Effective Date: 07/07/ 2025

Thank you for choosing Mishmadesk (“Mishmadesk,” “we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, mobile application, or otherwise interact with us.

We take your privacy seriously and encourage you to read this policy carefully to understand what information we collect, how we use it, your rights, and how we protect your data.

1. WHO WE ARE

Mishmadesk is a cloud-based customer relationship management (CRM) and marketing automation platform designed to help small businesses and entrepreneurs manage their customer interactions, sales, marketing campaigns, email automation, and more—all in one place.

This Privacy Policy applies to all users of our website, web application, mobile applications, and any related services, tools, or platforms (collectively, the “Services”).

2. INFORMATION WE COLLECT

We collect various types of information depending on how you use our services.

A. Information You Provide to Us Directly

Account Registration: Full name, email address, password, company name, phone number, business industry, and other relevant information. Billing Information: Credit/debit card number, billing address, tax ID, and payment preferences (processed via third-party payment processors like Stripe or PayPal). Communications: When you contact our support team, respond to surveys, participate in webinars, or communicate via email or chat. Marketing and Content Data: Uploaded email lists, marketing campaign details, website data, and forms created using the CRM tools.

B. Information We Collect Automatically

When you access our platform, we may automatically collect:

Device and Usage Data: IP address, browser type, operating system, device identifiers, and language preferences. Log Files: Date/time stamps, referring/exit pages, number of clicks, and pages viewed. Cookies and Tracking Technologies: We use cookies, beacons, tags, and scripts to track activity, analyze performance, and personalize your experience.

C. Information From Third Parties

We may receive data from third parties such as:

Social media platforms (e.g., Facebook, LinkedIn) Integration partners (e.g., Zapier, Google Ads, Mailchimp) Affiliate or referral partners Publicly available sources

3. HOW WE USE YOUR INFORMATION

We use the collected data for the following business purposes:

To provide, maintain, and improve the Services To create and manage user accounts To process billing and subscription transactions To provide customer service and respond to inquiries To personalize user experiences To send transactional or promotional communications To conduct analytics and monitor platform usage To detect, investigate, and prevent security incidents To comply with legal obligations and enforce our Terms of Use

4. LEGAL BASES FOR PROCESSING (GDPR Users)

If you are located in the European Economic Area (EEA), we process your data under the following legal bases:

Consent (for example, when you opt in to marketing emails) Contractual necessity (to provide the Services you requested) Legal obligation (to comply with applicable laws) Legitimate interests (to improve our platform and prevent fraud)

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. However, we may share it with:

A. Service Providers

Trusted third parties who assist in providing services, such as:

Hosting and cloud storage (e.g., Amazon Web Services) Payment processors Analytics providers (e.g., Google Analytics) Email service providers Technical support platforms

B. Legal and Regulatory Authorities

When required by law, court order, or to protect our rights or the safety of others.

C. Business Transfers

If Mishmadesk is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred.

D. With Your Consent

We may share data with third parties if you give us explicit permission (for example, when integrating a third-party tool with your account).

6. DATA RETENTION

We retain your information for as long as your account is active or as needed to:

Fulfill contractual obligations Comply with legal requirements Resolve disputes Enforce our agreements

You may request deletion of your account or data at any time by contacting us at [email protected].

7. SECURITY OF YOUR INFORMATION

We implement appropriate administrative, technical, and organizational security measures to protect your personal data. This includes:

Secure socket layer (SSL) encryption Firewalls and intrusion detection Two-factor authentication Role-based access control Regular security audits

Despite our efforts, no system is 100% secure, and we cannot guarantee absolute protection against unauthorized access or cyberattacks.

8. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the right to:

Access your personal data Update or correct your data Delete your personal data Restrict or object to processing Withdraw consent Request data portability

To exercise these rights, please contact us at:

Email: [email protected]

Subject Line: “Privacy Request – [Your Full Name]”

9. OPTING OUT OF COMMUNICATIONS

You can opt out of receiving promotional emails by:

Clicking the unsubscribe link in our emails Changing your notification preferences in your account settings Contacting us directly

Please note that we may still send you important administrative messages related to your account.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies to personalize your experience and analyze our platform’s performance. You can manage or disable cookies through your browser settings.

Types of cookies used:

Essential Cookies – Required for platform operation Performance Cookies – Help us improve performance Marketing Cookies – Used for advertising and analytics Functionality Cookies – Enable personalized features

For more information, visit our [Cookie Policy].

11. THIRD-PARTY LINKS AND INTEGRATIONS

Our Services may include links or integrations with third-party services. This Privacy Policy does not apply to their practices. We encourage you to review their privacy policies before sharing any personal data.

12. CHILDREN’S PRIVACY

Our Services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from minors. If we discover that we have collected information from a child, we will delete it promptly.

13. INTERNATIONAL DATA TRANSFERS

If you are located outside the United States, please note that your data may be transferred to, processed, and stored in the U.S. and other countries where our servers or third-party providers are located.

14. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have the right to:

Request access to your personal information Request deletion of your personal information Opt out of the sale of personal information (we do not sell data) Non-discrimination for exercising your privacy rights

To make a CCPA request, contact: [email protected]

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you by:

Posting the updated policy on our website Updating the “Effective Date” at the top Sending email or in-app notifications (where appropriate)

Continued use of our Services after changes means you accept the revised Privacy Policy.

16. CONTACT US

If you have any questions or concerns about this Privacy Policy, your personal data, or our practices, please contact:

Mishmadesk CRM

[email protected]