Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use Lopodesk.

Quick Summary

We never sell your personal data

Your data is encrypted in transit and at rest

You can export or delete your data anytime

We comply with GDPR and CCPA

1. Information We Collect

1.1 Information You Provide

Account Information

Full name and email address
Password (encrypted)
Company name and phone number (optional)
Profile picture (optional)

Business Data

Leads and prospects information
Contact details of your customers
Notes, tags, and custom fields
Email content and templates
Calendar events and appointments
Pipeline and status configurations

Payment Information

Billing address
Payment method details (processed securely by our payment provider)
Transaction history

1.2 Information Collected Automatically

Usage Data

Pages visited and features used
Time spent on the Service
Click patterns and navigation paths

Device Information

IP address and browser type
Operating system and device identifiers
Screen resolution

1.3 Information from Third Parties

When you use Google Places prospecting, we receive:

Business names and addresses
Phone numbers and website URLs
Business categories and public ratings

2. How We Use Your Information

Service Delivery

Provide, maintain, and improve the CRM platform and all its features.

Personalization

Customize your experience and remember your preferences.

Communication

Send service notifications and respond to support requests.

Security

Protect against unauthorized access and comply with legal obligations.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Purpose	Legal Basis
Service delivery	Performance of contract
Account management	Performance of contract
Security measures	Legitimate interests
Analytics	Legitimate interests
Marketing	Consent
Legal compliance	Legal obligation

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with trusted third-party service providers:

Provider	Purpose
Vercel	Cloud hosting infrastructure
Supabase	Database storage
Resend	Email delivery
Google	Places API for prospecting

We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights.

5. Data Retention

We retain your personal data for as long as necessary:

Data Type	Retention Period
Account data	Duration of account + 30 days
Business data (leads, contacts)	Duration of account + 30 days
Payment records	7 years (legal requirement)
Support communications	3 years
Usage logs	12 months

6. Data Security

We implement robust security measures to protect your data:

Encryption

TLS 1.3 in transit, AES-256 at rest

Access Control

Role-based authentication

Compliance

SOC 2 compliant hosting

7. Your Rights

Depending on your location, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate data

Erasure

Request deletion of your data

Portability

Export your data in machine-readable format

Objection

Object to certain types of processing

Withdraw Consent

Withdraw consent at any time

How to Exercise Your Rights

8. Cookies and Tracking

Types of Cookies We Use

Essential Cookies: Authentication, session management, security
Functional Cookies: Language preferences, UI customizations
Analytics Cookies: Usage statistics, performance monitoring

Managing Cookies

You can manage cookies through your browser settings. Note that disabling essential cookies may affect functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data outside the EEA, we ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with all service providers
Adequacy decisions where applicable

Our primary data processing occurs in the European Union, with certain service providers in the United States.

10. Children's Privacy

Lopodesk is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

Right to Know: Request information about data collection and sharing
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
Right to Non-Discrimination: We won't discriminate for exercising your rights

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date
Sending an email notification
Displaying a notice in the Service

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

General Inquiries

privacy@lopodesk.com

Data Protection Officer

dpo@lopodesk.com

Supervisory Authority (France)

CNIL (Commission Nationale de l'Informatique et des Libertés)
https://www.cnil.fr

By using Lopodesk, you acknowledge that you have read and understood this Privacy Policy.