Obriym CRM logoObriym CRMCustomer flow workspace
AIFeaturesPricingRoadmapIntegrations
Sign inGet started
AIFeaturesPricingRoadmapIntegrations

Legal

Data Processing Agreement

Effective date: July 18, 2026

1. Roles

For personal data belonging to your own end-customers — including protected customer data from a connected Shopify store — you, as the workspace owner, are the data controller, and Obriym is the data processor.

Obriym processes that data only on your documented instructions. Those instructions are given by how you configure and use the service.

2. Subject matter and purpose

Obriym processes personal data solely to provide the CRM and e-commerce workspace: lead capture, contact, company and deal management, orders, storefront-customer sync, support, and the integrations you choose to enable.

We do not process your data for our own marketing, we do not sell it, and we do not use protected customer data to train AI models.

3. Categories of data and data subjects

Data subjects are your leads, contacts, and storefront customers.

  • Name, email address, and phone number
  • Postal and shipping address
  • Order history and interaction history

4. Our obligations

As your processor, Obriym undertakes to:

  • Process personal data only on your documented instructions, and never sell it
  • Bind personnel to confidentiality and least-privilege access
  • Apply appropriate technical and organizational security measures, including encryption of credentials at rest and in transit
  • Assist you with data-subject requests — for Shopify stores the customer data request and redaction flows are implemented and run automatically
  • Notify you without undue delay after becoming aware of a personal-data breach
  • Delete or return personal data when the service ends, subject to the published retention windows

5. Subprocessors

Obriym engages the subprocessors published on the Subprocessors page. By using the service you authorise those subprocessors.

Obriym remains responsible for their compliance and gives notice of material changes to the list.

6. International transfers

Where data is transferred outside its region, the transfer relies on the subprocessor's standard contractual clauses or an equivalent safeguard.

7. Security and breach notification

Third-party credentials are encrypted at rest, access tokens are short-lived and rotated, and error monitoring is configured to scrub personal data before it leaves the application.

If a personal-data breach affects your workspace, we notify you without undue delay with the facts known at that time, and we follow up as the investigation progresses.

8. Data-subject and deletion requests

You can send a request to the contact address below. For connected Shopify stores, Shopify's mandatory customer data request and redaction webhooks drive the process automatically.

You remain the controller who fulfils the request to the data subject; Obriym provides the data and performs the deletion on its side.

9. Contact

For privacy questions, data-subject requests, security reports, or a countersigned copy of this agreement, contact us at crm@obriym.com

SubprocessorsPrivacy PolicyBack to home
Obriym CRM logoObriym CRMCustomer flow workspace

Obriym CRM is a focused workspace for sales teams and e-commerce operations. Leads, deals, orders, and customer retention in one place.

Product by OBRIYM

  • crm@obriym.com
  • OBRIYM
  • Serhii Oberemchuk

Individual Entrepreneur Oberemchuk Serhii Oleksandrovych · State reg. 178752761226

Product

  • AI
  • Features
  • Pricing
  • Compare
  • Roadmap
  • Integrations
  • API Reference

Company

  • About OBRIYM
  • Founder
  • Contact
  • Roadmap

Developers

  • For developers
  • OpenAPI spec
  • JS Widget
  • Lead intake API
  • Orders API

©2026Obriym CRM by OBRIYM. Built for production sales and e-commerce teams.

Terms of UseTerms of ServicePayment & RefundsPrivacy PolicySubprocessorsData ProcessingLegal detailsData DeletionPricingAPI Docs