Protecting customer privacy is a core part of how Vtiger operates.

• We do not sell customer data or use it for advertising purposes.
• We implement administrative, technical, and organizational safeguards designed to protect personal information and customer data from unauthorized access, disclosure, alteration, or destruction.
• Our security and privacy practices include encryption, access controls, monitoring, secure infrastructure, employee confidentiality obligations, and regular security reviews.
• We also maintain security and privacy programs aligned with recognized standards such as ISO 27001:2022 and ISO 27701:2019.

You can review those policies through Vtiger's Privacy Policy, Terms of Service, and Data Processing Addendum (DPA) pages. Customers who require a signed DPA may contact us or follow the instructions provided on the DPA page.

Yes. Vtiger supports compliance with major global privacy and data protection laws, including GDPR, UK GDPR, CCPA/CPRA, HIPAA, India's DPDPA, and other applicable regional privacy laws. We continuously monitor privacy regulations globally and update our practices to align with evolving legal requirements.

Yes. Vtiger has appointed representatives in jurisdictions where required under applicable privacy and cybersecurity laws, including GDPR Article 27, UK GDPR, Switzerland FADP/DSG, Turkey KVKK, NIS 2, and the EU Data Act. Customers and users may also contact us directly at [email protected].

Vtiger hosts customer data in regional data centers operated by trusted cloud infrastructure providers including:

• Amazon Web Services (AWS)
• Oracle
• Microsoft

Hosting regions include:

• European Union (Ireland and Germany)
• United Kingdom
• United States
• Asia (India and Singapore)
• Australia
• Africa
• United Arab Emirates (UAE)

Customers who wish to know their hosting region or request migration to another supported region may contact [email protected].

When customer data is hosted in a specific region, such as the European Economic Area (EEA), Vtiger ensures it remains stored within that region. In limited circumstances, authorized personnel located outside the region may access customer data solely for legitimate operational purposes such as providing technical support, maintaining service availability, or ensuring platform security. Such access is governed by Standard Contractual Clauses (SCCs), internal access control policies, and confidentiality obligations.

Yes. Where applicable, Vtiger uses Standard Contractual Clauses (SCCs) and other appropriate safeguards to support lawful international transfers or access to personal data.

Vtiger implements Technical and Organizational Measures (TOMs) designed to help protect customer data and personal information. Security measures include encryption of data in transit and at rest, network segmentation, access controls, continuous monitoring, secure backups, disaster recovery processes, employee confidentiality obligations, incident response procedures, and periodic audits.

Vtiger's security and privacy programs are aligned with recognized industry standards including ISO 27001:2022 and ISO 27701:2019. These frameworks support our information security management and privacy governance practices across our services and operations.

Access to customer data is restricted to authorized personnel who require access for legitimate business purposes such as providing technical support, maintaining services, or ensuring platform security. All access is subject to internal policies, monitoring, and appropriate security controls.

Vtiger maintains an incident response process designed to identify, investigate, contain, and respond to security incidents. If a security incident affecting customer data occurs, Vtiger takes appropriate measures to investigate and mitigate the issue, notify affected customers where required, fulfill applicable legal obligations, and implement corrective actions where necessary.

Customers retain ownership and control of the data they store and process using Vtiger services. Vtiger acts as a Data Processor for customer data processed on behalf of customers, while customers act as the Data Controllers responsible for determining how such data is used.

Yes. Vtiger provides customers with the ability to export data through available product interfaces, delete data within the application, request transfer or portability of data where applicable, and close accounts at their discretion. Customers requiring assistance with portability, migration, or deletion requests may contact [email protected] or [email protected].

Customer data is retained for the duration of the active service relationship.

Certain backup retention periods may continue for a limited period to support operational, legal, and security requirements.

Administrators can export data directly from the application using available export features. Requests for a complete database backup must generally be submitted or approved by the Account Owner, the user designated as having primary control over the account. Additional verification may be required before processing such requests. For paid accounts, one complimentary database backup copy may be provided once every six months upon request. Additional backup copy requests may incur applicable charges.

Depending on your location and applicable privacy laws, you may have the right to access your personal information, correct inaccurate information, request deletion of personal information, request transfer or portability of data, or opt out of certain communications. To submit a privacy request, please contact [email protected].

Vtiger can process privacy requests only for individuals who have a direct relationship with Vtiger, such as customers, website visitors, marketing recipients, event participants, or job applicants. If your personal information is processed by a company using Vtiger services, that company acts as the Data Controller while Vtiger acts as a Data Processor on its behalf.

Individuals or organizations requesting the switching, portability, transfer, or deletion of customer data in accordance with applicable EU Data Act requirements may contact [email protected]. Certain requests may require coordination with the Account Owner or authorized administrators to validate and securely process them.

Vtiger may send service-related communications, account and billing notifications, security alerts, product updates, marketing communications, and event or webinar invitations. Users may opt out of non-essential marketing emails using the unsubscribe link included in such emails.

Yes. Vtiger uses cookies and similar technologies to maintain service security and authentication, enable core functionality, improve performance and user experience, remember user preferences, and analyze product and website usage. Vtiger does not use third-party tracking technologies for advertising purposes.

Yes. Vtiger may engage trusted sub-processors, vendors, and service providers to support service delivery, hosting, support, security, analytics, communications, and operational functions. All such entities are subject to due diligence, contractual confidentiality obligations, and security requirements.

Yes. Payment-related information may be shared with payment processors to support billing, subscription management, and payment processing activities. In certain regions, Vtiger may also work with authorized resellers or support partners to provide localized onboarding, implementation, billing, or support services.

Vtiger may disclose or preserve customer information where required to comply with applicable laws, regulations, legal processes, governmental requests, or valid law enforcement requests. Where permitted by law, we may notify affected customers before disclosing such information.

If you receive unwanted or suspicious emails sent through Vtiger services, you should contact the sender directly to unsubscribe or request removal from their mailing list. You may also report suspected abuse or misuse to [email protected].

Yes, we do. Please read our Anti-Spam policy.

Yes. Vtiger has appointed a Data Protection Officer to oversee our data privacy strategy and ensure compliance with global regulations. You can contact our DPO directly at [email protected].

Yes. Vtiger maintains a Bug Bounty program to encourage the responsible disclosure of security vulnerabilities. Security researchers and users can find our guidelines and submission process on our Bug Bounty program page.

If you have questions or concerns, please use the appropriate contact channel below: