Privacy and Policy

Our system is built on best value services and provides the features your business truly needs.

Please read this policy carefully to understand how we handle your data.

Last Updated: September 20, 2025

1. Introduction

Welcome to Nalu CRM ("we," "our," or "us"). We are committed to protecting your privacy and the data of your business and clients. This Privacy Policy explains how we collect, use, and safeguard your information when you use our CRM services via our website nalucrm.com or our mobile application.

2. Information We Collect

To provide our CRM services, we collect the following types of data:

  • Account Information: Your name, business name, email address, and phone number used for registration.
  • CRM Data (Your Client Data): Information you input regarding your customers (names, phone numbers, addresses) and their vehicles (VIN, make, model, photos). You retain ownership of this data.
  • Financial Data: Transaction history, invoice details, and service pricing. We do not store full credit card numbers; payments are processed securely via third-party providers (e.g., Stripe).
  • Usage Data: Information about how you use the app, such as feature usage logs and device information, to improve our service.

3. How We Use Your Information

We use the collected data strictly for the following purposes:

  • To provide and maintain the CRM functionality (scheduling, invoicing, client management).
  • To process payments and generate PDF invoices.
  • To provide customer support and respond to your inquiries.
  • To improve our app's performance and develop new features.

3.1. Google Calendar Data Usage

Nalu CRM integrates with Google Calendar to provide two-way appointment synchronization. This integration is optional and requires explicit user authorization.

3.2. Data we access

With the user's consent, our application may access the following Google Calendar API scopes:

  • https://www.googleapis.com/auth/calendar.events - Used to create, edit, and delete events in the user’s Google Calendar that correspond to appointments created or modified within the CRM.
  • https://www.googleapis.com/auth/calendar.readonly - Used to read the user's existing calendar events and display them inside the CRM.

We do NOT access or modify calendar settings, sharing permissions, ACLs, or any other restricted data.

3.3. How the data is used

  • Display the user’s Google Calendar events inside the CRM.
  • Create or update Google Calendar events that match CRM appointments.
  • Keep the user’s schedules synchronized between both systems.

No other use of Google Calendar data occurs.

3.4. Data storage and protection

A Google Calendar refresh token is stored securely on our server and is used only to maintain calendar synchronization. Google Calendar data is never shared, sold, or transmitted to third parties.

3.5. User control

Users may revoke Google access at any time via:
https://myaccount.google.com/permissions

4. Data Sharing and Disclosure

We do not sell your personal data or your clients' data to third parties. We may share data only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate (e.g., cloud hosting providers like AWS, payment processors like Stripe).
  • Legal Requirements: If required by law or to protect our rights.

5. Data Security

We implement industry-standard security measures to protect your data from unauthorized access, alteration, or destruction. Your data is stored on secure cloud servers with encryption protocols.

6. Your Rights

You have the right to access, correct, or delete your personal data stored in our system. If you wish to delete your account and all associated data, please contact our support team.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: info@nalucrm.com
Website: nalucrm.com