Privacy Policy
How we collect, use, and protect your Personal Information across the CRMown platform, mobile app, and website.
→
Security Overview
Our technical architecture, encryption standards, access controls, AI audit logging, and infrastructure security practices.
→
Data Processing Agreement
Standard DPA for customers who need GDPR-compliant data processing terms. Covers controller-processor responsibilities.
→
Sub-Processors
Complete list of third-party services that may process data on behalf of CRMown, including hosting, payments, AI, and email delivery.
→
Data Deletion Request
Request deletion of your Personal Information from CRMown systems. We will respond within 30 days.
→
Report a Vulnerability
Found a security issue? Report it responsibly. We take all reports seriously and will respond within 48 hours.
→
★ The CRMown Difference
CRMown is the only CRM platform that offers a self-hosted "Own" option. When you purchase a perpetual license, your data lives entirely on your server — CRMown has zero access to self-hosted instances. No other CRM can make this claim. Your server, your database, your encryption keys, your AI keys. Complete data sovereignty.
Encryption
TLS 1.2/1.3 in transit. AES-256 at rest. Bcrypt password hashing with cost factor 12.
Access Control
10 built-in roles with field-level permissions. JWT authentication. API key dual-auth with HMAC-SHA256.
AI Safety
AI audit log for all actions. Approval queue for autonomous AI. No data used for AI training.
Consent Management
Per-contact consent tracking. GDPR/CCPA mode. Double opt-in. Public preference center.
Infrastructure
PostgreSQL database. DigitalOcean hosting. Docker containers. Daily encrypted backups.
Open Platform
HMAC-signed webhooks. API key scoping. Webhook delivery logs. Auto-disable on failure.