We collect only personal data necessary to operate our CRM and provide services.
We never sell your data; your privacy is respected worldwide.
We comply with GDPR, UK GDPR, Malaysia PDPA, CCPA/CPRA, and other international privacy regulations.
You have full rights to access, correct, or delete your personal data.
We implement strong security measures, including encryption, access control, and continuous monitoring.
1. Introduction
Ekasia Technology (āEkasia,ā āwe,ā āus,ā or āourā) is committed to protecting your personal data
and privacy. This Privacy Statement describes how we collect, use, disclose, and safeguard your
personal information when you access or use our Customer Relationship Management platform
(CRM), websites, applications, and related services (collectively, the āServiceā).
This Privacy Statement applies to all users globally and is designed to comply with international
privacy and data protection regulations, including:
European Union General Data Protection Regulation (GDPR)
UK GDPR
Malaysia Personal Data Protection Act (PDPA)
California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
Other applicable privacy laws worldwide
2. Scope
This Privacy Statement applies to:
Visitors to our websites or applications
Customers and authorized users of Ekasia CRM
Prospective clients and business partners
Individuals whose personal data is processed via our CRM by our customers (āEnd Usersā)
Where Ekasia processes personal data on behalf of our customers, we act as a Data Processor,
and our customers are the Data Controllers. In cases where we collect data directly
from individuals, we may act as a Data Controller.
3. Personal Data We Collect
We may collect the following categories of personal data depending on your use of the Service:
Account credentials, login details, and user roles
Communications and support requests, feedback, or surveys
Business or professional records uploaded into the CRM
3.2 Data Processed Through the CRM
Customer and lead data uploaded by our customers
Notes, emails, interactions, and workflow records
Audit trails, activity logs, and CRM history for compliance purposes
3.3 Automatically Collected Data
IP address, device type, operating system, and browser information
Usage logs, timestamps, feature usage, and access history
Cookies, pixels, and similar technologies for analytics and performance monitoring
3.4 Billing & Payment Data
Billing contact information
Transaction metadata, invoice records, and subscription details
Payment card data is securely processed through third-party payment processors and is never
stored in full by Ekasia.
4. How We Use Personal Data
We use personal data for the following purposes:
Providing, operating, and improving the Service
Authenticating users and managing accounts
Customer support, technical assistance, and issue resolution
Monitoring system performance, usage trends, and feature adoption
Ensuring security, fraud prevention, and regulatory compliance
Communication regarding updates, service changes, or marketing (where consented)
Internal analytics, research, and product development
5. Legal Basis for Processing (GDPR / UK GDPR)
Contractual necessity: to provide services under your subscription agreement
Legitimate interests: product improvement, security, fraud prevention, or analytics
Consent: for marketing, cookies, or other optional services
Legal obligations: to comply with tax, regulatory, or reporting requirements
6. Cookies & Tracking Technologies
We use cookies and similar technologies to enable core functionality, enhance security,
analyze trends, monitor usage, and personalize your experience. You may configure your
browser to reject cookies, but some features of the Service may be affected.
7. Data Sharing & Disclosure
We may share personal data with:
Service providers, such as cloud hosting, analytics, email, and customer support providers
Payment processors for subscription and billing purposes
Legal authorities, regulators, or law enforcement as required by law
Business transferees in the event of a merger, acquisition, or corporate restructuring
Ekasia does not sell personal data to third parties.
8. International Data Transfers
Ekasia operates globally, and personal data may be transferred to and processed
in countries outside your jurisdiction. We implement appropriate safeguards,
including Standard Contractual Clauses (SCCs), contractual data processing agreements,
and technical security controls.
9. Data Retention
Personal data is retained only as long as necessary to provide the Service,
comply with legal obligations, enforce agreements, and resolve disputes.
Customers may request deletion of CRM data in accordance with their subscription and
applicable laws.
10. Security Measures
We implement industry-standard technical and organizational measures to safeguard
personal data, including:
Encryption of data in transit and at rest
Access control and authentication policies
Network and system monitoring for anomalies or unauthorized access
Regular security assessments, updates, and audits
Despite these measures, no system is completely secure. Users should follow best practices for account security.
11. Your Privacy Rights
Depending on your location, you may have rights including:
European Union & United Kingdom (GDPR / UK GDPR)
Access and receive a copy of your personal data
Request correction or deletion of personal data
Restrict or object to processing
Data portability
Lodge a complaint with a supervisory authority
Malaysia (PDPA)
Access and correct personal data held by Ekasia
Withdraw consent (subject to contractual obligations)
Be informed of data processing purposes
United States ā California (CCPA / CPRA)
Know what personal data is collected
Request access or deletion of personal data
Correct inaccurate data
Opt-out of sale or sharing (if applicable)
Not be discriminated against for exercising rights
Other Jurisdictions
Ekasia respects privacy rights under applicable local laws worldwide and
processes requests accordingly. To exercise your rights, contact us using the
details in section 14.
12. Childrenās Data
Our Service is not intended for individuals under 16 (or local age of consent).
We do not knowingly collect personal data from children. If we learn that we
have inadvertently collected such data, we will delete it promptly.
13. Changes to This Privacy Statement
We may update this Privacy Statement periodically. Material changes will be
communicated through the Service, email notifications, or via our website.
Enterprise and regulated customers may request a Data Processing Addendum (DPA)
that outlines roles, responsibilities, and safeguards in accordance with GDPR
and cross-border compliance.
Sales Secret