Privacy Policy

Who we are

SkrubCRM is a CRM health monitoring service based in Washington State, United States. We are not affiliated with, endorsed by, or connected to HubSpot, Inc. or Salesforce, Inc.

Contact us at support@skrubcrm.com or by mail at: SkrubCRM, [Your Street Address], [City], WA [ZIP], United States.

Note: Replace the bracketed address above with your real registered business address before publishing. A physical mailing address is required under CAN-SPAM (15 U.S.C. § 7704) for every commercial email we send.

Who this service is for

SkrubCRM is intended for adults who own or administer business CRM accounts. This service is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. This is consistent with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501).

What we collect

When you sign up, we collect:

• Your name and email address
• Your CRM API key or access credentials
• Your Stripe customer ID (created when you subscribe)

When we run your weekly scan, we temporarily process CRM data (contacts, deals) to generate your report. We do not store the raw CRM data. We scan it, generate a summary, and discard it within the same process. Only the summary statistics — counts of ghost leads, dead deals, and duplicates — are saved to our database as part of your scan history.

We do not collect payment card numbers, bank account details, or any financial information beyond a Stripe customer ID. All payment data is handled directly by Stripe.

How we use your data

• To run your weekly CRM health scan
• To send your weekly report email and account notifications
• To manage your subscription via Stripe
• To contact you about your account if needed

We do not sell your data. We do not share it with third parties for advertising or marketing purposes.

How we protect your data

• Your CRM API key is encrypted at rest in our database using Supabase's built-in AES-256 encryption
• All connections to our service use HTTPS/TLS encryption in transit
• Your API key is never written to application logs, error messages, or any output accessible to our team
• We use Row Level Security on our database — your data is inaccessible without the server-side service key, which is stored only in our hosting environment
• The AI service we use (Anthropic) receives only anonymised scan statistics — counts of issues found — to generate your plain-English report. It never receives contact names, email addresses, or deal details from your CRM

Data breach notification

In the event of a security breach that compromises your personal data, we will notify you by email within 30 days of discovering the breach. Our notification will describe what data was affected, what we have done to contain it, and what steps you can take to protect yourself.

This is consistent with Washington State's data breach notification law (RCW 19.255.010) and applicable federal requirements.

Email communications

We send two types of email: transactional emails (account confirmations, password resets) and weekly scan report emails. Every commercial email we send includes:

• A clear identification of who sent the email
• Our physical mailing address
• A working unsubscribe mechanism

We will honour any unsubscribe request within 10 business days, as required by the CAN-SPAM Act (15 U.S.C. § 7704). Once you unsubscribe from marketing emails, we will not send further commercial email to that address, though we may still send essential account notifications.

Third-party services

We use the following services to operate SkrubCRM:

• Supabase — database and infrastructure (supabase.com/privacy)
• Stripe — payment processing. Stripe's privacy policy governs how they handle your payment data (stripe.com/privacy)
• Resend — email delivery (resend.com/legal/privacy-policy)
• Anthropic — AI-generated report text. We send only anonymised scan statistics (counts of issues, no contact names or emails) to generate your plain-English summary (anthropic.com/privacy)
• Vercel — web hosting (vercel.com/legal/privacy-policy)

Your CRM data

We access your CRM using the API key you provide. By default, we request only read access. The auto-fix feature (merging duplicate contacts) requires write access and is opt-in only — we will never modify your CRM data without your explicit consent.

We only read the minimum data needed to run your scan: contact records and deal records. We do not read email content, file attachments, or any data outside of those CRM objects.

Your rights

Regardless of where you are located, you can at any time:

• Access your data — email us and we will send you a copy of everything we hold about you
• Correct inaccurate data — email us and we will update any inaccurate information we hold
• Delete your account — email us at support@skrubcrm.com and we will delete your account and all associated data within 7 days
• Unsubscribe from emails — use the unsubscribe link in any email we send, or reply with “unsubscribe”
• Cancel your subscription — cancel at any time, no questions asked

Washington State residents have additional rights under the Washington Privacy Act (RCW 19.373) and the Washington Consumer Protection Act (RCW 19.86), including the right to opt out of the sale of personal data (we do not sell data), the right to appeal a decision we make about your data rights request, and protections against unfair or deceptive practices. To exercise any of these rights, contact us at support@skrubcrm.com. We will respond within 45 days as required by law.

Data retention

We keep your account data for as long as your subscription is active. When you cancel, we retain scan history logs for 90 days then delete them. If you request deletion, we delete all data within 7 days.

Changes to this policy

If we make material changes to how we handle your data, we will email you at least 14 days before the changes take effect. The “last updated” date at the top of this page will always reflect the most recent version.

Contact and complaints

Questions about this policy: support@skrubcrm.com

Washington State residents who believe their consumer protection rights have been violated may also contact the Washington State Attorney General's Consumer Protection Division at 1-800-551-4636 or atg.wa.gov/consumer-protection.