Automattic CRM
Automattic CRM
Legal

Privacy Policy

Last updated: January 14, 2026 · Effective: February 1, 2027

1. Overview

This policy describes how AutomatticCRM, Inc. ("we", "us") collects and processes information when you use automatticcrm.com, our mobile apps, or our APIs (together, the "Service"). We wrote this in plain English. If anything's unclear, email privacy@automatticcrm.com and a human will reply.

2. What we collect

Account & workspace data

Name, email, password hash, workspace name, team size, role, billing address, and payment method.

Customer data you put in the CRM

Records you create — contacts, deals, tickets, emails, attachments, custom fields. You are the data controller for this data; we are the processor.

Usage data

Pages visited, features used, errors, device model, browser, IP address, and approximate location (country/region) for abuse prevention and product improvement.

3. How we use it

  • To provide the Service and authenticate you
  • To bill, prevent fraud, and meet legal obligations
  • To respond to your support requests
  • To improve the product in aggregate (never on identifiable customer records)
  • To send operational emails (password resets, outages, policy changes). Marketing emails are opt-in.

4. AI & model providers

When you use AI features, we send the minimum necessary context to the model provider you've selected (OpenAI, Anthropic, Google, or self-hosted Ollama). We have zero-retention inference contracts with every supported provider — your data is not stored on their systems beyond the request and is never used to train their public models. If you bring your own API key, your data goes directly to your provider under your agreement with them.

5. Who we share with

We share data only with sub-processors listed on our sub-processors page (payment processing, cloud hosting, email delivery, error monitoring, model providers). We do not sell personal data. We disclose data to authorities only under a valid, legally compelled request, and we notify you whenever not prohibited from doing so.

6. Retention

  • Account data: kept while your account is active; deleted 30 days after closure unless legally required to retain.
  • Customer records: you control retention inside the product. On workspace deletion, backups are purged within 60 days.
  • Logs: 90 days rolling.
  • Billing records: 7 years (tax obligation).

7. Your rights

You have the right to access, correct, port, delete, and object to processing of your personal data. To exercise any of these, use in-app controls or email privacy@automatticcrm.com. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Security

Data at rest is encrypted with AES-256; data in transit with TLS 1.3. We enforce MFA for staff, run annual penetration tests, and maintain SOC 2 Type II attestation. Responsibly disclose vulnerabilities to security@automatticcrm.com.

9. International transfers

We store data in the region closest to your workspace (US, EU, or APAC). Cross-border transfers — where they occur — rely on Standard Contractual Clauses and supplementary measures as required by GDPR. Enterprise customers can pin data residency to a single region.

10. Changes & contact

We'll email account admins at least 30 days before any material change. Reach us at privacy@automatticcrm.com or by mail: AutomatticCRM, Inc., 548 Market Street, #62344, San Francisco, CA 94104, USA.

Skip to main content