant-Based Data Isolation: Multi-tenant architecture with strict logical separation
Each company’s data is accessible only within its authorized tenant scope
Cross-tenant access is technically restricted, logged, and monitored
Data Protection & Encryption: Encrypted data transmission using HTTPS / TLS
Encryption of sensitive data at rest where applicable
Secure key-management practices to protect cryptographic materials
Infrastructure & Access Controls: Hosted on secure cloud infrastructure with restricted network access
Role-Based Access Control (RBAC) limits data access to authorized users
Administrative access is logged, monitored, and audited
Monitoring, Logging & Compliance: Continuous system monitoring, audit logging, and anomaly detection
Regular vulnerability assessments and security updates
Security practices aligned with confidentiality, integrity, availability, and data-minimization principles

5. Location & Tracking Data

GPS location is collected only during attendance punch-in/punch-out or visit actions
No continuous or background location tracking is performed
Field tracking starts only after punch-in and automatically stops on punch-out, leave, or day-off
Location data is used solely for verification, reporting, audit, and operational compliance purposes
Access to location data is governed by company-defined policies and limited to authorized roles
Location data is not used for surveillance, marketing, profiling, or sold to third parties

6. Cookies & Tracking Technologies

LeadsForce360 uses cookies and similar technologies to:

Maintain secure login sessions
Enable core platform functionality
Improve performance and user experience
Analyze usage trends

Disabling cookies may limit certain platform features.

7. Data Sharing & Disclosure

We do not sell, rent, or trade personal or business data. We may share limited and necessary data only with:

Payment processors (e.g., Razorpay) – billing references and transaction status
Cloud hosting and infrastructure providers – securely stored application data
Messaging and communication service providers – contact details and delivery metadata
Legal or regulatory authorities – where required by law

All third parties are contractually bound by confidentiality and data-protection obligations.

8. Google API Data Disclosure (Google Ads Integration)

LeadsForce360 integrates with Google APIs, including the Google Ads API, to provide advertising and lead-management features for business users.

8.1 Google Ads Data We Access

When you connect your Google account and authorize Google Ads access, LeadsForce360 may access the following Google Ads data:

Google Ads account identifiers (Customer ID)
Campaign, ad group, ad, keyword, and bidding configuration data
Campaign performance metrics (such as impressions, clicks, conversions, and cost data)
Lead form and lead conversion data generated through Google Ads
Basic account metadata required for authentication and authorization

We access only the data required to provide the Google Ads features you explicitly enable within the platform.

8.2 Purpose of Google Ads Data Usage

We use Google Ads data solely to provide user-facing features within LeadsForce360, including:

Connecting and managing Google Ads accounts
Creating, managing, and reporting on Google Ads campaigns (where enabled by the user)
Syncing Google Ads lead form submissions into the LeadsForce360 CRM
Displaying campaign performance and lead analytics dashboards

Google Ads data is not used for unrelated purposes, profiling, or background data collection. Google Ads data is accessed only after the user explicitly initiates the integration and grants consent via Google’s OAuth authorization flow.

8.3 Limited Use Compliance (Google Requirement)

LeadsForce360's use and transfer of information received from Google APIs strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements. This means:

Google user data is used only to provide or improve user-facing features
Google user data is not used for advertising, remarketing, or resale
Google user data is not combined with data from other sources for prohibited purposes

Google Ads data obtained through Google APIs is not used for training machine learning or artificial intelligence models, whether generalized or personalized, unless explicitly initiated and consented to by the user

8.4 Data Sharing & Selling Restrictions

We do not sell, rent, license, or trade Google Ads user data to:

Data brokers
Advertising networks
Analytics resellers
Any third party for marketing or profiling purposes

Google Ads data is shared only with secure infrastructure providers strictly necessary to operate the platform, and only under contractual confidentiality and data-protection obligations.

8.5 Human Access & Internal Review

LeadsForce360 does not allow routine human access to Google Ads data. Our employees or contractors may access Google Ads data only when:

Required to resolve a support request initiated by you
Necessary for security investigations or fraud prevention
Required to comply with applicable law or legal obligations

All such access is logged, limited, and monitored.

8.6 Data Security & Encryption

All Google Ads data transmitted to or from LeadsForce360 is protected using industry-standard encryption, including:

HTTPS / TLS encryption (128-bit or higher) for data in transit
Secure authentication and access-control mechanisms
Role-based access controls to prevent unauthorized access

Sensitive identifiers such as raw IP addresses or session-level identifiers are handled in accordance with Google's privacy-first technical requirements effective 2026.

8.7 Data Retention & Deletion

Google Ads data is retained only for as long as necessary to provide the enabled features. You may:

Disconnect your Google Ads account at any time from the LeadsForce360 platform
Revoke access through your Google Account security settings

Upon revocation or request, Google Ads data will be deleted or anonymized within three (3) business days, unless retention is required by applicable law.

8.8 User Control & Opt-Out

You remain in full control of your Google Ads integration. You may:

Enable or disable Google Ads features at any time
Disconnect your Google account from LeadsForce360
Request deletion of synced Google Ads data via our support channels

9. Data Retention

Data is retained for the duration of an active subscription. After subscription termination, data may be retained for:

Legal and regulatory compliance
Audit and accounting requirements
Dispute resolution

Customers may request data export or deletion, subject to applicable laws.

10. Your Rights & Choices

Subject to applicable laws, you may have the right to:

Access your data
Request correction of inaccurate information
Request deletion of data (where legally permitted)
Deactivate or terminate your account

Requests can be submitted through our official support channels.

11. Third-Party Services & Links

LeadsForce360 may integrate with third-party services such as messaging platforms, email providers, and payment gateways.

We are not responsible for the privacy practices of these third parties. Please review their policies separately.

12. Children’s Privacy

LeadsForce360 is a business-focused platform and is not intended for individuals under 18 years of age.

We do not knowingly collect data from minors.

13. Compliance With Indian Law

This Privacy Policy complies with:

Information Technology Act, 2000
IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Applicable consumer and data-protection laws in India

14. Changes to This Policy

We may update this Privacy Policy from time to time.

Updates will be posted on this page with a revised “Last Updated” date. Continued use of the Services constitutes acceptance of the revised policy.

15. Contact Information

For privacy-related questions or requests:

📧 Email: support@leadsforce360.com
🌐 Website: https://www.leadsforce360.com

WinishTech IT Solutions Pvt. Ltd.

Ready to Transform your Business?

Get started with LeadsForce360 today to manage leads, attendance, field operations, orders, and reports efficiently. Empower your business globally with AI-driven workflows.