Privacy Policy
Effective date:
ChatCRM (we,” “us,” or “our”) operates the ChatCRM conversational CRM platform and related services (the “Services”). This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Services.
By using the Services, you agree to this Privacy Policy together with our Terms & Conditions. If you do not agree, do not use the Services.
1. Who this policy applies to
This policy applies to visitors to our websites, trial users, paying customers, and users invited to a customer workspace (each, “you”). If you use ChatCRM on behalf of a company, “you” includes you and that organization, as applicable.
2. Information we collect
2.1 Account and billing
Name, email, phone, organization name, role, credentials, and payment-related information processed by our payment providers.
2.2 Customer content (“Customer Data”)
Information you or your users submit or generate in the Services, including CRM records (contacts, companies, deals, notes, tasks, activities), messages and files from connected channels, configuration, and free-text input used with AI features.
2.3 Technical and usage data
IP address, device/browser type, timestamps, diagnostics, security logs, and aggregated usage metrics.
2.4 Google-related data (optional)
If you connect Google Calendar or Gmail, we process the categories described in Section 11.
3. How we use information
We use information to:
provide, operate, secure, and improve the Services;
enable integrations and features you configure;
provide support and service communications;
comply with law and enforce our agreements;
detect, prevent, and respond to fraud, abuse, or security incidents.
Google user data from Google APIs is used only as described in Section 11. We do not use such data to train generalized machine learning or foundation models.
We may use aggregated or de-identified data to understand product usage, subject to applicable law.
4. Legal bases (where applicable)
If the GDPR or similar laws apply, we rely on bases such as: contract (to provide the Services), legitimate interests (security, improvement, internal operations balanced against your rights), consent (where required, e.g. certain cookies or marketing), and legal obligation.
5. How we share information
We do not sell personal information. We may share information with:
service providers who assist with hosting, email delivery, payments, analytics, security, and AI/infrastructure processing, under contracts;
professional advisers (lawyers, accountants) where needed;
authorities when required by law or to protect rights, safety, and integrity;
successors in a merger, acquisition, or asset sale, subject to safeguards.
6. International transfers
We may process data in [country/region] and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses).
7. Security
We implement technical and organizational measures designed to protect information, including encryption in transit and protections for data at rest appropriate to the Services. No system is perfectly secure.
8. Retention
We retain information for as long as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention details for Google connections are in Section 11.
9. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. To exercise rights, contact [privacy email]. We may verify your request.
You can manage cookies through your browser. Marketing communications can be opted out via the unsubscribe mechanism where provided.
10. Children
The Services are not directed to children under [16 / 18] (or the age required in your jurisdiction). We do not knowingly collect personal information from children.
11. Google integrations (Calendar and Gmail)
11.1 Optional OAuth
Connecting Google Calendar or Gmail is optional and uses Google OAuth. We access Google user data only after you authorize the permissions on Google’s consent screen.
11.2 Data categories
We may process: your Google account email (e.g. via userinfo) to show which account is connected; Calendar event fields returned by Google (e.g. title, time, description, location, attendees as returned, Meet/conference details when present, identifiers) to display and manage events and link them to CRM records; Gmail thread/message data returned by Google (e.g. identifiers, headers, labels, snippets/bodies) to display mail, sync for CRM features, timelines, and user-initiated drafting context; and OAuth tokens to call Google APIs on your behalf.
11.3 Use limitations for Google user data
We use Google user data obtained through Gmail/Calendar APIs only to provide the connected features. We do not use it for interest-based advertising, sale, data broker transfers, creditworthiness/lending, or training generalized ML/foundation models.
11.4 AI subprocessors
If a feature sends Gmail or Calendar content to a non-Google processor (e.g. an LLM provider), we do so only to deliver the specific user-facing feature you initiate, under our agreements with vendors.
11.5 Retention and deletion
We retain Google-related tokens and caches while the integration is active and as needed for functionality. When you disconnect in ChatCRM or delete your account, we delete or anonymize associated tokens and remove or delete cached Google-sourced content within a reasonable period, except where law requires limited retention. You may also revoke access in your Google Account.
11.6 Google’s terms
Your use of Google services remains subject to Google’s applicable terms and policies.
12. Third-party links and integrations
The Services may link to third-party sites or depend on third-party platforms (WhatsApp, Telegram, etc.). Their privacy practices are governed by their own policies.
13. Changes to this policy
We will post updates at [Privacy Policy URL] and revise the effective date. Material changes may require additional notice where required by law.
14. Contact
ChatCRM
Privacy inquiries: seymur@chatcrm.co