← Back to home

Privacy Policy

Last updated: December 26, 2025

CRM Canvas ("we", "us", or "our") respects your privacy. This policy explains what data we collect and how we use it.

What We Collect

Email Address

When you join our waitlist, we collect your email address. That's it. We don't collect your name, company, or any other personal information unless you provide it voluntarily.

Analytics Data

We use Google Analytics to understand how visitors use our website. This collects anonymous data like pages visited, time on site, and general location (country/city level). This data is aggregated and cannot identify you personally.

How We Use Your Data

  • Send you product updates and launch announcements
  • Notify you about early access and founder pricing
  • Occasionally share relevant content (blog posts, guides)
  • Improve our website based on aggregate analytics

We will never sell your email address or share it with third parties for their marketing purposes.

Third-Party Services

We use the following services to operate:

Your Rights

You can:

  • Unsubscribe — Click the unsubscribe link in any email
  • Delete your data — Email us and we'll remove you completely
  • Access your data — Email us and we'll tell you what we have

Cookies

Google Analytics uses cookies to track website usage. These are small files stored in your browser. You can disable cookies in your browser settings, though this may affect functionality on some websites.

Data Security

Your email is stored securely by ConvertKit, which uses industry-standard encryption and security practices. Our website is served over HTTPS.

HubSpot Integration Security

When you connect your HubSpot account to CRM Canvas, we use OAuth 2.0 authentication — the industry standard for secure API access.

How OAuth Works

  • We never see your password. You authenticate directly with HubSpot's login page.
  • Limited permissions. We only request read access to contacts, companies, and deals.
  • Revocable access. You can disconnect CRM Canvas from HubSpot at any time.

Permissions We Request

  • crm.objects.contacts.read — View contact names and emails
  • crm.objects.companies.read — View company information
  • crm.objects.deals.read — View deal associations

We cannot create, update, or delete any records in your HubSpot. Read-only means read-only.

Token Security

  • OAuth tokens are encrypted with AES-256 before storage
  • Access tokens expire every 30 minutes and are automatically refreshed
  • Tokens are immediately deleted when you disconnect your HubSpot account

CRM Data Handling

Your CRM data is processed to generate relationship maps, but we do not store your CRM data.

  • Contact and company data is fetched on-demand from HubSpot
  • Data is processed in memory to generate your diagram
  • CRM data is discarded after processing — not saved to any database
  • Only the generated diagram image is stored (so you can access it later)

Encryption Standards

  • In Transit: TLS 1.3 encryption for all API communications
  • At Rest: AES-256 encryption for stored OAuth tokens
  • HTTPS: All website and API traffic is encrypted

GDPR & CCPA Compliance

We respect data privacy regulations worldwide:

  • Right to Access: Request a copy of any data we hold about you
  • Right to Deletion: Request complete deletion of your account and data
  • Right to Portability: Export your diagrams in standard formats
  • Right to Opt-Out: Disconnect HubSpot or unsubscribe at any time

We respond to all privacy requests within 30 days.

Changes to This Policy

If we make significant changes, we'll update the date at the top of this page. For major changes affecting your data, we'll notify you by email.

Contact

Questions? Email us at hello@crmcanvas.app