Summary: This Privacy Policy explains how Unisoftwares (“we”, “us”, “our”) collects, uses, shares, and protects personal data in connection with the Frontforce CRM platform and our websites, apps, and related services (the “Services”). It is designed to meet transparency requirements under the EU/UK GDPR and provide disclosures required by certain U.S. laws (including California’s CCPA/CPRA). Where differences apply, we explain them below.

1) Who we are & how to contact us

Controller (for our own business operations & marketing): Unisoftwares (d/b/a Frontforce CRM).

Processor (for customer data inside the CRM): We act as a data processor/service provider to our business customers (“Customers”) for personal data that they input into the Services. Customers are the data controllers of that data. Our processing terms are set out in our Data Processing Addendum (“DPA”).

• Contact email: [email protected]
• Postal address: Infotain LLC, 131 Continental Dr, Suite 305, Newark, Delaware 19713
• Data Protection Officer (if appointed, Art. 37): [Nauman Khan, [email protected]]

2) What data we collect

• Account & billing data: name, email, phone, company, billing address, plan, transaction records (last 4 of card, tokens from our payment processor).
• Service usage & logs: app telemetry, IP address, device/browser info, timestamps, pages/features used, performance metrics, crash logs.
• Communications: support chats/emails/calls, survey responses, marketing preferences.
• Customer CRM content (“Customer Data”): contacts, messages, files, recordings, and other content uploaded or connected by a Customer. Customers control this content; we process it under their instructions.
• Cookies & similar technologies: analytics, authentication, preference storage, and—where you consent—marketing/advertising cookies. See our Cookie Notice.

3) Sources of personal data

We collect data directly from you (e.g., sign‑up, in‑app), automatically from your device when you use the Services, and from third parties (e.g., identity providers, payment and telecom partners) as permitted by law.

4) Purposes & legal bases (EU/UK GDPR)

We process personal data under one or more lawful bases (GDPR Art. 6):

• Contract (Art. 6(1)(b)): to create and manage your account, provide and support the Services, and process payments.
• Legitimate interests (Art. 6(1)(f)): to secure and improve the Services (including analytics, preventing abuse, quality assurance), to communicate non‑marketing service updates, and to protect legal rights. We balance these interests against your rights and reasonable expectations.
• Consent (Art. 6(1)(a)): for optional activities such as email marketing or non‑essential cookies. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and regulatory requirements.

5) How we use personal data

• Provide, maintain, and improve the Services; personalize features and content.
• Authenticate users; prevent spam, fraud, and misuse; ensure security and integrity.
• Provide support; communicate about service changes and important notices.
• Process payments and manage subscriptions, trials, and promotions.
• Comply with law and enforce agreements.

6) Automated decision‑making & AI features

Frontforce CRM includes optional AI‑assisted features (e.g., drafting content or classifying conversations). These features may rely on models hosted by us or our subprocessors. We do not make decisions producing legal or similarly significant effects solely by automated processing without human involvement. Customers may configure automations that trigger workflows based on defined rules; Customers are responsible for their own use cases.

7) Disclosures & international transfers

• Service providers/sub‑processors: hosting, storage, analytics, email/telecom, payments, and support tooling bound by confidentiality and data‑processing obligations.
• Affiliates & corporate transactions: for group operations or in connection with a merger, acquisition, or asset sale.
• Legal & safety: to comply with law, respond to lawful requests, or protect rights, safety, and property.

Where personal data is transferred outside the EEA/UK (e.g., to Pakistan or the U.S.), we rely on appropriate safeguards such as the EU/UK Standard Contractual Clauses and, where necessary, supplementary measures. Copies of relevant transfer mechanisms can be provided on request, subject to redaction.

8) Retention

We retain personal data for as long as necessary to fulfill the purposes described above, including to meet legal, accounting, or reporting requirements. Typical periods include: account data for the life of the account; support records & logs for ~12–24 months; financial records for 7 years. Customer Data retention is controlled by the Customer; we delete or return Customer Data on contract termination or upon instruction, subject to standard backup cycles.

9) Your rights

EU/UK (GDPR)

You may request access, rectification, erasure, restriction, and portability, and you may object to processing based on legitimate interests, and withdraw consent where processing relies on consent. We respond within one month (extendable by two months for complex requests). You may lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

Residents of California have the rights to know, access, correct, delete, and to opt‑out of “sale” or “sharing” of personal information, and to limit the use/disclosure of sensitive personal information. We do not “sell” personal information as defined by the CPRA. If we “share” personal information for cross‑context behavioral advertising, we will provide a “Your Privacy Choices” / “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control signals.

10) Cookies & tracking

We use essential cookies for core functionality and, with consent where required, analytics and advertising cookies. Manage choices via our cookie banner or your browser settings. See our Cookie Notice for details and retention periods.

11) Children

The Services are not directed to children under 16 (or lower age where permitted by local law, but not below 13). We do not knowingly process children’s data without appropriate consent or another lawful basis.

12) Security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, and unauthorized access. No method of transmission or storage is perfectly secure.

13) How to exercise your rights

• EU/UK: Email [email protected] with “GDPR Request” and your request type.
• California: Use the “Your Privacy Choices” link (if available) or email [email protected].
• We may need information to verify your identity and authority before fulfilling a request.

14) Changes to this Policy

We will post any changes on this page with an updated effective date and, where material, provide a more prominent notice.