Privacy Policy

This Privacy Policy describes how KeyBot CRM (“KeyBot”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you visit our website, use our software and services (the “Service”), or interact with us as a prospective customer.

We publish this policy at a public URL so it is easy to find, including from product experiences that connect to third-party platforms such as Meta and Shopify. If you do not agree with this policy, please do not use the Service.

This policy applies to: (a) visitors to our marketing website; (b) administrators and end users of customer accounts who log in to the Service; and (c) individuals whose information appears in customer conversations or records processed through the Service (for example, a shopper messaging a brand).

Customers who use the Service to manage their own contacts are responsible for providing appropriate notices to their end users and for lawfully collecting and using data in accordance with their own privacy policies and applicable law.

Account and identity data: name, email address, organization name, role, authentication identifiers, and profile details provided through our authentication provider (Clerk) or entered in the Service.

Service usage and device data: IP address, approximate location derived from IP, browser type, device identifiers, pages viewed, diagnostics, timestamps, and similar technical information needed to operate and secure the Service.

Customer content and communications: messages, attachments, conversation metadata, internal notes, tags, assignments, and other content submitted to or generated in the Service in connection with customer support and sales workflows.

Integrations and third-party platform data: when you connect third-party services (such as Meta products including WhatsApp, Instagram, and Facebook messaging, or Shopify), we process information made available through those integrations as instructed by your account and as permitted by the integration. This may include platform user IDs, page or catalog identifiers, message payloads, and product or order information needed to provide inbox, automation, and catalog-backed features.

Payment and billing data: if you purchase paid plans, our payment processors may collect billing details; we typically receive limited payment metadata rather than full card numbers.

Support and sales communications: information you provide when you contact us, join a waitlist, or request a demo.

We use personal information to provide, maintain, and improve the Service; authenticate users; route conversations and enable collaboration; connect and synchronize integrations you enable; provide customer support; detect, prevent, and respond to abuse, fraud, and security incidents; analyze usage in aggregate to improve reliability and product quality; comply with law; and communicate with you about the Service, including transactional messages and (where permitted) product updates.

Where we rely on consent (for example, certain marketing communications or optional analytics), you may withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal, where applicable law provides that right.

Where GDPR or similar laws apply, we process personal data on one or more of the following bases: performance of a contract with you; our legitimate interests that are not overridden by your rights (such as securing the Service and improving reliability); compliance with legal obligations; and consent where required.

We share personal information with service providers who process data on our behalf to host infrastructure, provide authentication, deliver email, monitor reliability, process payments, and support the Service. Examples include cloud hosting/database providers (such as Supabase), our authentication vendor (Clerk), and communication/infrastructure vendors.

We share information with third-party platforms when you enable integrations (such as Meta or Shopify) as necessary to make those integrations work and as directed by your configuration.

We may disclose information if we believe disclosure is required by law, legal process, or governmental request; to protect the rights, safety, and security of KeyBot, our customers, and the public; or in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information as “sale” is commonly defined in U.S. state privacy laws, and we do not share personal information for cross-context behavioral advertising solely as a result of providing the Service.

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods can vary based on the nature of the data, your account status, and legal requirements. Customers may request deletion subject to the “Your privacy rights and data deletion” section below and any lawful exceptions (for example, records we must retain for security or compliance).

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we encourage customers to use strong authentication and to limit access within their organizations.

We may process and store information in countries other than the country where you reside. Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses approved by relevant regulators, in addition to technical and organizational measures.

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, or to data portability. You may also have the right to lodge a complaint with a supervisory authority.

To exercise rights, contact us at info@keybot-crm.com. We may need to verify your request. If you are an end user of a brand that uses KeyBot CRM, we may need to route your request through that brand’s administrator when we act as a processor on their behalf.

If you used a Meta-related login or connected Meta channels, you can also manage certain data settings through Meta and revoke app permissions in your Meta settings. If you want us to delete personal data obtained from Meta in connection with our app integration, email info@keybot-crm.com with the subject line “Meta data deletion request” and include enough detail for us to locate your account or conversation context. We will process requests in accordance with applicable law and Meta’s developer obligations.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, contact us and we will take appropriate steps.

We and our service providers may use cookies, local storage, and similar technologies for authentication, security, preferences, and to understand how the Service is used. You can control cookies through your browser settings; disabling certain cookies may limit functionality.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we will provide additional notice as required by law.

Questions about this Privacy Policy or our privacy practices: info@keybot-crm.com.