OruCRM
Back to Home

Privacy Policy

Last updated: February 3, 2026

OruCRM ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Password (stored securely using bcrypt hashing)
  • Organization name and details

1.2 Customer Data You Upload

Through our platform, you may upload or sync customer data including:

  • Customer names, email addresses, and phone numbers
  • Transaction history and order details
  • Product information and purchase amounts
  • Custom fields and tags you define
  • Subscription and billing information

1.3 Data from Connected Platforms

When you connect third-party platforms (WooCommerce, Shopify, OnPay, Shoppego, TheBoss, BCL, etc.), we receive:

  • Webhook payloads containing order and customer data
  • Transaction and subscription information
  • Product catalog data

1.4 Usage and Technical Data

We automatically collect:

  • IP addresses and approximate location
  • Browser type and user agent
  • Session information and login timestamps
  • Actions performed within the platform (audit logs)
  • AI query history and conversation context

2. How We Use Your Information

2.1 Providing Our Services

  • Managing your customer database and relationships
  • Processing data imports and webhook synchronization
  • Generating analytics, segments, and reports
  • Powering AI-driven insights and analysis
  • Sending email and WhatsApp broadcast campaigns on your behalf
  • Running automations you configure

2.2 Security and Operations

  • Authenticating users and preventing unauthorized access
  • Monitoring for fraud and abuse
  • Maintaining audit logs for compliance
  • Troubleshooting and improving our services

2.3 Communications

  • Sending service-related notifications
  • Responding to support requests
  • Providing product updates (with opt-out option)

3. Data Storage and Security

3.1 Storage

Your data is stored in PostgreSQL databases. We implement appropriate technical and organizational measures to protect your information.

3.2 Encryption

  • Passwords are hashed using bcrypt with salt
  • Sensitive data (API keys, secrets) encrypted with AES-256-GCM
  • All data transmitted over HTTPS/TLS
  • Encryption keys support versioning for rotation

3.3 Access Controls

  • Role-based access control (Admin, Manager, Analyst, Member, Viewer)
  • JWT-based sessions with 8-hour expiry
  • Automatic session invalidation on password change
  • Email verification required for new accounts

4. Third-Party Services

We use the following third-party services:

4.1 AI Providers

For AI-powered analysis, we may send aggregated or anonymized data to AI providers (OpenAI, Anthropic, Google Gemini, or OpenRouter). We do not send raw personally identifiable information to AI providers.

4.2 Payment Processing

We use Stripe to process payments. Your payment information is handled directly by Stripe and is subject to their privacy policy.

4.3 Messaging Services

WhatsApp Business API is used for WhatsApp campaigns. Message content and recipient information are processed according to Meta's policies.

4.4 Connected E-commerce Platforms

Data from WooCommerce, Shopify, and other platforms you connect is subject to those platforms' respective privacy policies.

5. Data Retention

  • Customer and transaction data: Retained until you delete it or close your account
  • Deleted data: Moved to trash with 30-day recovery period, then permanently deleted
  • Audit logs: Retained indefinitely for security and compliance
  • Webhook logs: Retained for troubleshooting purposes
  • Account data: Retained for 30 days after account closure, then deleted

6. Your Rights

You have the right to:

  • Access: View all data associated with your account
  • Export: Download your data in CSV or Excel format
  • Correct: Update inaccurate information
  • Delete: Remove your data from our systems
  • Close account: Terminate your account and request data deletion

7. Data Sharing

We do not sell your data. We may share information:

  • With service providers who assist in operating our platform
  • When required by law or legal process
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice)

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

9. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect information from children.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@orucrm.com