Privacy Policy
Product: Shackler — Pharma Marketing Platform Operated by: Develomers Inc. / Develomers Software FZCO Effective Date: February 21, 2026 Last Updated: February 21, 2026
1. Overview
This Privacy Policy describes how Develomers Inc. and Develomers Software FZCO ("Develomers," "we," "us," or "our") handle information in connection with the Shackler platform — including the iOS app, Android app, and web-based management dashboard (collectively, "the Platform").
Shackler is a business-to-business platform. All user accounts are created and managed by client organizations (pharmaceutical companies and their authorized entities). If you are an individual user of Shackler, your primary data relationship is with your employer or the organization that provisioned your account. We encourage you to review your organization's internal data policies alongside this document.
Where a separate written agreement has been signed and notarized between Develomers and a client organization ("the Client Agreement"), the data handling obligations and security commitments in that Client Agreement govern the relationship. This Privacy Policy applies where the Client Agreement is silent.
2. Data Architecture — Your Data Stays With You
Shackler is built on a private-deployment model. This is fundamental to how we handle data:
- Each client organization runs Shackler on their own Google Cloud Platform (GCP) project and Firebase instance
- Develomers does not host client operational data on shared Develomers servers
- No client's data is co-mingled with another client's data
- Client organizations control their own cloud environment and its associated access settings
This means the data generated by your MRs, doctors, orders, and field activity lives in infrastructure you control — not in a shared Develomers database.
Develomers personnel may access client environments only for the purposes of deployment, maintenance, debugging, or at explicit written request of the client. Such access is logged.
3. What Data the Platform Processes
The following categories of data are processed within Shackler during normal operation:
3.1 Account and Identity Data
- User names, job titles, and employee IDs
- Email addresses and phone numbers (for account creation and communication)
- Profile photographs (if uploaded by the user or administrator)
- Role and permission levels within the organization
3.2 Doctor and Healthcare Professional Data
- Doctor names, clinic addresses, specializations, and contact details
- Call history, visit notes, meeting summaries, and interaction logs
- Product preferences, objection notes, and prescription pattern observations recorded by MRs
- Outreach records (birthday messages, festival greetings, research communications)
3.3 Product and Catalog Data
- Pharmaceutical product catalogs, promotional materials, and presentations uploaded by the client organization
- Bookmarked products and presentation folders per MR
3.4 Order and Distribution Data
- Product orders created by MRs and submitted to distributors
- Pricing records including PTR/PTS calculations
- Order history and reorder tracking data
3.5 Usage and Analytics Data
- App session data: login times, session duration, device type and OS
- Presentation engagement: slides viewed, time spent per product, session counts
- Geographic data: location information recorded during field activity (where enabled by the organization)
- Performance data used for division-level and individual MR analytics
3.6 Device and Technical Data
- Device identifiers (for multi-device sync and session management)
- Operating system version and app version
- Crash reports and error logs (used solely for debugging and platform stability)
3.7 Communications
- In-app messages between MRs and management
- Feedback and complaint submissions through the app
4. How We Use This Data
Data processed through Shackler is used for:
- Delivering the core functions of the Platform as described in the Terms of Service and Client Agreement
- Providing analytics and reporting to client administrators
- Maintaining Platform security, stability, and performance
- Responding to support requests from client organizations
- Complying with applicable legal obligations
We do not sell, rent, or commercially exploit any client or user data. We have no advertising model. Shackler contains no third-party advertising.
5. Data We Collect Directly (App Store and Play Store Requirements)
The Shackler mobile application collects the following data categories, as disclosed to Apple App Store and Google Play Store:
| Data Type | Collected | Purpose | Linked to Identity |
|---|---|---|---|
| Name | Yes | Account management | Yes |
| Email address | Yes | Account login and notifications | Yes |
| Phone number | Yes (if provided) | Account contact | Yes |
| User ID | Yes | Session and access management | Yes |
| Location (coarse) | Yes (if enabled) | Field activity tracking | Yes |
| Location (precise) | Optional, user-controlled | Geographic field mapping | Yes |
| Usage data | Yes | Analytics for client admin | Yes |
| Crash data | Yes | Platform stability | No |
| Photos / videos | Only if uploaded by user | Product presentation materials | Yes |
| Audio | Only if voice notes enabled | Doctor call notes | Yes |
| Contacts | No | — | — |
| Browsing history | No | — | — |
| Financial info | No | — | — |
| Health & fitness | No | — | — |
| Sensitive info | No | — | — |
Location data is only collected when explicitly enabled by the client organization for field force tracking purposes. Users are informed within the app when location tracking is active.
Audio recording for voice notes is only activated when the user explicitly initiates a note within the app. Shackler does not record audio passively.
6. Permissions Requested by the Mobile App
The Shackler app may request the following device permissions:
On iOS
- Camera — For scanning documents or capturing product images in presentations
- Microphone — For recording voice-based meeting notes (user-initiated only)
- Location (When In Use) — For field activity geographic mapping, when enabled by organization
- Photo Library — For uploading materials to presentations
- Notifications — For in-app announcements and order alerts
- Face ID / Biometrics — For secure app login (where supported and user-opted)
On Android
- Camera — For document scanning and image capture
- Microphone — For voice note recording (user-initiated only)
- Location (Foreground) — For field tracking when enabled
- Read / Write External Storage — For offline data access and file handling
- Notifications — For in-app alerts and announcements
- Biometric Authentication — For secure login
All permissions are requested only when the relevant feature is first used. You can revoke permissions at any time through your device settings. Revoking a permission will disable the associated feature within the app.
7. Offline Data Access
Shackler is designed to function without an active internet connection. When offline:
- Product catalogs, presentations, and doctor profiles are stored locally on the device in an encrypted format
- Notes and records created offline are stored locally and synced to the organization's cloud environment when connectivity is restored
- Local data is protected by the device's built-in encryption and Shackler's application-level encryption
Offline data is bound to the authenticated user's account. If an account is deactivated, locally cached data becomes inaccessible.
8. Data Sharing
We do not share your data with third parties except in the following limited circumstances:
- Within your organization: Data is accessible to authorized administrators and users within your client organization as configured by the administrator
- Service providers: We work with a limited set of technical service providers (such as Google Cloud Platform) to deliver the Platform. These providers process data only on our instructions and are bound by appropriate data processing agreements
- Legal requirements: We may disclose data where required by applicable law, court order, or regulatory authority, and will notify the client organization where legally permitted to do so
- Business transfers: In the event of a merger, acquisition, or sale of assets, client data would transfer subject to the same privacy protections
We do not share data with advertisers, data brokers, or marketing companies under any circumstances.
9. Data Retention
Since client data resides in client-controlled infrastructure, data retention is primarily governed by the client organization's own policies and the Client Agreement.
For data that passes through Develomers systems (such as crash logs or support communications):
- Crash and error logs are retained for 90 days and then deleted
- Support communications are retained for 2 years from the date of the interaction
- Account access logs (for Develomers personnel accessing client environments) are retained for 1 year
Upon termination of a Client Agreement, Develomers will remove its access credentials to the client's cloud environment within 30 days and confirm this in writing.
10. Data Security
Develomers implements the following security measures:
- All data in transit is encrypted using TLS 1.2 or higher
- Local device data is encrypted at the application level
- Role-Based Access Control (RBAC) ensures users only access data appropriate to their role
- Administrator accounts require strong authentication
- Develomers personnel access to client environments requires multi-factor authentication and is logged
- Regular security reviews are conducted on platform code and configurations
No system is entirely immune to security risks. In the event of a security incident affecting your organization's data, we will notify you as required by applicable law and the Client Agreement.
11. Children's Privacy
Shackler is a professional business platform. It is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has accessed the Platform, please contact your organization's administrator immediately.
12. International Data Transfers
Shackler serves clients in India, the UAE, and other countries. Client data resides in the cloud infrastructure chosen by each client organization (typically GCP data centers). Develomers does not transfer client operational data across borders independently.
For any data that passes through Develomers systems, we apply appropriate safeguards consistent with applicable data protection law including India's Digital Personal Data Protection Act 2023 and UAE data protection regulations.
13. Your Rights as a User
As an individual user of Shackler, your primary data rights are exercised through your employer or client organization. Your organization can:
- Provide you access to the personal data held about you in the Platform
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
If you wish to exercise these rights and your organization is unable to assist, you may contact us at the address below. We will work with the client organization to address your request within the timelines required by applicable law.
14. Cookies and Tracking
The Shackler web dashboard uses session cookies to maintain authenticated sessions. These are functional cookies necessary for the dashboard to operate. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
The mobile application does not use cookies. Usage analytics within the app are processed within your organization's own Firebase project and are not shared with external analytics platforms.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the Platform, legal requirements, or our practices. When we make material changes, we will notify client administrators at least 14 days before the changes take effect.
The current version of this policy is always available at develomers.com/privacy.
16. Contact and Grievance Officer
For privacy-related questions, requests, or concerns:
Develomers Inc. / Develomers Software FZCO Email: [email protected] Website: develomers.com
For clients in India — In accordance with India's Information Technology Act and the Digital Personal Data Protection Act, data-related grievances may be directed to the above contact. We will respond within the timeframe prescribed by applicable law.
For clients in the UAE — Data-related requests may be directed to the same contact. We will respond in accordance with UAE data protection regulations.
For matters governed by a signed and notarized Client Agreement, the data protection contact and escalation process specified in that agreement applies.
This Privacy Policy is supplementary to any signed and notarized Client Agreement between Develomers and the client organization. In all matters of conflict, the Client Agreement prevails.