CRM Solid logo

Privacy Policy

Transparency about how we collect, use, and protect your personal information.

Not affiliated with Telegram, Meta, TikTok or X

What we collect

  • Account & billing info
  • Service usage data

Why we collect

  • Provide our service
  • Security & compliance

Your choices

  • Access, export, delete
  • Opt-out marketing

1. Introduction

Lovisoft ("we," "us," or "our") operates CRM Solid, an omnichannel CRM and social media management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service available at crmsolid.com and app.crmsolid.com.

You can contact us at [email protected].

This policy should be read alongside ourTerms of Service andData Processing Addendum.

2. Scope & Roles

We act in different capacities depending on the type of data:

  • Data Controller for website analytics, account management, and billing information
  • Data Processor for customer-uploaded contacts, message content, and automation sequences
  • Joint Controller with customers for certain AI features when enabled

See our Data Processing Addendum for more details.

3. Information We Collect

Information You Provide

  • Account details: name, email, password, profile information
  • Workspace information: team names, member roles, organization details
  • Billing information: payment methods, billing addresses, transaction history
  • Support communications: tickets, chat messages, feedback

Information Collected Automatically

  • Device information: IP address, browser type, operating system, device identifiers
  • Usage data: pages visited, features used, time spent, click patterns
  • Technical logs: error reports, performance metrics, API calls
  • Cookies and tracking technologies as described in our Cookie Policy

Connected Account & Service Data

  • Connected account data for the platforms you link — Telegram, Instagram, Facebook, WhatsApp, X (Twitter), TikTok, LinkedIn and email/IMAP — such as profile information, your published content/posts, messages, and comments, accessed only through each platform's official API and only on your instruction
  • OAuth access tokens and connection credentials for linked accounts, stored encrypted and revoked/deleted when you disconnect the account
  • Contact lists and conversation histories (processed on your behalf)
  • Automation sequences, templates, scheduled posts, and campaign data
  • Scraping results and lead information

We use connected-platform data solely to provide the features you enable (e.g., publishing posts, syncing your inbox, replying to messages). We do not sell it, and we do not use it to train AI models. Disconnecting an account removes its stored tokens and synced data.

AI Features Data

When AI features are enabled, we may process prompts, generated content, and feedback. This data may be sent to third-party AI providers under their terms and privacy policies.

4. How We Use Information (Purposes & Legal Bases)

We use your information for the following purposes:

  • Provide and maintain the Service (Legal basis: Contract performance)
  • Process payments and manage subscriptions (Legal basis: Contract performance)
  • Authenticate users and prevent fraud (Legal basis: Legitimate interests)
  • Provide customer support and respond to inquiries (Legal basis: Contract performance)
  • Improve our Service through analytics and research (Legal basis: Legitimate interests)
  • Send transactional communications (Legal basis: Contract performance)
  • Comply with legal obligations (Legal basis: Legal obligation)
  • Send marketing communications with consent (Legal basis: Consent)

We comply with GDPR, KVKK, CCPA, and other applicable privacy laws.

5. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential cookies: Authentication, security, basic functionality
  • Analytics cookies: Usage statistics, performance monitoring
  • Marketing cookies: Personalized content, advertising (with consent)
  • Preference cookies: Language, theme, user settings
View Cookie Policy

6. AI & Model Providers

AI features are optional and can be disabled in your account settings. When enabled:

  • Content and metadata may be processed by our AI providers (Anthropic / Claude and OpenAI) under their terms
  • We disable training on your data by default where possible
  • You can opt-out of AI processing at any time
  • AI-generated content should be reviewed before use

7. Connected Platforms & Third-Party Services

Our Service integrates with the following platforms and third-party services. When you connect an account, you authorize us to access it on your behalf through its official API:

  • Connected platforms: Telegram, Meta (Instagram, Facebook, WhatsApp), X (Twitter), TikTok, LinkedIn, and Google / YouTube
  • AI providers: Anthropic (Claude) and OpenAI
  • Email delivery and inbox sync (Resend and your own IMAP/SMTP provider)
  • Payment processors for billing (Stripe, PayPal, Iyzico, PayTR, and others)
  • Analytics and product telemetry providers
  • GeoIP lookup, error monitoring, and cloud infrastructure providers

Each platform handles your data under its own terms and privacy policy. See ourSecurity Page andData Processing Addendum for more information.

8. Data Sharing

We may share your information in the following circumstances:

  • With service providers and processors under appropriate agreements
  • With members of your organization or workspace as configured
  • For legal compliance, court orders, or regulatory requirements
  • In connection with a merger, acquisition, or sale of assets (with notice)
  • With your explicit consent for specific purposes

9. International Transfers

We may transfer your data internationally using appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Supplementary measures where required
  • Data residency options available for Enterprise customers

Primary data processing occurs in European Union (Frankfurt, Germany).

10. Data Retention

We retain different types of data for varying periods:

  • Account data: Until account deletion plus 30 days
  • Billing records: 7 years for tax and accounting purposes
  • Service logs: 90 days for security and debugging
  • AI interaction logs: 30 days unless opted out
  • Customer data: As directed by customer or until service termination

Workspace administrators can delete or export data through our self-service tools.

11. Security

We implement appropriate technical and organizational measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Network isolation and access controls
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response and breach notification procedures

You are responsible for maintaining strong authentication, securing API keys, and managing user permissions.

12. Your Rights

Depending on your location, you may have the following rights:

GDPR/KVKK Rights

  • Right of access: Request copies of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Opt-out of certain processing activities

CCPA/CPRA Rights

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt-out of sale or sharing of personal information
  • Right to non-discrimination: Equal service regardless of privacy choices

To exercise your rights, use our or email [email protected]. We'll verify your identity and respond within applicable timeframes.

Deleting Your Data

You can delete your data at any time: disconnect any linked platform (Telegram, Instagram, Facebook, WhatsApp, X, TikTok, LinkedIn, email) to remove its stored tokens and synced content, delete your account from Settings → Account to erase your workspace data, or email [email protected] with a deletion request. Backups are purged within 30 days.

13. Children's Privacy

Our Service is not directed to children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Workspace Admin Controls

Workspace administrators have additional controls and responsibilities:

  • Access to user data within their workspace
  • Ability to export and delete workspace data
  • User management and permission controls
  • Access to audit logs and activity reports
  • Responsibility for user consent and data protection compliance

15. Communications & Marketing

We send different types of communications:

  • Transactional emails: Account notifications, billing, security alerts
  • Product updates: New features, service changes, maintenance notices
  • Marketing emails: Newsletters, promotions (with consent)
  • Support communications: Responses to your inquiries

You can unsubscribe from marketing emails using the links provided or through your account settings.

16. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for significant changes

The effective date is shown at the top of this policy.

17. Contact

For privacy-related questions or to exercise your rights, contact us:

Data Protection OfficerLovisoft
Email:[email protected]

We value your privacy

We use cookies to improve our site, analyze traffic, and personalize ads. You can accept all, reject non-essential, or customize your choices. Read our Cookie Policy.