Obriym CRM logoObriym CRMCustomer flow workspace
Get started
FeaturesPricingIntegrationsAPI DocsDocs

Legal

Privacy Policy

Effective date: June 1, 2026

1. Who We Are

Obriym CRM ("we", "us", or "our") operates the CRM and e-commerce management platform available at this domain. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service.

Questions or requests regarding your personal data: privacy@obriym.com

2. Information We Collect

Account information

When you register, we collect your name, email address, and password (stored as a secure hash). Invited team members provide only what is required to create their account.

Workspace data

Data you enter into your workspace — leads, contacts, companies, deals, orders, and related records — is your data. We store it to provide the Service and do not use it for advertising or share it with third parties for their own purposes.

Usage and technical data

We collect standard server logs including IP addresses, request paths, timestamps, and response codes. This data is used for security, debugging, and Service reliability. We do not use it to build user profiles.

Email communications

We send transactional emails: account verification, password reset, team invitations, and (if enabled) daily activity digests. We do not send marketing emails without explicit opt-in.

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To authenticate users and enforce role-based access
  • To send transactional notifications you have requested
  • To investigate abuse, security incidents, and technical issues
  • To comply with legal obligations

We do not sell your personal data. We do not use your workspace data for machine learning or advertising.

4. Data Storage and Security

Your data is stored in a Neon Postgres database hosted in the EU/US region. We apply encryption in transit (TLS) and at rest. Access to production data is restricted to authorized personnel.

Workspace data is fully isolated — no cross-workspace data access is possible through the application layer.

API tokens and widget keys are stored as SHA-256 hashes only. We never store or log plaintext credentials.

5. Data Retention

Your data is retained as long as your workspace exists. When you delete your workspace, data is permanently deleted within 30 days. You may export your workspace data at any time before deletion.

Server logs are retained for 90 days. Audit activity logs within your workspace are retained for 1 year.

6. Your Rights (GDPR / CCPA)

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at privacy@obriym.com. We will respond within 30 days.

7. Third-Party Services

We use the following third-party services to operate the platform:

  • Neon — Postgres database hosting
  • Vercel — application hosting and blob storage for uploaded files (product images and record attachments)
  • Nodemailer / SMTP — transactional email delivery

Each service processes only the data necessary for its function and operates under its own privacy policy.

8. Cookies

We use a single session cookie to maintain your authenticated session. No tracking cookies, advertising pixels, or third-party analytics scripts are loaded.

9. Children

The Service is not directed at children under 16. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy. We will notify workspace owners by email at least 14 days before material changes take effect. The effective date at the top of this page reflects the latest revision.

11. Contact

Privacy questions or data requests: privacy@obriym.com

Terms of ServiceBack to home