Legal & Privacy

Privacy Policy

We respect your privacy and are committed to protecting your personal data. This policy explains how TrueROI collects, uses, and safeguards your information.

Effective: 1 April 2026 Last updated: 29 April 2026 Jurisdiction: India

1 Overview

TrueROI ("we", "us", "our") operates the website trueroi.in, the web application at app.trueroi.in, and the TrueROI Android mobile application (collectively, the "Service").

This Privacy Policy describes how TrueROI collects, uses, stores, shares, and protects personal information when you use our Service, when coaching institutes use our CRM platform, and when leads are captured through integrations such as Facebook Lead Ads.

By using TrueROI or submitting your information through any form connected to TrueROI, you agree to the collection and use of information described in this policy.

2 Who We Are

TrueROI is a lead management and CRM platform designed for coaching institutes in India. It is operated by Hooterbux, a technology company based in India.

TrueROI acts as a data processor for coaching institutes (our customers) who use our platform to manage their student leads. The coaching institute acts as the data controller for the personal data of their prospective students.

3 Data We Collect

We collect data in three ways: information you give us directly, information collected automatically, and information received from third-party integrations.

3.1 Data You Provide Directly

Data Type Examples Who Provides It
Account information Name, email address, password, phone number, role CRM admin/agent at sign-up
Lead information Student name, phone, email, city, course interested, enquiry notes Added manually by CRM users or via integrations
Integration credentials API keys, access tokens, webhook tokens (stored encrypted) CRM admin during integration setup
Communication Support requests, feedback messages Anyone contacting TrueROI support

3.2 Data Collected Automatically

  • Log data: IP address, browser type, pages visited, timestamps, referring URLs
  • Device information: Device type, operating system, screen resolution
  • Usage data: Features used, actions performed in the CRM (not the content of leads)
  • Cookies and local storage: Session tokens, preferences (see Section 10)

3.3 Data Received from Third-Party Integrations

When a coaching institute connects an external platform to TrueROI, we receive lead data through that platform's API or webhook. This includes Facebook Lead Ads, Google Ads, Sulekha, JustDial, WhatsApp Business API, and custom web forms.

4 Facebook Lead Ads Data

This section specifically addresses how TrueROI collects, uses, and handles personal data received from Meta (Facebook) through the Lead Ads integration.

4.1 What Data We Receive from Facebook

When a prospective student submits a Facebook Lead Ad form connected to TrueROI, we receive the following data through Facebook's Marketing API Webhook:

  • Full name
  • Phone number (mobile)
  • Email address
  • City / location
  • Course or program of interest (if captured in the form)
  • Any other fields defined in the Facebook Lead Ad form by the coaching institute

We also receive metadata from the webhook payload:

  • Form ID — identifies which Facebook lead form was submitted
  • Page ID — identifies which Facebook Page the ad ran on
  • Lead ID (leadgen_id) — unique identifier for the lead submission

4.2 How Facebook Data Is Used

Data received from Facebook Lead Ads is used exclusively to:

  • Create a lead record inside the coaching institute's TrueROI CRM account
  • Assign the lead to the correct campaign and counsellor based on the form mapping configured by the institute
  • Allow the institute's admission team to follow up with the prospective student
  • Display analytics to the institute (lead count, source, conversion stage)

4.3 Facebook Data We Do NOT Do

  • We do not sell Facebook lead data to any third party.
  • We do not use Facebook lead data for advertising or marketing purposes outside the institute's own operations.
  • We do not share Facebook lead data with other TrueROI customers or institutes.
  • We do not use Facebook lead data to build profiles for targeting users across other platforms.
  • We do not store Facebook Page Access Tokens or App Secrets in plain text — they are encrypted at rest.

4.4 Permission Scope

TrueROI's Meta App requests only the minimum permissions necessary:

  • leads_retrieval — to fetch submitted lead data from Meta
  • pages_manage_ads — to access the lead forms attached to the institute's Page
  • pages_read_engagement — to identify the connected Page
TrueROI does not request permission to post, read messages, access personal Facebook profiles, or access any data beyond what is required to receive lead form submissions.

4.5 Deletion of Facebook Lead Data

If a prospective student wishes to have their data deleted that was captured via a Facebook Lead Ad form, they may contact the coaching institute directly or contact TrueROI at info@hooterbux.com. We will process deletion requests within 30 days.

Coaching institutes can also delete individual leads or all leads from within their TrueROI CRM account at any time.

5 How We Use Your Data

We use the data we collect for the following purposes:

Purpose Legal Basis
Providing and operating the TrueROI CRM platform Contract performance
Processing and storing lead data on behalf of coaching institutes Legitimate interest (data processor role)
Authenticating and securing user accounts Contract performance / legal obligation
Sending transactional emails (password reset, account notices) Contract performance
Improving the platform features and performance Legitimate interest
Complying with legal obligations Legal obligation
Responding to support requests Legitimate interest / consent

6 Data Sharing & Disclosure

We do not sell your personal data. We share data only in the following limited circumstances:

6.1 With Coaching Institutes (Our Customers)

Lead data is visible to the coaching institute that captured it and their authorised CRM users (Admins, Managers, Agents). Each institute's data is isolated — one institute cannot see another's data.

6.2 With Service Providers

We use trusted sub-processors to operate TrueROI. They process data only on our instructions:

  • Hostinger VPS (CloudPanel) — server hosting, India/EU data centres
  • GitHub — code deployment pipeline (no lead data is stored here)
  • Meta Platforms / Facebook — for Lead Ads webhook delivery and API access

6.3 Legal Requirements

We may disclose data if required by law, court order, or government authority, or to protect the rights and safety of TrueROI, our customers, or the public.

6.4 Business Transfer

In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected parties before data is subject to a different privacy policy.

7 Data Storage & Security

All TrueROI data is stored on servers hosted in India on Hostinger VPS infrastructure managed via CloudPanel.

We implement the following security measures:

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Encryption at rest: Sensitive credentials (API keys, access tokens, secrets) are encrypted before storage using Laravel's encryption (AES-256-CBC).
  • Access control: Role-based permissions restrict what each CRM user can see and do.
  • Authentication: Password hashing using bcrypt. Session-based auth with CSRF protection.
  • Server security: Firewalled VPS, regular security patches, SSH key-only access.
  • API security: All API endpoints require authentication tokens. Webhook endpoints verify signatures/tokens before processing.
No method of transmission or storage is 100% secure. While we use commercially reasonable measures, we cannot guarantee absolute security. Please contact us immediately if you suspect a security incident.

8 Data Retention

We retain personal data for as long as necessary to provide the Service or as required by law:

Data Type Retention Period
Lead records (name, phone, email, notes) Until deleted by the coaching institute, or account termination
CRM user accounts Until account deletion is requested, + 30 days grace period
Activity logs and lead history Same as lead record lifecycle
Integration credentials (encrypted) Until the integration is disconnected by the institute
Server access logs 90 days
Support correspondence 3 years from last interaction

After retention periods expire, data is securely deleted or anonymised.

9 Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right of rectification: Ask us to correct inaccurate or incomplete data.
  • Right of erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: Ask us to limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@hooterbux.com. We will respond within 30 days.

If you are a prospective student whose data was captured by a coaching institute's Lead Ad, please also contact that institute directly as they are the data controller for your information.

Coaching institutes using TrueROI can export or delete all their lead data at any time from within the CRM — no need to contact us for routine data management.

10 Cookies & Tracking

TrueROI uses cookies and similar technologies to operate the platform. We do not use third-party advertising cookies.

Cookie Type Purpose Duration
Session cookie Keeps you logged in to the CRM Until you log out or close browser
CSRF token Protects forms against cross-site request forgery Per session
Preference cookie Remembers UI preferences (theme, filters) 30 days

Most browsers allow you to control cookies through browser settings. Disabling session cookies will prevent you from logging in to the CRM.

11 Children's Privacy

TrueROI is a B2B platform intended for use by coaching institutes and their staff. It is not directed to children under the age of 13.

If a coaching institute captures leads from students who may be minors (e.g. JEE/NEET preparation for Class 11–12 students), the coaching institute is responsible for ensuring appropriate legal basis for collecting that student's data, and for obtaining parental consent where required.

If we become aware that personal data of a child under 13 has been collected directly through our platform without appropriate consent, we will delete it promptly. Contact us at info@hooterbux.com.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do:

  • We will update the "Last updated" date at the top of this page.
  • For significant changes, we will notify active CRM users via email or an in-app notice.
  • Your continued use of TrueROI after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this page periodically. Previous versions are available on request.

13 Contact Us

For any privacy-related questions, data requests, or concerns — including requests related to Facebook Lead Ads data — please reach out to us:

TrueROI Privacy & Data Protection

Email: info@hooterbux.com
Website: https://trueroi.in
Response time: Within 30 business days
Country: India