Your privacy matters to us. This Privacy Policy explains how Tirzok Private Limited collects, uses, stores, and protects your data when you use Tirzok DMS. We are committed to transparency and your right to privacy.
Who We Are
Tirzok Private Limited ("Tirzok", "we", "us", "our") is a technology company based in Dhaka, Bangladesh, established in 2018. We develop and operate Tirzok DMS — a cloud-based Distribution Management System — along with other enterprise software products.
For the purposes of this Privacy Policy, Tirzok Private Limited is the data controller responsible for your personal and business data collected through the Tirzok DMS platform.
This policy applies to all users of Tirzok DMS including administrators, managers, Sales Representatives (SRs), dealers, retailers, and mechanics using any component of the platform — web dashboard or mobile apps.
Data We Collect
We collect different types of data depending on how you interact with Tirzok DMS:
| Data Type | What We Collect | Who It Applies To |
|---|---|---|
| Account Data | Name, email, phone number, role, organization name | All users |
| Location Data | GPS coordinates, check-in/check-out location, movement history | SR app users |
| Photo Data | Selfie at attendance, visit photos, delivery confirmation photos | SR app users |
| Business Data | Orders, invoices, inventory, collections, commissions, KPI targets | All users |
| Device Data | Device type, OS version, app version, device ID | Mobile app users |
| Usage Data | Features accessed, session duration, actions performed | All users |
| Payment Data | Transaction ID, subscription plan, billing history (card details handled by SSLCommerz) | Account administrators |
| Communication Data | Support tickets, emails, feedback submitted | All users |
Note: We do not directly collect or store credit card or mobile banking credentials. All payment transactions are processed through SSLCommerz, which maintains its own privacy and security standards.
How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: To provide, operate, and maintain the Tirzok DMS platform and all its features
- Account management: To create and manage your user account, roles, and permissions
- Attendance verification: To verify SR check-in/check-out using GPS and photo data
- Field tracking: To display real-time SR locations on the admin dashboard
- Analytics & reporting: To generate sales reports, KPI dashboards, and performance metrics
- Payment processing: To manage subscriptions and billing through SSLCommerz
- Customer support: To respond to queries and resolve technical issues
- Security: To detect, prevent, and address fraud, abuse, and security threats
- Legal compliance: To comply with applicable Bangladesh laws and regulations
- Service improvement: To analyze usage patterns and improve platform features (using anonymized data)
We do not use your data for advertising, profiling for third-party marketing, or any purpose not listed above without your explicit consent.
GPS & Location Data
Tirzok DMS collects GPS location data from Sales Representatives using the SR mobile app. This is a core feature of the platform that enables attendance verification, field tracking, and visit management.
Important: GPS location tracking is active only during active SR app sessions — specifically during attendance check-in/check-out and visit plan execution. The app does not track location continuously in the background when not in active use.
Specifically, we collect:
- GPS coordinates (latitude and longitude) at check-in and check-out
- Location data during visit plan recording
- Location timestamps for audit trail purposes
- Movement history visible to authorized admins and managers
SR users are informed of GPS data collection within the app before each location-recording event. Organizations deploying Tirzok DMS are responsible for informing their SR employees about location data collection as part of their employment practices.
Location data is used exclusively for legitimate business operations — attendance management and field force oversight. It is not shared with advertisers or third-party analytics companies.
Data Sharing
We do not sell your personal or business data. We share data only in the following limited circumstances:
- Within your organization: Data is shared between authorized users within your organization based on role-based access controls you configure
- Service providers: We work with trusted third-party providers who assist in delivering our service — including cloud hosting, payment processing (SSLCommerz), and email delivery — under strict data processing agreements
- Legal requirements: We may disclose data if required by Bangladesh law, court order, or government authority
- Business transfer: In the event of a merger, acquisition, or sale of assets, data may be transferred to the successor entity with prior notice to users
- With your consent: We may share data in other circumstances with your explicit written consent
We never sell, rent, or trade your personal or business data to third parties for marketing or advertising purposes.
Data Security
We take data security seriously and implement multiple layers of protection:
- Encryption in transit: All data transmitted between your devices and our servers is encrypted using TLS (Transport Layer Security)
- Encryption at rest: Sensitive data stored in our databases is encrypted
- Access controls: Role-based access control (RBAC) ensures users can only access data relevant to their role
- Audit logs: All significant actions within the platform are logged with user ID, timestamp, and action details
- Secure infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure with industry-standard security certifications
- Regular security reviews: We conduct periodic security assessments of our platform
Security incident: In the event of a data breach that may affect your data, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law.
Data Retention
We retain your data for as long as necessary to provide the service and comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of subscription + 90 days after termination |
| Business records (orders, invoices) | 7 years (Bangladesh commercial law requirement) |
| GPS and attendance records | 2 years from date of collection |
| Photo data (selfies, visit photos) | 1 year from date of capture |
| Payment records | 7 years (financial compliance) |
| Support communications | 3 years from date of resolution |
| Audit logs | 3 years from date of action |
Upon expiry of the retention period, data is permanently and securely deleted from our systems. You may request early deletion of your data subject to legal retention requirements.
Your Rights
You have the following rights regarding your personal data. To exercise any of these rights, contact us at support@tirzok.com:
We will respond to data rights requests within 30 days. In complex cases, we may extend this by an additional 30 days with prior notice.
Cookies & Tracking
The Tirzok DMS web dashboard uses cookies and similar technologies for the following purposes:
- Essential cookies: Required for the platform to function — session management, authentication, and security. These cannot be disabled.
- Preference cookies: Remember your settings such as language preference (Bangla/English) and dashboard configuration.
- Analytics cookies: Help us understand how users interact with the platform to improve features. Data is anonymized and aggregated.
The Tirzok DMS mobile apps use device identifiers and local storage for app functionality. These are not traditional browser cookies but serve similar session management purposes.
We do not use advertising cookies or tracking technologies that follow you across other websites. Our tracking is limited to improving the Tirzok DMS experience.
Children's Privacy
Tirzok DMS is a business software platform intended exclusively for use by adults in a professional capacity. We do not knowingly collect personal data from individuals under the age of 18.
If we become aware that we have inadvertently collected data from a minor, we will delete that data immediately. If you believe we may have collected data from a minor, please contact us at support@tirzok.com.
International Data Transfer
Tirzok DMS is primarily designed for and operated within Bangladesh. Your data is primarily stored on servers located in or serving Bangladesh.
In cases where data is transferred to or processed in other countries (for example, by cloud infrastructure providers), we ensure appropriate safeguards are in place through:
- Data processing agreements with service providers that meet international security standards
- Use of providers with established privacy and security certifications
- Minimization of data transferred outside Bangladesh where possible
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Send an email notification to all registered account administrators
- Display an in-app notification within Tirzok DMS
- Update the "Last updated" date at the top of this page
- Provide at least 30 days' notice before material changes take effect
Your continued use of Tirzok DMS after the effective date of changes constitutes your acceptance of the updated Privacy Policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to our Privacy team:
Tirzok Private Limited — Privacy Team
We take privacy seriously and will respond to all inquiries within 5 business days.