Legal · Privacy

Privacy Policy

Last updated: June 2026
Template notice. This is a working draft. If you process data of customers in the EU/UK or handle particularly sensitive data (health, financial PII at scale), please have a privacy lawyer review and adapt this for GDPR/UK-DPA specifics in addition to Pakistan's data-protection requirements.

This Privacy Policy explains how ERP ("we", "us") collects, uses, and protects information when you use our Service.

1. Who we are

ERP is operated from Pakistan. We are the "data controller" for the account-level information of our customers (the workspace owner and team users). The customer is the data controller for the business data they store inside their workspace (their customers, suppliers, inventory, etc.) — we act as the "data processor" for that data.

2. What we collect

2.1 Information you give us directly

2.2 Information collected automatically

2.3 Information YOU upload (business data)

Anything you enter inside your workspace — customer records, products, invoices, accounting entries, attachments, etc. We process this on your behalf as a data processor. We do not analyse it for marketing or any purpose other than running your workspace.

3. How we use your information

We use the information we collect to:

We do not sell your personal data. We do not use your business data to train AI models or share it with advertisers.

4. How we store & protect your data

5. Third-party services we use

We rely on a small set of vetted infrastructure providers. They process limited data strictly to enable the Service:

Each provider has their own privacy policy. We choose providers that maintain enterprise-grade security and respect customer data privacy.

6. Your rights

You have the right to:

To exercise these rights, email contact{{ $host }} from the account email on file. We respond within 30 days.

7. Cookies

We use only essential cookies:

We do not use tracking cookies, advertising cookies, or third-party analytics scripts that track you across the web.

8. Data retention

While your workspace is active, we retain your data indefinitely so you can use it. When your subscription ends:

9. International data transfers

Your primary database is hosted in [data center region — currently the same region as your account]. Backups are stored on Backblaze B2 / AWS S3 servers which may be located outside Pakistan. We rely on these providers' security and data-protection commitments.

10. Children

The Service is intended for use by businesses and adults aged 18 or older. We don't knowingly collect personal information from anyone under 18. If we learn we have, we delete it immediately.

11. Changes to this policy

We may update this Privacy Policy as our practices evolve. We'll notify you by email or in-app notice for material changes at least 30 days before they take effect.

12. Contact

Privacy questions or to exercise your rights:

See also our Terms of Service and Refund Policy.