Privacy Policy

Effective Date: 22/05/2026
Website: https://www.zitow.com
Company / Brand Name: Zitow
Legal Entity Name: Zitow Technologies
Privacy Email: support@zitow.com
Grievance Contact: support@zitow.com

Zitow Technologies, operating under the brand name Zitow, respects your privacy and is committed to protecting personal data. This Privacy Policy explains how Zitow collects, uses, stores, shares, transfers, and protects personal data when you visit our website, use our SaaS applications, create an account, subscribe to our services, contact us, or otherwise interact with us.

Zitow provides SaaS-based ERP, Accounting, CRM, HRM, POS, inventory, sales, business management, and related software services.

This Privacy Policy is intended to address applicable privacy requirements, including the European Union General Data Protection Regulation, also known as the GDPR, and India’s Digital Personal Data Protection Act, 2023, also known as the DPDP Act.

By using Zitow’s website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to zitow.com

  • Customers and prospective customers

  • Registered users of Zitow applications

  • Administrators and staff users of customer accounts

  • Individuals whose data is entered into Zitow by customers, including employees, customers, suppliers, vendors, leads, business contacts, or end customers

  • Users who contact Zitow for support, sales, billing, or technical assistance

This Privacy Policy does not replace any separate agreement between Zitow and its customers, including any SaaS subscription agreement, Terms of Service, Data Processing Agreement, or service contract.

2. Who We Are and Our Role

For data protection purposes, Zitow may act in different roles depending on the situation.

A. Zitow as Controller / Data Fiduciary

Zitow acts as a data controller under GDPR, or data fiduciary under India’s DPDP framework, when we decide why and how personal data is processed.

This may include processing related to:

  • Website visitors

  • Sales inquiries

  • Customer account management

  • Billing and subscriptions

  • Marketing communications

  • Product analytics

  • Security monitoring

  • Customer support

  • Legal and business administration

B. Zitow as Processor / Data Processor

Zitow acts as a data processor under GDPR, or data processor under India’s DPDP framework, when we process customer business data on behalf of a customer.

For example, when a business customer uses Zitow to manage its ERP, accounting, CRM, HRM, payroll, POS, sales, inventory, employees, customers, suppliers, or business records, the customer usually decides what data is entered into Zitow and why it is processed.

In such cases, the customer is generally responsible for determining the legal basis for processing the data, and Zitow processes the data according to the customer’s instructions and applicable agreements.

3. Personal Data We Collect

We may collect and process the following categories of personal data.

A. Account and Identity Data

  • Name

  • Email address

  • Phone number

  • Business name

  • Job title or role

  • Username

  • Password or authentication credentials

  • User ID

  • Account settings

  • Profile details

  • User role and permission level

B. Business and Subscription Data

  • Company details

  • Billing details

  • Tax information, where applicable

  • Subscription plan

  • Payment status

  • Invoice records

  • Order history

  • Contract details

  • Support plan details

C. ERP and Business Operations Data

Depending on the modules used by a customer, Zitow may process data related to:

  • Products and services

  • Inventory and stock records

  • Warehouses and branches

  • Purchase orders

  • Sales orders

  • Quotations

  • Invoices

  • Suppliers and vendors

  • Customers and contacts

  • Delivery records

  • Business reports

  • Internal notes and uploaded documents

D. Accounting and Finance Data

Zitow may process accounting-related data, including:

  • Invoices

  • Receipts

  • Payments

  • Ledgers

  • Account balances

  • Tax-related fields

  • Expense records

  • Credit notes

  • Debit notes

  • Financial reports

  • Bank or payment references

  • Audit logs related to financial activities

Zitow is not responsible for determining a customer’s tax, accounting, statutory, or financial reporting obligations unless explicitly agreed in writing.

E. CRM Data

CRM modules may include:

  • Lead details

  • Customer contact information

  • Sales pipeline data

  • Communication history

  • Follow-up notes

  • Opportunity records

  • Sales team activities

  • Marketing preferences

  • Customer support history

F. HRM and Employee Data

If a customer uses Zitow HRM features, the platform may process HR and employment-related data, such as:

  • Employee name

  • Employee ID

  • Contact details

  • Department

  • Job role

  • Attendance records

  • Leave records

  • Work schedule

  • Salary or payroll-related fields, if enabled

  • Documents uploaded by the customer

  • Emergency contact details, if entered

  • Performance or administrative records, if enabled

HR and payroll data may be sensitive or confidential. Customers are responsible for ensuring they have a lawful basis to upload and process employee data in Zitow.

G. POS and Transaction Data

If a customer uses Zitow POS features, we may process:

  • Sales transactions

  • Return transactions

  • Product details

  • Customer details, if entered

  • Cashier or staff user details

  • Store or branch details

  • Discounts and promotions

  • Payment method references

  • Receipts

  • Shift records

  • POS device or terminal information

H. Support and Communication Data

When you contact Zitow, we may collect:

  • Messages sent to us

  • Support ticket details

  • Email communications

  • Chat messages

  • Call notes

  • Screenshots or files you provide

  • Technical troubleshooting information

  • Feedback and survey responses

I. Technical and Usage Data

When you use zitow.com or Zitow applications, we may collect:

  • IP address

  • Browser type

  • Device type

  • Operating system

  • Login time

  • Session activity

  • Pages or features accessed

  • Referring URLs

  • Error logs

  • Crash reports

  • Security logs

  • Audit logs

  • Approximate location derived from IP address

  • Cookie and analytics data

4. How We Use Personal Data

Zitow may use personal data for the following purposes:

  • To provide, operate, and maintain Zitow services

  • To create and manage user accounts

  • To provide ERP, Accounting, CRM, HRM, POS, inventory, sales, reporting, and related SaaS features

  • To process subscriptions, invoices, payments, and billing records

  • To provide customer support and technical assistance

  • To improve product functionality and user experience

  • To monitor system performance, availability, and reliability

  • To detect, prevent, and investigate fraud, misuse, unauthorized access, or security incidents

  • To manage user roles, permissions, and authentication

  • To maintain audit logs and system records

  • To communicate service updates, security alerts, and administrative messages

  • To send marketing communications where permitted by law

  • To comply with legal, tax, accounting, regulatory, and contractual obligations

  • To enforce our terms, agreements, and policies

  • To protect the rights, property, and safety of Zitow, our customers, users, and others

5. Legal Basis for Processing Under GDPR

Where GDPR applies, Zitow processes personal data only where there is a lawful basis, such as:

  • Contract: where processing is necessary to provide services or take steps before entering into a contract.

  • Consent: where you have given clear permission for a specific purpose.

  • Legal obligation: where processing is necessary to comply with legal, tax, accounting, or regulatory obligations.

  • Legitimate interests: where processing is necessary for Zitow’s business, security, service improvement, fraud prevention, or customer support interests, provided your rights do not override those interests.

  • Vital interests: where processing is necessary to protect someone’s life or safety.

  • Public interest: where applicable under law.

6. Processing Under India’s DPDP Act

Where India’s DPDP Act applies, Zitow will process digital personal data in accordance with applicable DPDP requirements.

Where Zitow acts as a Data Fiduciary, we aim to process personal data for lawful purposes and provide appropriate notice where required.

Where consent is required, we aim to ensure that consent is free, specific, informed, unambiguous, and capable of being withdrawn in accordance with applicable law.

Where Zitow acts as a Data Processor for a customer, Zitow processes personal data on behalf of that customer according to contractual instructions and applicable law.

Under India’s DPDP framework, individuals are generally referred to as Data Principals, and organizations determining the purpose and means of processing are generally referred to as Data Fiduciaries.

7. Customer Responsibilities

Because Zitow is a SaaS platform used by businesses, customers are responsible for how they use the platform and what data they upload.

Customers must:

  • Ensure they have a lawful basis, consent, contract, employment basis, legal obligation, or other valid ground to collect and process personal data in Zitow.

  • Provide required notices to their employees, customers, suppliers, vendors, leads, and other individuals.

  • Ensure that personal data entered into Zitow is accurate and necessary.

  • Avoid uploading unnecessary sensitive or confidential data.

  • Configure user roles, access permissions, and security settings properly.

  • Keep login credentials secure.

  • Ensure their use of Zitow complies with applicable employment, accounting, tax, consumer, data protection, and privacy laws.

  • Respond to requests from individuals whose data they control, unless Zitow is legally required to respond directly.

Zitow is not responsible for the legality of personal data that customers choose to upload, store, or process through the platform.

8. Sensitive, Confidential, and Special Category Data

Zitow’s services may be used to process confidential business data and, depending on customer use, personal data that may be sensitive under applicable law.

This may include:

  • Salary or payroll information

  • Employee records

  • Tax or identity-related data

  • Financial records

  • Customer transaction history

  • Business accounting records

  • Access logs and audit trails

  • Documents uploaded by customers

Customers should not upload sensitive personal data unless it is necessary for their use of Zitow and they have a valid legal basis to do so.

Where GDPR applies, special categories of personal data should only be processed where permitted under GDPR. Where Indian law applies, customers should ensure that their processing complies with applicable DPDP requirements and any sector-specific laws.

9. Cookies and Similar Technologies

Zitow may use cookies, pixels, local storage, tags, scripts, and similar technologies on zitow.com and within our applications.

We may use these technologies for:

  • Website functionality

  • Login sessions

  • Security

  • Remembering preferences

  • Performance monitoring

  • Analytics

  • Product improvement

  • Fraud prevention

  • Payment checkout support

Zitow may use the following cookie or tracking-related tools:

Tool / Provider Purpose
Zitow application cookies Login sessions, authentication, security, and user preferences
Google Analytics Website analytics, visitor behavior, traffic measurement, and service improvement
Razorpay checkout tools Payment processing and checkout support
Namecheap hosting tools Hosting, server performance, technical logs, email, and service operation
Namecheap error monitoring / hosting tools Technical troubleshooting, server logs, error detection, and service reliability

At this time, Zitow has not identified whether a separate CDN/security provider or cookie banner tool is being used. If Zitow later uses a CDN, security service, or cookie consent banner, this Privacy Policy may be updated to include those providers.

Where required by law, Zitow will request consent before using non-essential cookies, such as analytics or marketing cookies.

You can manage cookies through your browser settings. Disabling cookies may affect website or application functionality.

10. Analytics, Product Usage, and Improvement

Zitow may collect analytics and usage data to understand how users interact with our website and SaaS applications.

This may include:

  • Feature usage

  • Login frequency

  • Error events

  • Performance data

  • Page views

  • Device and browser information

  • User journey patterns

Zitow uses Google Analytics for website analytics and usage measurement.

We use analytics information to improve performance, fix bugs, develop new features, enhance security, and improve customer experience.

Where possible, analytics data may be aggregated or anonymized.

11. Payment and Billing Information

If you purchase a subscription or paid service, payment may be processed through third-party payment providers.

Zitow uses Razorpay as its payment provider.

Zitow may store billing records, invoices, payment status, subscription plan details, tax details, and transaction references.

Zitow does not intend to store full payment card details unless explicitly stated and handled through compliant payment systems. Payment information may be processed directly by Razorpay according to Razorpay’s own terms, privacy policy, and legal obligations.

12. Sharing of Personal Data

Zitow does not sell personal data.

We may share personal data with trusted third-party service providers where necessary to operate, secure, improve, and deliver Zitow services.

Current known providers include:

Provider Purpose
Namecheap Website hosting, email services, hosting tools, server logs, and technical infrastructure
Google Analytics Website analytics and usage measurement
Razorpay Payment processing, checkout, transaction verification, and billing support
Zitow Technologies internal systems Account management, support, service delivery, security, and administration

We may also share data with:

  • Cloud hosting and infrastructure providers

  • Database and storage providers

  • Payment-related providers

  • Email and communication providers

  • Analytics providers

  • Security, monitoring, and error detection providers

  • Professional advisers, such as lawyers, auditors, and accountants

  • Government authorities, regulators, courts, or law enforcement where required by law

  • Business partners or subcontractors where necessary to deliver requested services

  • Parties involved in a merger, acquisition, financing, restructuring, or sale of business assets

Third-party service providers are expected to process personal data only as necessary to provide services to Zitow and to apply appropriate security protections.

13. Sub-processors

Zitow may use third-party sub-processors to provide hosting, infrastructure, email, analytics, payment, support, monitoring, and security-related services.

The current known sub-processors are:

Sub-processor Service Provided Data That May Be Processed
Namecheap Hosting, email, server infrastructure, technical logs, and hosting tools Website data, server logs, email-related data, technical records, IP addresses, and service operation data
Google Analytics Website analytics and visitor behavior measurement IP address, device information, browser details, usage activity, pages visited, and analytics identifiers
Razorpay Payment processing and checkout services Billing details, payment status, transaction references, contact details, and payment-related information
Namecheap error monitoring / hosting tools Error detection, server logs, technical troubleshooting, and service reliability Technical logs, error logs, server activity, IP address, and system performance data

Zitow has not currently identified whether a separate CDN/security provider or cookie banner provider is used. If such providers are added or identified later, Zitow may update this Privacy Policy or publish a separate Sub-processor List.

Where Zitow acts as a processor under GDPR, sub-processing will be handled according to the applicable Data Processing Agreement or customer contract.

14. Hosting Location and International Data Transfers

Zitow uses Namecheap for hosting and email-related services.

Zitow’s services, website, emails, technical data, logs, and related infrastructure may be hosted, stored, accessed, or processed in multiple countries depending on Namecheap’s infrastructure, service providers, technical requirements, and operational needs.

For the purpose of this Privacy Policy, Zitow may process data across all countries where Zitow, Namecheap, Razorpay, Google Analytics, or other relevant service providers operate.

Personal data may therefore be stored or processed in countries other than your country of residence.

Where GDPR applies and personal data is transferred outside the EU/EEA, Zitow will use appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

Where India’s DPDP Act applies, cross-border transfers will be handled in accordance with applicable Indian data protection requirements and any restrictions or rules issued by the Government of India.

15. Data Retention

Zitow retains personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods may vary depending on:

  • Subscription status

  • Customer account settings

  • Contractual requirements

  • Legal, tax, accounting, or audit obligations

  • Security and fraud prevention needs

  • Backup cycles

  • Dispute resolution requirements

  • Support and service history

  • Applicable laws in the customer’s country

Because exact retention periods may vary by service, law, and customer configuration, Zitow applies retention based on business necessity, customer instructions, legal obligations, and operational requirements.

Examples:

  • Account and billing records may be retained for legal, accounting, and tax purposes.

  • ERP, CRM, HRM, Accounting, and POS data may be retained for the duration of the customer’s subscription.

  • Support tickets may be retained to resolve issues and maintain service history.

  • Logs may be retained for security, troubleshooting, and audit purposes.

  • Backup copies may remain for a limited period after deletion until overwritten or securely removed.

When personal data is no longer required, Zitow will delete, anonymize, or restrict access to it as appropriate.

16. Data Export, Deletion, and Account Termination

Customers may request export or deletion of their account data, subject to technical feasibility, contractual terms, and legal obligations.

Upon termination of services:

  • Customers should export required data before cancellation or termination.

  • Zitow may delete or disable access to customer data after a reasonable period.

  • Some data may be retained where required for legal, tax, accounting, security, fraud prevention, or dispute resolution purposes.

  • Backup copies may remain for a limited period before being deleted according to backup retention cycles.

Zitow may provide additional data export or deletion terms in its Terms of Service, SaaS Agreement, or Data Processing Agreement.

17. Data Security

Zitow uses reasonable technical, organizational, and administrative measures to protect personal data.

These measures may include:

  • Secure hosting

  • Access controls

  • Role-based permissions

  • Password protection

  • Encryption where appropriate

  • HTTPS/TLS protection

  • Audit logs

  • Backup systems

  • Activity monitoring

  • Security testing

  • Restricted employee or contractor access

  • Vendor security controls

  • Incident response procedures

Customers are responsible for configuring access permissions correctly, using strong passwords, limiting administrator access, and ensuring their own devices and networks are secure.

No system can be guaranteed to be completely secure. Zitow cannot guarantee absolute protection against all security risks.

18. Data Breach and Security Incident Notification

If Zitow becomes aware of a personal data breach or security incident affecting personal data, we will take reasonable steps to investigate, contain, and remediate the incident.

Where required by applicable law, Zitow will notify affected customers, users, regulators, or authorities.

Where Zitow processes data on behalf of a customer, Zitow will notify the relevant customer as required under the applicable agreement or law, so that the customer can meet its own legal obligations.

19. Your Rights Under GDPR

If GDPR applies to your personal data, you may have the following rights:

  • Right to access your personal data

  • Right to correct inaccurate or incomplete data

  • Right to deletion, also known as the right to erasure

  • Right to restrict processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent where processing is based on consent

  • Right not to be subject to certain automated decisions

  • Right to lodge a complaint with a data protection supervisory authority

To exercise your rights, contact us at:

Email: support@zitow.com

If your data is controlled by a Zitow customer, we may direct your request to that customer.

20. Your Rights Under India’s DPDP Act

If India’s DPDP Act applies to your personal data, you may have rights as a Data Principal, including:

  • Right to access information about personal data processing

  • Right to correction of inaccurate or misleading personal data

  • Right to completion of incomplete personal data

  • Right to update personal data

  • Right to erasure of personal data, where applicable

  • Right to withdraw consent, where processing is based on consent

  • Right to grievance redressal

  • Right to nominate another individual to exercise your rights in the event of death or incapacity, where applicable

To exercise these rights, contact us at:

Email: support@zitow.com

If your data is processed by Zitow on behalf of a business customer, we may forward or redirect your request to the relevant customer.

21. Consent and Withdrawal of Consent

Where Zitow relies on consent to process personal data, you may withdraw consent at any time.

Withdrawal of consent will not affect processing that occurred before withdrawal.

If consent is withdrawn, Zitow may stop providing certain features or services where the data is necessary for those services.

To withdraw consent, contact:

Email: support@zitow.com

22. Marketing Communications

Zitow may send marketing communications about products, services, updates, offers, and business information where permitted by law.

You may opt out of marketing communications by:

  • Clicking the unsubscribe link in an email, where available

  • Contacting us at support@zitow.com

Even if you opt out of marketing communications, Zitow may still send service-related, transactional, billing, legal, or security communications.

23. Automated Decision-Making

Zitow does not currently use personal data for automated decision-making that produces legal or similarly significant effects on individuals.

If this changes, Zitow will update this Privacy Policy and provide appropriate notice where required by law.

24. Children’s Privacy

Zitow’s services are intended for business use and are not directed to children.

Customers should not use Zitow to collect or process children’s personal data unless they have a lawful basis and comply with applicable child data protection requirements.

If we become aware that personal data of a child has been collected unlawfully, we will take reasonable steps to delete or restrict such data, subject to customer instructions and legal obligations.

25. Third-Party Links and Integrations

Zitow may contain links to third-party websites, applications, payment systems, plugins, or integrations.

Zitow is not responsible for the privacy practices, security, or content of third-party services.

Customers who enable third-party integrations are responsible for reviewing and accepting the privacy and security practices of those third-party providers.

26. API, Integrations, and Connected Services

Zitow may allow customers to connect third-party applications, APIs, payment providers, e-commerce platforms, accounting tools, communication tools, or other business systems.

When a customer enables an integration, data may be shared between Zitow and the connected service.

Customers are responsible for:

  • Ensuring they have authority to connect third-party services

  • Reviewing third-party terms and privacy policies

  • Managing permissions granted to integrations

  • Disabling integrations that are no longer required

27. Audit Logs and User Activity

For security, compliance, troubleshooting, and accountability, Zitow may maintain logs of user activity.

These may include:

  • Login activity

  • User actions

  • Record creation or modification

  • Permission changes

  • Transaction updates

  • System errors

  • Security events

  • IP addresses

  • Device and browser information

Audit logs may be retained to support security, legal, accounting, and operational requirements.

28. Business Transfers

If Zitow is involved in a merger, acquisition, restructuring, financing, sale of assets, or transfer of business, personal data may be transferred as part of that transaction.

Where required by law, Zitow will provide notice and ensure appropriate safeguards are applied.

29. Grievance Redressal and Privacy Contact

If you have questions, complaints, or requests about this Privacy Policy or Zitow’s handling of personal data, contact:

Privacy / Grievance Contact: support@zitow.com
Email: support@zitow.com

For India, Zitow will provide a grievance redressal mechanism as required under applicable law.

For EU/EEA users, you may also have the right to contact your local data protection supervisory authority.

30. Changes to This Privacy Policy

Zitow may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, security practices, or data processing activities.

When we update this Privacy Policy, we will revise the “Effective Date” at the top of this page.

We encourage users to review this page periodically.

31. Contact Us

For any privacy-related questions, requests, or complaints, please contact:

Zitow Technologies
Website: https://www.zitow.com
Email: support@zitow.com
Privacy / Grievance Contact: support@zitow.com

 

Billing, Accounting, Inventory, POS, CRM, HRM apps for small and medium businesses

Logo

Company

Products

Logo

Features

Resources