At Agoysoft (Pvt) Ltd, makers of ApexCloud ERP, we are committed to protecting your privacy and ensuring the security of your business data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered ERP system.

Last Updated: October 2025

1. Information We Collect

1.1 Personal and Business Information

When you register for ApexCloud, we collect:

• Business name and registration details
• Contact person name, email address, and phone number
• Business address and branch locations
• Billing information and payment details
• User account credentials (email and encrypted password)
• Device information for OTP registration

1.2 Business Operational Data

During your use of ApexCloud, you input various business data including:

• Product Management: Inventory data, product information, sales trends
• Purchase Management: Purchase orders, supplier information, inventory levels
• Sales Management: Sales orders, institutional payments, POS transactions
• Customer Management: Customer database, contact details, engagement tracking
• Staff Management: Employee data, payroll information, attendance records
• Accounts: Financial transactions, invoices, profit & loss statements, bank reconciliation
• Reports: Generated analytical reports and business insights

1.3 Technical and Usage Data

• IP addresses and device identifiers
• Browser type and version (we optimize for Google Chrome)
• Device operating system and screen resolution
• Access times, session duration, and activity logs
• Pages visited and features used
• Performance metrics (response time, error rates, user concurrency)
• Click patterns and navigation behavior

1.4 Communication Data

• Support tickets and help desk conversations
• WhatsApp chat interactions with our AI assistant and support team
• Email correspondence
• SMS notifications sent and received
• Phone call records with support team
• Payment dispute communications

2. How We Use Your Information

2.1 Service Provision and Operations

• To provide and maintain ApexCloud ERP functionality across all 8 plugins
• To process transactions and generate invoices
• To enable multi-user access with role-based permissions
• To synchronize data across branches
• To generate the 15 analytical reports
• To process SMS notifications (0.80 LKR per page, sent within 3 minutes)
• To deliver WhatsApp messages (0.50 LKR per message)
• To facilitate reload and bill payment services

2.2 Security and Access Control

• To implement OTP device registration for enhanced security
• To verify user identity during sensitive actions (password resets, etc.)
• To manage administrator-controlled user access levels
• To monitor and prevent unauthorized access
• To detect suspicious activity and security threats
• To send OTPs to business owners or senior representatives

2.3 Billing and Payment Processing

• To process monthly subscription fees (60,000 LKR + 15,000 LKR per branch)
• To generate automated invoices accessible in your portal
• To send daily SMS notifications for outstanding balances
• To track payments using unique customer identification numbers
• To manage credit system for SMS, WhatsApp, and reload services
• To process server and domain fees
• To charge for training (1,500 LKR/hour) and customization (2,000 LKR/hour)

2.4 Customer Support

• To provide support during business hours (8 AM - 5 PM, weekdays)
• To monitor and resolve server-side issues 24/7
• To respond to support requests via email, phone, WhatsApp, and ticketing system
• To resolve sales-affecting issues immediately (ASAP)
• To provide next-day resolution for non-critical issues
• To verify payment deposits sent via WhatsApp

2.5 Service Improvement and Updates

• To analyze usage patterns and optimize system performance
• To develop new features based on customer needs
• To conduct research and improve our 8 core plugins
• To test and deploy compulsory updates (free of charge)
• To implement emerging technologies (additional charges may apply)
• To train AI models for better predictions and insights

3. Data Storage and Security

3.1 Data Storage Infrastructure

• All data stored on secure cloud servers in protected data centers
• Regular automated backups maintained and stored on secure servers
• Backups accessible only by authorized personnel
• In case of server crash, data restored from most recent backup
• Disaster recovery planning implemented

3.2 Encryption and Transmission Security

• Industry-standard encryption protocols for data transmission
• Secure connection between your device and system servers
• SSL/TLS encryption for web browser access
• Encrypted storage of sensitive information
• Payment information handled securely

3.3 Access Control and Authentication

• OTP (One-Time Password) device registration required
• OTP verification for device registration and sensitive actions
• OTPs sent to owner or senior representative of the company
• Administrator-controlled access levels and permissions
• Role-based access control for different user types
• Strong password requirements enforced
• Session management and automatic timeouts

3.4 Security Monitoring

• 24/7 monitoring for server-side issues and security threats
• Regular vulnerability scans performed on the system
• Continuous monitoring for suspicious activity by expert team
• Immediate notification in case of security breach
• Assistance provided to secure data after any breach
• Regular security updates and patches applied
• Regular updates provided regarding security threats

4. Data Sharing and Disclosure

We DO NOT sell your data. However, limited sharing occurs in these circumstances:

4.1 Service Providers (Third-Party)

We work with third-party providers to deliver certain services:

• SMS Gateway Providers: To deliver SMS notifications at 0.80 LKR per page (max 300 SMS/hour)
• WhatsApp Business API: To send WhatsApp messages at 0.50 LKR per message
• Server and Domain Providers: To host the cloud infrastructure
• Payment Processors: To process subscription and service fees
• Reload/Bill Payment Services: To facilitate customer reload and bill payments

Note: If third-party providers change their fees, we will adjust prices with 1 month advance notice.

4.2 Legal Requirements

• When required by law, court order, or government regulation
• To comply with tax and regulatory requirements in Sri Lanka
• To protect against fraud, security threats, or illegal activity
• To enforce our legal rights under this agreement

4.3 Business Transfers

• In the event of merger, acquisition, or sale of business assets
• You will be notified and given option to export your data

4.4 What We Do NOT Share

• We do NOT share your data with any third party for marketing purposes
• We do NOT sell, rent, or trade your business information
• Your sales figures and directory information remain confidential
• Customer database, financial records, and operational data kept private

5. Your Data Rights and Ownership

5.1 Data Ownership

• You retain full ownership of all data you enter into ApexCloud
• Your business data is your property
• We merely provide the platform to store and process your data

5.2 Data Access and Export

• Access all your data stored in ApexCloud anytime
• View and download invoices as PDF files from your portal
• Export data in CSV or Excel format upon request
• Upon termination, receive readable backup in CSV/Excel format

5.3 Data Correction

• Update and modify your data within the system
• Correct inaccurate information through the interface
• Note: Corrections required due to incorrect data entries by your staff will be charged at 2,000 LKR per hour

5.4 Data Deletion

• Request deletion of your account with 1 month notice
• Data may be permanently deleted after termination
• Some data retained as required by law (e.g., financial records for tax purposes)

6. Data Responsibility and Liability

6.1 Your Responsibilities

• You are responsible for the accuracy of data entered into the system
• We are NOT responsible for data entered incorrectly by you or your staff
• Ensure your staff follows security protocols and keeps credentials confidential
• Regularly change passwords and security credentials
• Maintain confidentiality of login information
• Ensure only authorized personnel access the system

6.2 Our Responsibilities

• Ensure integrity and security of the SAAS infrastructure
• Protect against unauthorized access from outside our boundaries
• Maintain regular backups and disaster recovery
• Notify immediately in case of security breach
• Provide assistance to secure your data after any breach

6.3 Limitations

• We cannot guarantee data will be completely secure
• Not responsible for breaches resulting from leaked credentials by your staff
• Not responsible for data loss due to incorrect entries by your staff
• Cannot guarantee 100% uptime due to maintenance or external factors

7. Data Retention

• Active account data retained as long as your subscription is active
• Regular backups maintained on secure servers
• Upon termination with 1 month notice, data provided in CSV/Excel format
• Data may be permanently deleted after termination period
• Financial records may be retained longer for tax compliance
• Anonymized performance metrics may be retained for system improvement

8. Browser and Device Information

• Services optimized for Google Chrome web browser
• Performance and compatibility not guaranteed for other browsers
• Device registration required with OTP verification
• We collect device identifiers for security purposes
• Browser type and version logged for troubleshooting

9. Communication Preferences

• Daily SMS notifications sent for outstanding balances
• Payment reminders (3 notifications) before suspension
• Service updates communicated via SMS, WhatsApp, and email
• Fee changes notified 1 month in advance
• You cannot opt-out of critical account and billing notifications
• May opt-out of promotional communications

10. Third-Party Services

ApexCloud integrates with third-party services:

• SMS Gateway: For notifications and promotions (1.00 LKR/page)
• WhatsApp Business API: For messaging (0.50 LKR/message)
• Domain Registration: For your custom domain
• Server Hosting: For cloud infrastructure
• Payment Services: For reload and bill payments

Use of these integrations subject to their respective privacy policies. We recommend reviewing their policies.

11. Children's Privacy

ApexCloud is a business service not intended for individuals under 18 years of age. We do not knowingly collect information from children.

12. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes communicated via SMS, WhatsApp, and email. Continued use after changes constitutes acceptance.

13. Contact Us - Privacy & Data Protection

🔐 Privacy & Data Protection Inquiries

For any privacy-related questions or data requests:

📧 Email: privacy@agoysoft.com

📧 General: info@agoysoft.com

📞 Office: +94 11 236 1854

📱 Mobile/WhatsApp: +94 76 430 8010

🌐 Website: agoysoft.com

🏢 Address: 18 Ramakrishna Avenue, Colombo 06, Sri Lanka

AgoySoft Solutions - Your data, Your business, Our protection

Visit us at: agoysoft.com