Back

Legal

Privacy Policy

Last updated: June 19, 2026

TL;DR — Quick summary

We only collect data necessary to operate the service. We do not sell your data. You can delete it at any time. We use Supabase as our infrastructure provider.

1. Data Controller

The controller of your personal data is Aporia CRM (hereinafter: "Controller"). For matters related to data protection, you can contact us at: privacy@aporia-crm.com.

2. What Data We Collect

A Account Data

Full name, email address, encrypted password — required to create and manage your account.

B Business Data

Data you enter into the CRM system: leads, projects, notes, contacts. This data belongs to you and is processed solely for the purpose of providing the service.

C Technical Data

IP address, browser type, operating system, session time and date — collected automatically for security and optimization purposes.

3. Legal Basis for Processing

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing necessary to provide the CRM service.
  • Legitimate interest (Art. 6(1)(f) GDPR) — system security, abuse prevention.
  • Consent (Art. 6(1)(a) GDPR) — analytical and marketing cookies (if you have given consent).

4. How Long We Retain Data

We retain account data for the duration of the agreement (active account) and for 30 days after termination, allowing account recovery. After that period, data is permanently deleted.

Technical data (logs) is retained for 90 days for security purposes.

5. Your Rights

Access to data

You can request a copy of your data at any time.

Rectification

You can correct inaccurate or incomplete data.

Erasure

Right to be forgotten — we will delete your data upon request.

Restriction of processing

You can request restriction of processing of your data.

Data portability

You can receive your data in a machine-readable format (JSON/CSV).

Objection

You can object to processing based on legitimate interest.

To exercise your rights, contact us: privacy@aporia-crm.com. You also have the right to lodge a complaint with your local data protection authority.

6. Third Parties

We use the following trusted providers:

Supabase

Database infrastructure and authentication. Data stored in the EU.

Policy →

Cloudflare

CDN, DDoS protection, and DNS. Processes network traffic metadata.

Policy →

7. Changes to This Policy

We reserve the right to modify this Privacy Policy. We will notify you of significant changes via email or an in-app notification at least 14 days in advance.

© 2026 Aporia CRM

Cookie PolicyTerms of ServiceHome