What we collect, why, and the rights you have over it.
CRM-G ("we", "us") operates the crmg.ai website and the CRM-G application — a multi-tenant CRM platform covering Sales, Service, and Time Management with a built-in AI assistant. Questions about this policy or your data: use our contact page, or email security@crmg.ai for privacy and security matters.
We handle personal data in two distinct capacities:
We do not run third-party advertising trackers on crmg.ai. The site loads fonts and icons from Google Fonts and cdnjs (Cloudflare), which receive your IP address as part of serving those files.
Under the GDPR, our legal bases are performance of a contract (operating your workspace), legitimate interest (security, service communications), and consent where required. We do not sell personal data.
The built-in AI assistant processes the CRM data your organization stores in its workspace in order to answer questions and execute the actions you request. Personally identifiable information is redacted before content is sent to the large-language-model provider, model calls are subject to per-tenant guardrails and quotas, and AI-initiated actions are recorded in the audit log. We do not use your workspace data to train foundation models.
We use a small set of infrastructure providers to deliver the service: Google Cloud Platform (hosting), Mailgun (transactional email), Qdrant Cloud (vector search), Anthropic / Google Vertex AI (LLM inference), and Stripe (billing). The current list and what each does is maintained on our security page. We notify workspace administrators in advance of material sub-processor changes.
The service is hosted on Google Cloud Platform in the United States (us-central1). Where required, we make Standard Contractual Clauses and a Data Processing Addendum (DPA) available — request one via the contact page.
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. To exercise them for data we control, contact us via the contact page or security@crmg.ai; we respond within the timelines the applicable law requires. For data inside a customer workspace, contact that organization's administrator — we will support their response.
CRM-G is a business tool and is not directed at children under 16. We do not knowingly collect personal data from children.
We will post updates to this policy here and update the effective date. For material changes affecting active workspaces, we notify workspace administrators.