Privacy Policy

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Atrall ERP (Enterprise Resource Planning) cloud-based application and related services ("Services"). This policy applies to all users of our Services, including small and medium-sized enterprises (SMEs) and their employees in Sri Lanka and internationally.

1. Information We Collect

1.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, company name, job title, and business address
• Business Information: Company size, industry, business type, and financial information
• User Credentials: Username, password, and authentication data

1.2 Business Data

As an ERP solution, we may process various types of business data:

• Financial Data: Invoices, payments, expenses, budgets, and financial reports
• Inventory Data: Product catalogs, stock levels, and supply chain information
• Customer Data: Customer contact information, order history, and preferences
• Employee Data: HR records, payroll information, and performance data
• Operational Data: Project management, workflow processes, and business analytics

1.3 Technical Information

• Usage Data: Login times, feature usage, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Server logs, error reports, and performance metrics
• Cookies and Tracking: Session cookies, analytics cookies, and similar technologies

2. How We Collect Information

2.1 Direct Collection

• Information you provide when creating an account
• Data you input into the ERP system
• Communications with our support team
• Feedback, surveys, and customer service interactions

2.2 Automatic Collection

• Usage analytics and system monitoring
• Cookies and similar tracking technologies
• Server logs and system diagnostics
• Integration with third-party services (with your consent)

2.3 Third-Party Sources

• Business partners and service providers
• Public databases and business registries
• Payment processors and financial institutions

3. How We Use Your Information

3.1 Service Provision

• Providing and maintaining the ERP application
• Processing transactions and managing business operations
• Generating reports and analytics
• Managing user accounts and access controls

3.2 Business Operations

• Customer support and technical assistance
• Service improvements and feature development
• Security monitoring and fraud prevention
• Compliance with legal obligations

3.3 Communication

• Service updates and maintenance notifications
• Security alerts and important announcements
• Marketing communications (with your consent)
• Customer feedback and satisfaction surveys

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Hosting and infrastructure services
• Payment processing and financial services
• Customer support and communication tools
• Analytics and performance monitoring
• Security and fraud prevention

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Multi-factor authentication and role-based access controls
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Physical Security: Secure data centers with 24/7 monitoring
• Regular Audits: Security assessments and penetration testing

5.2 Data Backup and Recovery

• Regular automated backups with multiple redundancy
• Disaster recovery procedures and business continuity planning
• Data retention policies aligned with business needs

6. Data Retention

6.1 Retention Periods

• Account Data: Retained while your account is active and for a reasonable period after deactivation
• Business Data: Retained according to your business requirements and legal obligations
• Log Data: Retained for security and troubleshooting purposes (typically 12-24 months)
• Marketing Data: Retained until you withdraw consent or unsubscribe

6.2 Data Deletion

Upon account termination or data deletion requests, we will:

• Delete or anonymize personal information within 30 days
• Retain business data as required by law or business agreements
• Provide confirmation of data deletion

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access and review your personal information
• Update or correct inaccurate data
• Request deletion of your personal information
• Export your data in a portable format
• Restrict or object to certain data processing

7.2 Communication Preferences

• Opt-out of marketing communications
• Choose your preferred communication channels
• Set notification preferences
• Manage cookie preferences

7.3 Data Portability

You can export your business data at any time through our self-service tools or by contacting our support team.

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure adequate protection through:

• Standard contractual clauses approved by data protection authorities
• Adequacy decisions for countries with equivalent data protection standards
• Certification schemes and codes of conduct
• Regular assessments of data transfer risks

9. Cookies and Tracking Technologies

9.1 Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Performance Cookies: Help us understand how the application is used
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into user behavior and system performance

9.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. However, disabling certain cookies may affect application functionality.

10. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

11. Third-Party Services

Our application may integrate with third-party services. Each third-party service has its own privacy policy, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying in-app notifications

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

14. Data Breach Response

In the unlikely event of a data breach, we will:

• Immediately investigate and contain the incident
• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Implement additional security measures to prevent recurrence

This Privacy Policy is effective as of the date listed above and applies to all users of our ERP cloud-based application and related services.