Home Products Pricing Blog Reviews About Contact

Privacy Policy

How Narevek collects, uses, shares, and protects your personal data.

Last Updated: 28 May 2026  |  Effective Date: 28 May 2026

This Privacy Policy explains how Narevek Technologies ("Narevek", "we", "us", "our") collects, processes, stores, shares, and safeguards personal data when you use our mobile applications, website, and related services (collectively, "Services"). Please read this policy carefully before using our Services.

1. Scope and Applicability

This Privacy Policy applies to all products and services offered under the Narevek brand:

By downloading, installing, registering for, or using any Narevek application or website, you ("Data Principal" under the DPDP Act, 2023, or "Provider of Information" under the SPDI Rules, 2011) acknowledge that you have read, understood, and consent to the data practices described in this Policy. If you do not agree to this Privacy Policy, please do not use our Services.

2. Data Fiduciary / Controller

Under the Digital Personal Data Protection Act, 2023, Narevek Technologies is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.

3. Information We Collect

We collect only the information necessary to provide and improve our Services. Data collection is governed by the principle of data minimisation.

3.1 Information You Provide Directly

a) Account & Registration Data

b) Business Data You Enter into Our Applications

As a B2B multi-tenant platform, the business data you enter is your data. You retain ownership. Categories include:

c) Payment Information

Subscription payments are processed by RBI-authorised third-party payment gateways. We receive only transaction status confirmation and a masked payment identifier (last 4 digits of card, or UPI ID). We do not store, transmit, or have access to your full card number, CVV, PIN, or UPI credentials at any time.

d) Communications

Messages, support requests, bug reports, feature suggestions, or any other communications you send to us via email, in-app chat, or contact forms.

3.2 Information Collected Automatically

3.3 Information from Third Parties

4. App Permissions (Android)

Our Android applications request device permissions only when required for a specific feature. Optional permissions are never accessed without your explicit, in-context action. You may revoke any permission at any time via Device Settings > Apps > [Narevek App] > Permissions.

Permission Purpose Type
INTERNET Sync data securely with Narevek servers (HTTPS) Mandatory
CAMERA Scan barcodes / QR codes for inventory; capture visitor photographs in Visitor Management app Optional
READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE Import data files (CSV) and export reports (PDF) to/from device storage Optional
ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION Geo-tagged attendance check-ins — used only when this feature is explicitly enabled by the company administrator Optional
POST_NOTIFICATIONS Deliver business alerts: new lead assigned, quotation approved, task reminders, attendance alerts Optional
READ_CONTACTS Bulk-import device contacts into Narevek CRM — triggered only when the user explicitly initiates a contact import action Optional
RECEIVE_BOOT_COMPLETED Re-register the FCM push notification token after a device restart so notifications resume automatically Optional

We do not use any device permission for advertising, tracking, profiling, or any purpose beyond what is stated above.

5. Sensitive Personal Data or Information (SPDI)

Under Rule 3 of the SPDI Rules, 2011, the following categories are classified as Sensitive Personal Data or Information and are subject to heightened protection:

We handle SPDI as follows:

We do not collect SPDI relating to sexual orientation, political affiliation, or religious beliefs.

6. Consent

In accordance with the DPDP Act, 2023 (Section 6) and SPDI Rules, 2011 (Rule 5), we obtain consent before collecting personal data:

Withdrawal of Consent: You may withdraw consent at any time by emailing us at hello@narevek.com with the subject "Withdraw Consent". Withdrawal does not affect the lawfulness of processing prior to withdrawal. It may affect your ability to use certain features or the Services as a whole, and we will inform you of any such impact before acting on your withdrawal.

7. How We Use Your Information

We process your personal data for the following lawful purposes. We process data only to the extent necessary for each purpose.

We do not use your personal data for automated decision-making that produces significant legal effects, or for behavioural advertising.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to any third party. We share your information only in the following circumstances:

8.1 Authorised Service Providers (Data Processors)

We engage the following categories of processors who access your data solely to perform services on our behalf and under our instructions:

All processors are bound by written data processing agreements requiring them to: (a) process data only as instructed; (b) maintain confidentiality; (c) implement appropriate security measures; and (d) not engage sub-processors without our approval.

8.2 Legal Obligations

We may disclose personal data if required to do so by a court order, judicial process, government directive, or lawful demand from an authorised authority in India under the IT Act, 2000, Code of Criminal Procedure, or any other applicable law. We will, to the extent permitted by law, notify you of such disclosure.

8.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of our business assets, your data may be transferred to the successor entity. The successor will remain bound by this Privacy Policy, and we will notify you of any such transfer with reasonable advance notice.

8.4 Aggregated and Anonymised Data

We may publish aggregated, anonymised industry insights (e.g., "70% of Narevek CRM users close deals within 14 days") that cannot be used to identify any individual or company. No personal or business-identifiable data is shared in this form.

8.5 With Your Consent

We may share personal data with third parties in any other circumstance with your prior explicit consent.

9. Multi-Tenancy and Data Isolation

Narevek operates a strictly isolated multi-tenant architecture. Every company that registers on Narevek is assigned a unique company_id. All business data — customers, leads, employees, inventory, transactions, documents — is partitioned by company_id at the database level. This means:

10. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. When you grant notification permission, your Android device's FCM token is stored in our database linked to your user account. This token is used exclusively to deliver business-relevant notifications to your device. We do not use FCM tokens for advertising or share them with third parties outside of Firebase.

FCM tokens are immediately deleted when you:

11. Cookies and Analytics

Website (narevek.com):

Mobile Applications: Our mobile apps do not use browser cookies. Usage analytics within the apps are collected via Firebase Analytics in a fully anonymised and aggregated form.

12. Data Retention

We retain personal data only for as long as necessary for the stated purpose or as required by law.

13. Data Security

In compliance with Section 43A of the IT Act, 2000 and Rule 8 of the SPDI Rules, 2011, we implement the following reasonable security practices and procedures:

While we take every reasonable precaution, no data transmission or storage system is 100% immune to security risks. You are encouraged to use a strong, unique password and to report any suspected vulnerability to hello@narevek.com immediately.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, Narevek will:

15. Your Rights as Data Principal

Under the DPDP Act, 2023 (Chapter III) and the SPDI Rules, 2011, you have the following rights with respect to your personal data:

To exercise any of these rights, please email us at hello@narevek.com with the subject line "Data Principal Rights Request". We will acknowledge your request within 48 hours and fulfil it within 30 days, in accordance with the DPDP Act, 2023 and SPDI Rules, 2011.

We may need to verify your identity before processing the request to prevent fraudulent or unauthorised access to another person's data.

16. Children's Privacy

Narevek's business applications are designed for use by adults (18 years and above) in a professional capacity. We do not knowingly collect personal data from individuals under 18 years of age for account registration or individual use.

The Narevek School Management application is intended to be operated by educational institutions. Student and parent data entered into the School Management app is under the custody and responsibility of the institution (which acts as an independent Data Fiduciary or Data Processor under the DPDP Act). Institutions are responsible for obtaining all necessary parental/guardian consents required under applicable law before entering student data.

If you believe we have inadvertently collected personal data from a minor, please contact us immediately at hello@narevek.com and we will delete it promptly.

17. Third-Party Links and Services

Our applications and website may contain links to or integrations with third-party services, including payment gateways, WhatsApp Business API, and Google services. These third-party services operate under their own privacy policies, which we encourage you to review. Narevek is not responsible for the privacy practices, content, or availability of any third-party service. Your interactions with third-party services are at your own risk and are not governed by this Privacy Policy.

18. Cross-Border Data Transfers

Your personal data is primarily stored and processed within India. Certain service providers (such as Firebase / Google LLC) may process data in data centres located outside India. Such transfers are made only where:

19. Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our business practices, technology, legal requirements, or other factors. When we make material changes, we will:

Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Services and request account closure.

20. Grievance Redressal

You may raise a grievance regarding the processing of your personal data, exercise of your data rights, or any suspected privacy violation. If your grievance is not resolved to your satisfaction within 30 days, you may escalate it to the Data Protection Board of India (once constituted and operational under the DPDP Act, 2023) or approach the competent courts in India.

21. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our data practices:

This Privacy Policy applies to all products under the Narevek brand: Narevek CRM, Inventory Management, POS, Library Management, Visitor Management, HRMS, Manufacturing Execution System (MES), Attendance & Leave Management, Estore HUB, and School Management. By using any Narevek product, you acknowledge and accept this Policy in full.