SwiftlyCRM
Legal

Privacy Policy

Last updated:

SwiftlyCRM (“we”, “us”, or “our”) is committed to protecting the privacy of individuals who interact with our website and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use SwiftlyCRM.

1. What We Collect

We collect information you provide directly to us and information generated through your use of our services:

  • Account data — your name, email address, company name, and password when you register for SwiftlyCRM.
  • Profile data — optional information such as your phone number, job title, and profile photograph.
  • CRM data — contacts, deals, notes, files, and other business data you enter into the platform. This data is yours; we process it on your behalf.
  • Billing data — payment method details are collected and stored by our payment processors (Paystack and Stripe). We do not store full card numbers on our servers.
  • Usage data — log files, IP addresses, browser type, pages visited, and feature usage patterns that help us improve the product.
  • Communications — emails or messages you send to our support or sales team.
  • Google account data — if you choose to connect your Google account for calendar sync, we store a long-lived OAuth refresh token and the email address of the connected Google account. See Section 5 for what this data is used for.

2. How We Use It

We use the information we collect to:

  • Provide, operate, and improve the SwiftlyCRM platform and related services.
  • Process transactions and send related information, including purchase confirmations and invoices.
  • Send transactional and product communications such as account notifications, security alerts, and feature announcements.
  • Respond to your support requests, comments, and questions.
  • Monitor and analyse usage trends to improve usability and performance.
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities.
  • Comply with legal obligations, resolve disputes, and enforce our agreements.

We do not sell your personal data to third parties. We do not use your CRM data to train AI models or for any purpose other than providing the service to you.

3. Data Storage and Security

Your data is stored on secure servers hosted in data centres that meet industry-standard security certifications. We use encryption in transit (TLS 1.2+) and at rest for sensitive fields. Access to production databases is restricted to authorised personnel only and requires multi-factor authentication.

While we take reasonable precautions to protect your information, no method of transmission over the internet is 100% secure. If you become aware of any security vulnerability, please report it to security@swiftlycrm.com.

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it by law.

4. Sharing with Third Parties

We share personal data only in the following circumstances:

  • Service providers — we use trusted third-party services to help operate our platform (cloud hosting, email delivery, payment processing, error monitoring). These providers are contractually bound to use your data only to perform services on our behalf.
  • Legal requirements — we may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations or protect the rights, property, or safety of SwiftlyCRM or others.
  • Business transfers — if SwiftlyCRM is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Google Calendar Integration

SwiftlyCRM offers an optional integration that lets you sync meetings you schedule in SwiftlyCRM to your Google Calendar. If you choose to connect your Google account, we request the following OAuth scopes via Google's standard consent screen:

  • openid, email, profile — to identify which Google account is linked to your SwiftlyCRM user.
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete events on your primary Google Calendar that you (or a teammate who invited you) have scheduled through SwiftlyCRM.

What we do with this access:

  • When a SwiftlyCRM meeting is scheduled with you as an attendee, we create a corresponding event on your Google Calendar with the meeting's title, start time, end time, and description.
  • If the meeting's details change, we update the same event.
  • If the meeting is cancelled or you are removed as an attendee, we delete the event from your calendar.

What we do NOT do:

  • We do not read your existing calendar events or any other data from your Google account beyond what is strictly needed to create/update/delete the SwiftlyCRM-scheduled events.
  • We do not share your Google user data with third parties.
  • We do not use your Google user data for advertising or to train machine-learning models.
  • Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we store your credentials: we store a Google OAuth refresh token associated with your SwiftlyCRM user, protected at rest with the same security controls as the rest of your account data. We also store a per-event Google event ID for each meeting event we've created, so we can update or delete it later — we do not store any other Google calendar content.

Revoking access: you can disconnect at any time from Settings → Calendar → Disconnect Google Calendar inside SwiftlyCRM. This deletes our stored refresh token and revokes it with Google. You can also revoke access directly from your Google Account Permissions page.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — you can request a copy of the personal data we hold about you.
  • Correction — you can ask us to correct inaccurate or incomplete data.
  • Deletion — you can ask us to delete your personal data. Note that some data may need to be retained for legal or contractual reasons.
  • Portability — you can request your data in a machine-readable format so you can transfer it to another service.
  • Objection — you can object to certain types of processing, including direct marketing.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@swiftlycrm.com. We will respond within 30 days.

7. Cookies

We use cookies and similar tracking technologies to operate and improve our services. See our Cookie Policy for details.

8. Children's Privacy

SwiftlyCRM is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notification before the changes take effect. Continued use of SwiftlyCRM after changes are posted constitutes acceptance of the revised policy.

10. Contact

If you have questions, concerns, or requests regarding this Privacy Policy, please contact our Data Privacy team:

Email: privacy@swiftlycrm.com