Legal and privacy

Privacy Policy

Effective date: 17 July 2026

This Privacy Policy explains how EastERP handles information when visitors use the EastERP public website, applications, integrations and related business-management services.

1. Information we may process

Depending on the service used, EastERP may process:

  • Names, email addresses, telephone numbers and business contact details.
  • Account, tenant, entity, user-role and authentication information.
  • Business records entered into EastERP by authorised users.
  • Orders, quotations, invoices, payments and customer-service records.
  • Technical information such as browser, device, IP address and logs.
  • Integration identifiers supplied by authorised third-party platforms.

2. How information is used

Information may be used to:

  • Provide, secure and administer EastERP services.
  • Authenticate users and enforce tenant and role-based access controls.
  • Process authorised business workflows and integrations.
  • Respond to support, implementation and commercial enquiries.
  • Maintain audit records, prevent abuse and investigate security events.
  • Comply with applicable legal and regulatory obligations.

3. Multi-tenant data separation

EastERP is designed as a multi-tenant platform. Each customer organisation maintains its own tenant context. Access to customer data is restricted according to authorised roles, entity assignments and platform controls.

4. WhatsApp Business integrations

Customers may connect their own WhatsApp Business Account and business phone number to EastERP. EastERP uses the authorised connection to process business communications, workflow events and message-status information for that customer.

Each customer remains responsible for its customer communications, lawful basis, notices, consent requirements, message templates and use of WhatsApp Business services.

5. Sharing and service providers

EastERP may use infrastructure, authentication, hosting, payment, communications and security providers to operate the service. Information is shared only as required to provide the authorised service, comply with law, protect users or maintain platform security.

EastERP does not sell personal information to advertisers.

6. Security

EastERP applies technical and organisational controls intended to protect information, including access controls, tenant routing, authentication, audit logging, secure hosting and restricted secret management.

No online service can guarantee absolute security. Users must protect their credentials and promptly report suspected unauthorised access.

7. Data retention

Information is retained for as long as reasonably required to provide the service, maintain legitimate business and audit records, resolve disputes, enforce agreements and comply with applicable requirements.

8. Data rights and requests

Depending on applicable law, individuals may have rights to request access, correction, deletion, restriction or information about the processing of their personal information.

Requests may be sent to dreakeast@gmail.com. EastERP may need to verify the requester's identity and authority before processing a request.

9. Customer-controlled information

Where EastERP processes information on behalf of a customer organisation, requests relating to that organisation's records may need to be directed first to the organisation that controls the relevant account or business relationship.

10. Changes to this policy

This policy may be updated to reflect changes in EastERP services, integrations, security controls or applicable requirements. The effective date displayed above will be updated when material changes are published.

11. Contact

Privacy and data-protection enquiries may be sent to dreakeast@gmail.com.