Legal

    Privacy Policy

    At SalesFlow, trust is foundational. Below is a transparent overview of how we handle personal data.

    Last updated: July 2, 2026

    Introduction

    This Privacy Policy explains how SalesFlow ("SalesFlow", "we", "us") collects, uses, stores and protects personal data when you use our CRM and sales enablement platform.

    SalesFlow is designed with privacy and security by design principles. We apply industry-standard technical and organizational measures to protect the data entrusted to us, but we do not claim to hold any specific privacy or security certification unless explicitly stated in writing.

    Data Controller

    The data controller for the SalesFlow service is ConsultIT Services Kft. (registered in Hungary). For any privacy-related question, please contact us at info@consultit.eu.com.

    When you use SalesFlow to manage your own customers, contacts, quotations or activities, your organization is the controller of that data and SalesFlow acts as a processor on your behalf.

    What personal data we collect

    We collect only the data necessary to operate the service:

    • Account data: name, email address, password hash, language preference, profile image (optional).
    • Workspace data: organization name, team members, roles and invitations.
    • CRM content you enter: clients, contacts, opportunities, quotations, activities, notes and attachments.
    • Technical data: IP address, browser type, device information, log timestamps.
    • Usage data: feature interactions and error diagnostics used to improve the product.

    How we use your data

    We use personal data to:

    • Provide, maintain and secure the SalesFlow platform and its features.
    • Authenticate users and manage access to organizations and workspaces.
    • Send transactional emails such as password resets, invitations and important service notices.
    • Provide customer support and answer your inquiries.
    • Detect, investigate and prevent fraud, abuse or security incidents.
    • Comply with legal obligations.

    We do not sell personal data and we do not use CRM content you upload to train third-party AI models.

    Data retention

    We retain personal data only for as long as necessary to provide the service and to comply with our legal obligations.

    Account and workspace data are retained while the account is active. When an organization terminates its subscription, its CRM data is deleted or anonymised within a reasonable period, subject to any legally required retention.

    Backups are rotated on a rolling schedule and are permanently overwritten in the normal course of operation.

    Data security

    We apply industry-standard technical and organizational measures, including encryption in transit (TLS), encryption at rest for the database, role-based access controls, row-level security, audit logging, and least-privilege administrative access.

    Despite these measures, no online service can guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify affected users and, where required, the competent supervisory authority in accordance with applicable law.

    Third-party processors

    We rely on carefully selected sub-processors to operate SalesFlow, including cloud infrastructure, database, authentication, email delivery and error monitoring providers.

    All sub-processors are bound by written data processing agreements and are required to apply appropriate security measures. A current list of sub-processors is available on request.

    International data transfers

    Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where relevant, supplementary measures to ensure a level of protection consistent with the GDPR.

    Your GDPR rights

    If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

    • Right of access to your personal data.
    • Right to rectification of inaccurate data.
    • Right to erasure ("right to be forgotten").
    • Right to restrict or object to processing.
    • Right to data portability.
    • Right to withdraw consent at any time, where processing is based on consent.
    • Right to lodge a complaint with a supervisory authority (in Hungary: NAIH).

    To exercise any of these rights, please contact us at info@consultit.eu.com.

    Contact information

    For any privacy-related question, please reach out to ConsultIT Services Kft. at info@consultit.eu.com.

    Policy updates

    We may update this Privacy Policy from time to time. Material changes will be communicated through the application or by email. The "Last updated" date at the top of this page always reflects the most recent revision.

    Questions?
    Contact us:
    info@consultit.eu.com