Privacy Policy
This policy explains how RealNext (operated by Synditech / Nivesh Sarthi) collects, uses, and protects your information across all platform modules.
Quick Navigation
We collect information you provide directly to us, and data generated as you use the RealNext platform:
🔍 Automatically Collected Data
We also automatically collect device information, browser type, IP address, session data, and usage analytics via server logs when you access the platform.
Your information is used exclusively to deliver, improve, and manage the RealNext platform. Specifically:
- →Provision and maintain your account and workspace
- →Route leads from Meta/Facebook Ads to the correct tenant
- →Deliver WhatsApp marketing campaigns and automation
- →Sync inventory and catalog data
- →Process payments via Razorpay
- →Track plan usage and enforce feature limits
- →Send invoices, renewal notices, and trial expiry alerts
- →Send system notifications and account alerts
- →Respond to support requests
- →Deliver platform update notices
- →Analyze usage patterns to improve features
- →Monitor system health and performance
- →Detect and prevent fraud or abuse
RealNext operates as a multi-tenant SaaS platform. Each tenant (client organization) has a unique client_id and all data — leads, contacts, campaigns, conversations — is strictly isolated per tenant.
Data Isolation
Your data is never accessible to other tenants. Every query is scoped to your client_id.
Role-Based Access
Admin, Manager, and User roles control what each team member can see and do.
Feature Flags
Each client's plan controls which features and modules are accessible.
Super Admins (Synditech) can access all tenant data for support and platform management purposes only, and such access is logged.
RealNext integrates with WhatsApp Business APIs to enable messaging, automation, and campaigns. When you use this module:
- •WhatsApp conversation history is stored securely in our database and is only accessible to authorized team members of your organization.
- •Contact numbers and chat metadata are processed solely to deliver the requested messaging automation.
- •Campaign analytics (open rates, click-through, delivery status) are retained for reporting purposes.
- •We do not access or store the content of private WhatsApp conversations that occur outside the platform.
- •Auto-responder rules and AI Bot conversation trees are stored per tenant and not shared.
When you connect your Facebook / Meta account or submit leads through Meta Lead Ads, we collect the information from those forms (name, email, phone, ad campaign details). This data is processed according to both our Privacy Policy and Meta's Data Policy.
- ▸Each client tenant connects their own Facebook Page and User Access Token — Synditech's global token handles webhook setup only.
- ▸Lead data from Facebook forms is routed to the correct tenant using webhook signatures and client identifiers.
- ▸No Meta user data is shared between different tenant organizations.
- ▸You can disconnect your Meta integration at any time via the LMS Settings page.
- ▸Facebook access tokens are stored encrypted and are only used to sync leads.
All payment processing is handled by Razorpay, a PCI DSS compliant payment gateway. We do not store your full credit/debit card numbers on our servers.
What We Store
- Razorpay Customer ID
- Subscription plan and status
- Payment history and invoice records
- GST/Tax computation records
What Razorpay Handles
- Card numbers and CVV
- Bank account details
- UPI transaction processing
- Payment encryption
Trial, active, and cancelled subscription events are tracked to manage plan limits, grace periods, and account restrictions automatically.
We implement layered technical and organizational safeguards to protect your personal information:
JWT Authentication
All sessions use time-limited signed JWTs with automatic refresh token rotation.
Password Hashing
All passwords are hashed with bcrypt (cost factor 12) — never stored in plain text.
HTTPS Everywhere
All data in transit is encrypted using TLS 1.2+.
Mongo Auth
Database access is protected with strong credentials and IP whitelisting.
Audit Logs
All sensitive actions (create, update, delete, login) are logged with timestamps and user IDs.
Rate Limiting
All API endpoints are protected from brute force and DDoS via rate limiting.
We do not sell, trade, or rent your personal information to third parties.
We may share your information only in these limited circumstances:
Service Providers
Razorpay (payments), Nodemailer/SMTP (email), WhatsApp Business API providers — only to the extent needed to deliver the service.
Legal Requirements
If required by law, court order, or government authority, we may disclose data after verifying the request.
Business Transfer
In the event of a merger, acquisition, or asset sale, your data may be transferred with advance notice.
With Your Consent
We will share data with third parties only when you have explicitly authorized us to do so.
RealNext uses minimal cookies and local storage for essential platform functionality:
| Cookie / Key | Purpose | Expiry |
|---|---|---|
access_token | JWT access token for API authentication | 24 hours |
refresh_token | Used to silently refresh expired sessions | 7 days |
client_context | Stores the active tenant workspace | Session |
theme_preference | Stores UI theme preference | 30 days |
We do not use third-party advertising cookies or cross-site tracking pixels.
To exercise any of your rights, contact us at info@niveshsarthi.com. We will respond within 30 days.
We retain your personal data for as long as your account is active or as required to provide our services:
Questions? Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please reach out: