Privacy Policy

1. Who we are

This Privacy Policy describes how crmtr ("we") collects, uses, and shares personal data when you visit our marketing site, request a demo, sign up for the Service, or use the crmtr product as an authorized user.

2. Data we collect

• Account and workspace data: name, email, organization, workspace identifier, roles, and content you create in the product.
• Billing data: processed by our payment provider (e.g. Stripe); we store subscription status and references needed to operate entitlements.
• Marketing and lead forms: contact details, company, message, optional scheduling preferences, and technical metadata needed for abuse prevention (e.g. truncated IP).
• Technical logs: diagnostics, security, and performance data such as timestamps, request paths, and error reports.

3. Purposes of processing

• Provide, secure, and improve the Service;
• Authenticate users and enforce workspace isolation;
• Communicate about onboarding, billing, and support;
• Operate optional AI-assisted features where enabled;
• Meet legal obligations and respond to lawful requests.

4. Legal bases (where GDPR applies)

We rely on performance of a contract for product use, legitimate interests for security and product analytics (balanced against your rights), consent where required (e.g. certain cookies or marketing communications), and legal obligation where applicable.

5. Sharing and subprocessors

We use infrastructure and service providers (for example: hosting, database, email delivery, payments, and AI model providers where features are enabled). They process data on our instructions and under appropriate agreements. A current list may be maintained internally and provided on request for enterprise customers.

6. International transfers

Data may be processed in the European Economic Area and other regions where we or our providers operate. Where data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses where required.

7. Retention

We retain personal data for as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Marketing inquiries may be retained in line with legitimate business and audit needs unless a shorter period is required by law.

8. Your rights

Depending on jurisdiction, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. To exercise rights, contact us via the contact form. You may also lodge a complaint with a supervisory authority.

9. Security

We implement administrative, technical, and organizational measures designed to protect personal data. No method of transmission or storage is completely secure; we encourage strong credentials and workspace policies.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes

We may update this policy and will revise the "Last updated" date above.

12. Contact

Privacy questions: Contact us. For data processing terms relevant to enterprise customers, see Data processing.