Privacy Policy

Last updated: February 27, 2026

This document is available in multiple languages for your convenience. The English version is the legally binding version. In the event of any discrepancy between translations, the English version shall prevail.

1. Introduction

CRM ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our CRM platform and related services.

This policy complies with the General Data Protection Regulation (GDPR) and applicable Romanian data protection law.

2. Data Controller

The data controller responsible for your personal data is the operator of CRM. For any privacy-related questions, contact us at privacy@yourcrm.com.

3. Data We Collect

Account data

When you register, we collect your name, email address, and password (stored as a bcrypt hash β€” we never store your plain-text password). If you sign in with Google, we receive your name and email from Google.

CRM data you enter

All contact records, companies, deals, tasks, notes, invoices, campaigns, and other data you create in the platform. This data belongs to you.

Usage data

Basic server logs (IP address, browser type, pages visited) retained for security and debugging. We do not use third-party analytics trackers.

Email activity

When you send campaigns through CRM, we track open and click events to provide you with campaign statistics. Recipients can unsubscribe at any time.

4. How We Use Your Data

  • To provide and operate the CRM platform
  • To authenticate you and keep your account secure
  • To send transactional emails (email verification, password reset, invoice notifications)
  • To display campaign statistics you requested
  • To enforce our Terms of Service and prevent abuse
  • To comply with legal obligations

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 6.

5. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Art. 6):

  • Contract performance β€” processing necessary to provide the service you signed up for
  • Legitimate interests β€” security logging, abuse prevention
  • Consent β€” for optional cookies (you can withdraw at any time)
  • Legal obligation β€” where required by applicable law

6. Third-Party Services

We use the following sub-processors to deliver the service:

ServicePurposeLocation
VercelHosting & infrastructureEU / US
NeonDatabase (PostgreSQL)EU
ResendTransactional & campaign email deliveryEU / US
Cloudflare R2File attachments storageEU
Google OAuthOptional sign-in (if you choose Google login)US

7. Cookies

We use the following cookies:

  • Session cookie (essential) β€” keeps you logged in. Required for the service to function. Cannot be disabled.
  • Theme preference (functional) β€” remembers your light/dark mode choice. Stored in localStorage.
  • Cookie consent (functional) β€” remembers your cookie preference. Stored in localStorage.

We do not use advertising cookies, cross-site tracking, or analytics cookies.

8. Data Retention

  • Account and CRM data is retained for as long as your account is active
  • After account deletion, data is permanently deleted within 30 days
  • Server logs are retained for 90 days
  • Invoices may be retained longer where required by Romanian accounting law

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Access β€” request a copy of your personal data
  • Rectification β€” correct inaccurate data
  • Erasure β€” request deletion of your data ("right to be forgotten")
  • Portability β€” receive your data in a machine-readable format
  • Restriction β€” request we limit how we process your data
  • Objection β€” object to processing based on legitimate interests
  • Withdraw consent β€” at any time, where processing is based on consent

To exercise any of these rights, email us at privacy@yourcrm.com. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP) at dataprotection.ro.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed passwords, and organisation-scoped data access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children

CRM is a business tool not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of material changes. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For any privacy-related questions or requests, contact: privacy@yourcrm.com