– leads centralized
Qualify CRM
Sign in
Back

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for personal data collected via Qualify CRM is: Qualify CRM, accessible at qualify-crm.com.

For any questions regarding the protection of your data, contact us at: [email protected]

2. Data Collected

We collect the following categories of data:

  • Account data: first name, last name, email address, password (bcrypt hashed), organization
  • Connection data: IP address, user-agent, date/time of connection
  • Lead data (collected on behalf of users): name, email, phone, message, IP address (anonymized after 30 days), UTMs, referral URL
  • Billing data: managed directly by LemonSqueezy (we do not store credit card data)

3. Purposes and Legal Bases (GDPR Art. 6)

PurposeLegal basis
Providing the CRM servicePerformance of contract (Art. 6.1.b)
Security and fraud preventionLegitimate interest (Art. 6.1.f)
Lead collection via formsLegitimate interest / Consent as applicable (Art. 6.1.a-f)
Billing and accountingLegal obligation (Art. 6.1.c)
Service communications (transactional emails)Performance of contract (Art. 6.1.b)

4. Data Retention Periods

  • Account data: duration of subscription + 30 days after cancellation
  • Lead IP addresses: automatically anonymized after 30 days
  • Connection logs: 90 days
  • Refresh tokens: 7 days (automatic rotation)
  • Billing data: 10 years (accounting obligation)

5. Data Recipients

Your data is accessible only to members of your organization with appropriate access rights. Qualify CRM does not sell or rent your data to third parties.

Technical subprocessors:

  • OVH (hosting, EU)
  • LemonSqueezy (payments)
  • o2switch (transactional emails)

6. Transfers Outside the EU

Hosting is within the EU region. LemonSqueezy may process data in the United States, under the Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights (GDPR Art. 15–22)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): obtain a copy of your data
  • Right to rectification (Art. 16): correct inaccurate data
  • Right to erasure (Art. 17): request deletion of your data
  • Right to data portability (Art. 20): receive your data in a structured format (available from the GDPR page)
  • Right to object (Art. 21): object to certain processing
  • Right to restriction (Art. 18): restrict certain processing

To exercise these rights, contact us at [email protected]. We will respond within one month (Art. 12.3).

In case of unresolved dispute, you may file a complaint with the CNIL (French data protection authority).

8. Data Security

Qualify CRM implements appropriate technical and organizational measures: HTTPS/TLS encryption, hashed passwords (bcrypt), short-lived JWT tokens, refresh token rotation, login attempt limiting, automatic IP anonymization, role-based access control.

9. Cookies

Qualify CRM only uses cookies strictly necessary for service operation (HttpOnly session cookie for authentication). No advertising or tracking cookies are used.

Terms of UseLegal Notice