Privacy Policy

1. Who we are

REDCRM ("we", "us", "our") provides an event-based activation platform for venues, restaurants and event organisers. This Privacy Policy explains how we handle personal data when you use our services at getredcrm.com.

2. Data we collect

• Account data: name, email, organisation name, password hash.
• Contact data you upload: guest names, emails, phone numbers, tags and custom fields.
• Event data: events, attendees, attendance status, notes.
• Usage data: log data, IP address, browser type, pages visited.

3. How we use data

We use personal data to provide, maintain and improve the platform, to authenticate users, to send transactional emails (via Resend), to support WhatsApp activations triggered by you, and to comply with our legal obligations.

4. Legal basis (GDPR)

For account holders we rely on the performance of a contract. For guest contacts uploaded by account holders, the account holder is the data controller and REDCRM acts as a data processor. For service emails and security logs we rely on legitimate interest.

5. Sharing & sub-processors

We share data only with sub-processors that help us run the service: Supabase (database & auth), Resend (transactional email), and Lovable (hosting). We do not sell personal data.

6. Data retention

We retain account and contact data for as long as your organisation is active. You can delete individual contacts at any time from the dashboard. On account closure, data is deleted within 30 days, except where retention is legally required.

7. Your rights

You have the right to access, rectify, erase, restrict or port your personal data, and to object to processing. To exercise these rights, email privacy@getredcrm.com.

8. Security

Each organisation lives in an isolated workspace with row-level security. Data is encrypted in transit (TLS) and at rest. Access is restricted to authorised personnel.

9. Contact

Questions about this policy? Email us at privacy@getredcrm.com.