Privacy Policy

Last updated: March 15, 2026

1. Introduction

Privatka CRM ("we", "our", "the Service") is a secure team collaboration platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By accessing or using Privatka CRM, you agree to the terms described in this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Username
• Password (stored as a one-way cryptographic hash; we never store plaintext passwords)
• Telegram bot token and chat ID (optional, provided by you for notification integration)

2.2 User-Generated Content

Data you create within the platform, including:

• Tasks, projects, and board content
• Database tables and cell values
• Notebook entries
• Uploaded files and attachments
• Time tracking sessions and activity logs

2.3 Technical Data

We automatically collect:

• IP address and browser user-agent (for security and session management)
• Login timestamps and session metadata
• Error logs for debugging purposes

3. Encryption and Data Security

Security is core to our platform. We implement the following measures:

• AES-256-GCM Encryption — all sensitive user content (task titles, database cell values, notebook content, passwords stored in database tables) is encrypted at rest using AES-256-GCM, a military-grade authenticated encryption standard.
• TLS/HTTPS — all data in transit between your browser and our servers is encrypted via TLS 1.2+.
• Hashed Passwords — your account password is hashed using bcrypt with salt; we cannot recover or view it.
• Two-Factor Authentication (2FA) — optional additional security layer via Telegram-delivered codes.
• Session Security — sessions are bound to your IP and user-agent, with automatic expiration.

4. How We Use Your Information

We use your data exclusively to:

• Provide and operate the Service (task management, collaboration, time tracking, database storage)
• Authenticate your identity and enforce access controls
• Deliver notifications via Telegram (only if you configure your bot)
• Generate usage statistics visible only to you and your team (time tracking, activity logs)
• Maintain security, detect abuse, and prevent unauthorized access

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. Data is shared only in the following cases:

• Telegram Bot API — when you configure Telegram integration, notification messages are sent via the Telegram Bot API using credentials you provide. We do not store message content on Telegram servers beyond what Telegram itself retains.
• Team Collaboration — when you invite teammates or share databases/boards, the shared content becomes accessible to those specific users under the roles you assign (viewer or editor).
• Legal Requirements — we may disclose data if required by law, court order, or to protect our legal rights.

6. Data Storage and Retention

• Your data is stored on secure servers with restricted access.
• Encrypted content remains encrypted at rest in our database.
• Deleted items (tasks, notes, database rows) are soft-deleted and permanently removed after 30 days.
• You may request full account deletion at any time by contacting us.
• Upon account deletion, all associated data is permanently and irreversibly removed from our systems within 30 days.

7. Cookies and Local Storage

Privatka CRM uses:

• Session cookies — essential for authentication and maintaining your login state. These are strictly necessary and cannot be disabled.
• Local Storage — used to store UI preferences (sidebar state, theme, language) on your device. No tracking data is stored.

We do not use analytics cookies, tracking pixels, or any third-party tracking technologies.

8. Your Rights

You have the right to:

• Access your personal data stored in the Service
• Correct inaccurate information via your account settings
• Export your data (database tables, notes, time tracking records)
• Delete your account and all associated data
• Withdraw Telegram integration at any time by removing your bot credentials

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

Privatka CRM is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a user is under 16, we will promptly delete their account and data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or your data, contact us:

• Email: [email protected]