Privacy Policy

Last updated: February 20, 2026

1. Introduction

Salesbright ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share your personal information when you use our CRM platform ("Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your name, email address, and password. If you sign up through a third-party provider (Google or Microsoft), we receive your name and email address from that provider.

2.2 CRM Data

You may enter information about your contacts, companies, deals, tasks, notes, and other business data into the Service. This data is yours and is stored on your behalf.

2.3 Email Integration Data

If you connect your Gmail or Outlook account, we access and sync email messages to associate them with your CRM contacts. We store email metadata (sender, recipients, subject, date) and message content. OAuth tokens used to access your email are encrypted at rest using AES-256-GCM encryption.

2.4 Usage Data

We automatically collect information about how you use the Service, including pages visited, features used, browser type, and IP address. This data is used to improve the Service and troubleshoot issues.

2.5 Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

3. How We Use Your Information

We use your information for the following purposes:

  • Providing, maintaining, and improving the Service
  • Authenticating your identity and managing your account
  • Syncing and associating emails with CRM records
  • Sending transactional notifications (e.g., team invitations, system alerts)
  • Responding to your support requests
  • Enforcing our Terms and Conditions
  • Complying with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored in secure, managed cloud infrastructure. We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • AES-256-GCM encryption for stored OAuth tokens
  • Row-level security (RLS) policies for multi-tenant data isolation
  • Role-based access control within organizations
  • Regular security reviews and updates

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential.

5. Data Sharing

We may share your information in the following limited circumstances:

  • Within your organization: Team members in your organization can access shared CRM data according to their assigned roles.
  • Service providers: We use third-party infrastructure providers (e.g., Supabase for database hosting, Hetzner for servers) to operate the Service. These providers process data on our behalf under contractual obligations.
  • Legal requirements: We may disclose your information if required by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update or correct your account information at any time through the Service.
  • Deletion: You may request deletion of your account and associated data. CRM data uses soft deletion with a retention period before permanent removal.
  • Export: You may export your CRM data from the Service.
  • Disconnect integrations: You may disconnect email integrations at any time, which revokes our access to your email account and clears stored tokens.

To exercise these rights, contact us at support@slsb.one.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, compliance, or legitimate business purposes. Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics.

8. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence. We ensure appropriate safeguards are in place for any international data transfers in accordance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after the updated policy takes effect constitutes acceptance.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@slsb.one.