Plain English summary: We collect only what we need to run the service. We never sell your data. You can export or delete your data at any time. Data is stored on servers in your selected region.
Sales Monitor ("we", "us", "our") is a field-staff monitoring and sales management SaaS platform operated by Sales Monitor Sdn. Bhd., a company incorporated in Malaysia. Our registered address is available on request.
We are the data controller for data you provide when registering your organisation. For data collected about your employees (field sales representatives, managers), you — the tenant administrator — are the data controller, and we act as a data processor on your behalf.
Providing your name, email, and organisation details is required to use the service. GPS tracking is required for field-activity features; disabling it limits functionality. All other data fields are optional.
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Sales Monitor platform | Contract performance |
| Authenticate users and secure accounts (2FA, device binding) | Contract performance / Legitimate interest |
| GPS location tracking of field staff | Legitimate interest (employer monitoring, disclosed to employees) |
| Send transactional emails (verification, password reset, invoices) | Contract performance |
| Send push notifications about field-activity events | Contract performance / Consent |
| Process subscription payments via Stripe | Contract performance |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interest |
| Generate anonymised product analytics to improve the service | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not use your data for advertising, profiling for third-party marketing, or automated decision-making with legal effects.
We do not sell your personal data. We share data only in the following limited circumstances:
We may disclose data if required by law, court order, or to protect the rights, property, or safety of Sales Monitor, our users, or the public.
If Sales Monitor is acquired or merges with another entity, your data may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on the platform prior to any transfer.
You may request deletion of specific data categories at any time via the GDPR data export/deletion feature in Settings, or by contacting us at privacy@salesmonitor.io.
We implement technical and organisational measures to protect your data including:
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@salesmonitor.io.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@salesmonitor.io or use the self-service GDPR export tool in Settings → Data & Privacy. We will respond within 30 days. Tenant administrators can action most requests directly from the dashboard.
📦 GDPR Data Export: Admin accounts can export all tenant data as a ZIP archive from Settings → Data & Privacy. The export includes all users, visits, orders, GPS logs, and activity history in JSON format.
The Sales Monitor dashboard uses the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
access_token | Authentication — stores your JWT session token (HttpOnly, Secure) | 8 hours |
refresh_token | Session renewal — stores your refresh token (HttpOnly, Secure) | 30 days |
totp_challenge | Two-factor authentication challenge state | 10 minutes |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The mobile app does not use cookies; it stores tokens in the device secure keystore (iOS Keychain / Android Keystore).
For full details, see our Cookie Policy.
Sales Monitor is a business-to-business platform intended for use by organisations and their adult employees. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor's data has been submitted, contact us at privacy@salesmonitor.io and we will delete it promptly.
Sales Monitor is based in Malaysia. Data may be processed by sub-processors in other countries (including the United States via AWS and Google). Where data is transferred outside Malaysia, we ensure appropriate safeguards are in place including Standard Contractual Clauses or equivalent mechanisms under applicable data protection law.
We may update this Privacy Policy from time to time. Material changes will be notified via email to the registered administrator email and via an in-dashboard banner at least 14 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
The previous version of this policy is available on request.
For privacy-related enquiries, data subject requests, or to report concerns:
We aim to respond to all privacy requests within 5 business days and resolve them within 30 days.