Privacy Policy

Last updated: April 2025

We keep this short and readable because your privacy matters.

1. What we collect

Information you give us:

  • Name and email when you sign up
  • Business name and details
  • Contact information for your customers (names, phone numbers, emails)
  • Invoice and financial data you enter
  • Notes and activity logs you create

Information collected automatically:

  • Your IP address
  • Browser type and version
  • Pages you visit within Crebo
  • Actions you take (for bug fixing)
  • Time and date of actions

We do NOT collect:

  • Payment card details (Stripe handles this directly)
  • Biometric data
  • Location data beyond country level
  • Any data from people who have not interacted with Crebo

2. How we use your data

To run the service:

  • Power your CRM and all its features
  • Send you transactional emails (password reset, invoice paid, etc.)
  • Send you notification emails (morning digest, assignments, etc.)

To improve the service:

  • Understand how features are used
  • Fix bugs and improve performance
  • Build new features users actually need

We NEVER:

  • Sell your data to anyone
  • Use your data for advertising
  • Share your customers' data with third parties (except as below)
  • Use your data to train AI models

3. Who we share data with

We share minimal data with these services to operate Crebo:

Supabase (supabase.com)

  • Purpose: database and authentication
  • Data: your account and all CRM data
  • Location: their secure cloud servers

Stripe (stripe.com)

  • Purpose: subscription billing
  • Data: your email, subscription status
  • NOT your CRM or customer data

Resend (resend.com)

  • Purpose: sending emails
  • Data: your email address and email content we generate

Vercel (vercel.com)

  • Purpose: hosting the application
  • Data: server logs only

Nobody else. That is the complete list.

4. Your rights

You have the right to:

Access your data:

Export all your data anytime from Settings → Export Data.

Correct your data:

Edit your profile and business details in Settings at any time.

Delete your data:

Delete your account from Settings → Danger Zone. All data is permanently deleted within 30 days.

Portability:

Download your data as CSV files from Settings.

Object to processing:

Email us at contact@crebo.in and we will address your request within 72 hours.

5. Data security

  • All data is encrypted in transit (HTTPS/TLS)
  • Sensitive fields (API keys, tokens) are encrypted at rest
  • Passwords are never stored — Supabase handles authentication
  • We conduct regular security reviews
  • Access to production data is restricted to essential personnel only
  • We will notify you within 72 hours of any data breach that affects you

6. Data retention

  • Active accounts: data kept as long as your account is active
  • Cancelled subscriptions: data kept for 30 days in read-only mode, then permanently deleted
  • Deleted accounts: all data permanently deleted within 30 days
  • Backup systems: purged within 90 days

7. Cookies

Crebo uses minimal cookies:

  • Authentication cookie (required) — keeps you logged in
  • Session cookie (required) — security and functionality

We do NOT use:

  • Advertising cookies
  • Tracking pixels
  • Third-party analytics cookies

You can clear cookies in your browser settings — this will log you out.

8. Children

Crebo is not intended for anyone under 18. We do not knowingly collect data from minors.

9. Changes

We will notify you by email at least 14 days before any significant changes to this policy.

10. Contact

Data controller: Crebo

For GDPR requests or privacy concerns, email us and we will respond within 72 hours.