Privacy Policy

Data We Process

The CRM stores account identity data, organization membership data, API key metadata, subscription records, CRM records entered by users, task records, webhook configuration, and product observability events.

API key secret values are not stored after creation. The application stores a hash, prefix, and last-four display metadata.

How Data Is Used

Data is used to operate the CRM, authenticate users and API clients, enforce organization access, process billing, send transactional email, deliver webhooks, meter usage, debug reliability, and support customer-requested deletion.

Service Providers

The product currently depends on Vercel, Neon, Better Auth, Stripe, Resend, Svix, and Vercel Sandbox for hosting, storage, authentication, billing, email, webhook delivery, and isolated task execution.

Security

The product uses organization-scoped authorization, scoped API keys, hashed API key storage, secret redaction for observability, dependency auditing, and redacted secret scanning.

Retention and Deletion

Users can delete an organization from settings. Organization deletion cancels billing, stops running sandboxes, deletes webhook application resources, and deletes organization-linked database rows through application and database cascade rules.

Automatic time-based retention jobs are not implemented in the current launch build.