Introduction
This Privacy Policy explains how SalesFlow ("SalesFlow", "we", "us") collects, uses, stores and protects personal data when you use our CRM and sales enablement platform.
SalesFlow is designed with privacy and security by design principles. We apply industry-standard technical and organizational measures to protect the data entrusted to us, but we do not claim to hold any specific privacy or security certification unless explicitly stated in writing.
Data Controller
The data controller for the SalesFlow service is ConsultIT Services Kft. (registered in Hungary). For any privacy-related question, please contact us at info@consultit.eu.com.
When you use SalesFlow to manage your own customers, contacts, quotations or activities, your organization is the controller of that data and SalesFlow acts as a processor on your behalf.
What personal data we collect
We collect only the data necessary to operate the service:
- Account data: name, email address, password hash, language preference, profile image (optional).
- Workspace data: organization name, team members, roles and invitations.
- CRM content you enter: clients, contacts, opportunities, quotations, activities, notes and attachments.
- Technical data: IP address, browser type, device information, log timestamps.
- Usage data: feature interactions and error diagnostics used to improve the product.
How we use your data
We use personal data to:
- Provide, maintain and secure the SalesFlow platform and its features.
- Authenticate users and manage access to organizations and workspaces.
- Send transactional emails such as password resets, invitations and important service notices.
- Provide customer support and answer your inquiries.
- Detect, investigate and prevent fraud, abuse or security incidents.
- Comply with legal obligations.
We do not sell personal data and we do not use CRM content you upload to train third-party AI models.
Legal basis for processing
Under the GDPR, we rely on the following legal bases:
- Performance of a contract — to deliver the SalesFlow service you or your organization subscribed to.
- Legitimate interests — to keep the service secure, prevent abuse and improve product quality.
- Legal obligation — to comply with tax, accounting and other applicable regulations.
- Consent — for optional communications and non-essential cookies, where applicable.
Data retention
We retain personal data only for as long as necessary to provide the service and to comply with our legal obligations.
Account and workspace data are retained while the account is active. When an organization terminates its subscription, its CRM data is deleted or anonymised within a reasonable period, subject to any legally required retention.
Backups are rotated on a rolling schedule and are permanently overwritten in the normal course of operation.
Data security
We apply industry-standard technical and organizational measures, including encryption in transit (TLS), encryption at rest for the database, role-based access controls, row-level security, audit logging, and least-privilege administrative access.
Despite these measures, no online service can guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify affected users and, where required, the competent supervisory authority in accordance with applicable law.
Third-party processors
We rely on carefully selected sub-processors to operate SalesFlow, including cloud infrastructure, database, authentication, email delivery and error monitoring providers.
All sub-processors are bound by written data processing agreements and are required to apply appropriate security measures. A current list of sub-processors is available on request.
International data transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where relevant, supplementary measures to ensure a level of protection consistent with the GDPR.
Your GDPR rights
If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:
- Right of access to your personal data.
- Right to rectification of inaccurate data.
- Right to erasure ("right to be forgotten").
- Right to restrict or object to processing.
- Right to data portability.
- Right to withdraw consent at any time, where processing is based on consent.
- Right to lodge a complaint with a supervisory authority (in Hungary: NAIH).
To exercise any of these rights, please contact us at info@consultit.eu.com.
Contact information
For any privacy-related question, please reach out to ConsultIT Services Kft. at info@consultit.eu.com.
Policy updates
We may update this Privacy Policy from time to time. Material changes will be communicated through the application or by email. The "Last updated" date at the top of this page always reflects the most recent revision.