Start free
FeaturesPricingBlogAboutContact Log in Start free

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how WebMonx Solutions LLP ("WebMonx", "we", "us", or "our"), the operator of the CROzap platform ("CROzap", the "Service"), collects, uses, stores, shares, and protects personal data. CROzap is a lead management and advertising-attribution platform. By using CROzap, you agree to the practices described here.

WebMonx Solutions LLP is the data controller responsible for personal data processed through CROzap. Our registered office is at Sri Nagar Colony, Hyderabad, Telangana, India. For any privacy question or request, contact us at info@webmonx.com.

1. Who uses CROzap

CROzap is used by two groups of people, and we handle their data differently:

  • Customers - businesses and their team members who sign up for CROzap accounts to manage their advertising leads.
  • Leads - individuals who submit a lead form on a Customer's advertisement (for example a Meta Instant Form) or a Customer's website. CROzap processes this lead data on behalf of, and under the instructions of, the Customer.

2. Data we collect

2.1 Customer account data

  • Name, email address, and password (stored only as a secure cryptographic hash).
  • Company or workspace information you provide.
  • Team member details you add (name, email, role).
  • Billing information processed by our payment provider (we do not store full card numbers).

2.2 Lead data from advertising platforms

When a Customer connects their Meta (Facebook and Instagram) or Google advertising account to CROzap and authorises access, we receive and process lead information that the lead voluntarily submitted through the Customer's lead form. This may include:

  • The lead's name, email address, and phone number.
  • Answers the lead provided to the Customer's lead form questions.
  • Advertising attribution data such as the associated page, campaign, ad set, ad, form identifier, click identifiers, and UTM parameters.
  • The time of submission and related metadata provided by the advertising platform.

We access this data using permissions you grant through the platform's official authorisation flow (for Meta, these include leads_retrieval, pages_read_engagement, pages_show_list, pages_manage_metadata, business_management, and ads_read). We request only the permissions needed to capture leads, attribute them to campaigns, and send conversion signals back to the advertising platform. We do not use these permissions to access data unrelated to the Customer's own leads and advertising performance.

2.3 Technical data

  • Log data such as IP address, browser type, and pages accessed, used for security and to operate the Service.
  • Cookies and similar technologies strictly necessary for authentication and session management.

3. How we use data

We use personal data only to provide and improve the Service, specifically to:

  • Capture leads from connected advertising accounts and web forms and deliver them to the relevant Customer.
  • Help Customers organise, assign, and qualify their leads through a sales pipeline.
  • Calculate advertising performance metrics such as cost per lead and cost per qualified lead.
  • Send conversion signals (for example a "QualifiedLead" event) back to Meta and Google when a Customer marks a lead as qualified, so the Customer's advertising can be optimised. These signals contain only the data necessary for the platform to match the conversion.
  • Authenticate users, secure accounts, provide support, and send service-related communications.
  • Process billing and comply with legal obligations.

We do not sell personal data, and we do not use lead data for our own marketing.

4. Legal basis and the Customer relationship

For lead data, the Customer is the data controller and WebMonx acts as a data processor, processing that data solely on the Customer's instructions to provide the Service. Customers are responsible for ensuring they have a lawful basis and any necessary consent to collect and process their leads' data and to connect their advertising accounts to CROzap.

5. How we share data

We share data only as needed to run the Service:

  • Advertising platforms (Meta, Google) - to retrieve leads and to send conversion signals back, as directed by the Customer.
  • Infrastructure providers - cloud hosting used to run CROzap and store data securely.
  • Payment provider - to process subscription billing.
  • Legal and safety - where required by law or to protect rights, safety, and the integrity of the Service.

We do not sell or rent personal data to third parties.

6. Data retention

We retain personal data for as long as a Customer account remains active and as needed to provide the Service. Customers can delete individual leads at any time within the application. When a Customer closes their account, we delete or anonymise the associated personal data, including lead data, within a reasonable period, except where we are required to retain certain records to comply with legal, tax, or accounting obligations.

7. Data deletion and your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing.

  • Customers can manage and delete lead records directly in the application, and can request full account deletion by emailing us.
  • Leads who wish to access or delete data a Customer holds about them should contact that Customer directly; we will also assist on the Customer's instruction.
  • To make any data request, email info@webmonx.com. We will verify and respond to your request within the time required by applicable law.

If your data was obtained through a connected Meta or Google account and you want it removed, email info@webmonx.com and we will delete it from CROzap.

8. Data security

We protect data using industry-standard measures, including encryption of access tokens at rest, encrypted connections (HTTPS) in transit, hashed passwords, role-based access controls, and restricted database access. No method of transmission or storage is completely secure, but we work to protect your data and to address vulnerabilities promptly.

9. International transfers

WebMonx Solutions LLP operates from India, and data may be processed in India or in other countries where our infrastructure providers operate. Where required, we put appropriate safeguards in place for such transfers.

10. Children

CROzap is a business tool not directed to children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child's data has been provided to us, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, where appropriate, notify Customers of material changes. Continued use of the Service after a change means you accept the updated policy.

12. Contact us

For any question about this Privacy Policy or your data, contact:
WebMonx Solutions LLP
Sri Nagar Colony, Hyderabad, Telangana, India
Email: info@webmonx.com