Legal

Privacy Policy

How we collect, use, and protect your data

Last updated: April 2026

1. Introduction

SalesBob ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM service.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, company name)
  • Customer and contact data you enter into the CRM
  • Payment information (processed securely by Stripe)
  • Usage data and analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions

4. Data Storage and Security

Your data is stored on secure servers located in the European Union. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit using TLS and at rest using industry-standard encryption.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to object to processing

6. Cookies

We use essential cookies to maintain your session and remember your preferences (such as language selection). On our marketing website, we also store a small "sb_consent" cookie (valid for one year) to remember whether you have consented to optional analytics. You can change this choice at any time via the "Cookie preferences" link in the footer, or remove all cookies through your browser settings.

7. Third-Party Services

We use Stripe for payment processing. When you make a payment, your payment information is sent directly to Stripe and is subject to their privacy policy. We do not store your full credit card details on our servers.

8. Microsoft 365 Email Integration

If you choose to connect your Microsoft 365 account for the email sync feature, SalesBob accesses your mailbox through the Microsoft Graph API. This connection is entirely optional and requires your explicit consent.

When email sync is enabled, the following data may be accessed and temporarily stored:

  • Email headers (sender, recipients, subject, date) — stored when you view emails on a deal
  • Email body content — fetched on demand when you open an email, optionally cached for sharing
  • Attachment metadata (filename, size) — downloaded only when you explicitly request it

SalesBob uses an on-demand architecture: emails are not continuously synced. They are searched and fetched from your mailbox only when you view a deal page. You control which emails are pinned (permanently stored) and which are only viewed temporarily.

If you share your emails with team members on a deal, they can see the emails you have pinned to that specific deal. You can revoke sharing at any time.

You can disconnect your Microsoft 365 account at any time via Settings. Disconnecting stops all email access. Previously pinned emails remain stored; header-only records are automatically cleaned up.

Legal basis: Art. 6 (1) (a) GDPR (your explicit consent when connecting your Microsoft account).

9. Google Gmail Integration

If you choose to connect your Google account for the email sync feature, SalesBob accesses your Gmail mailbox through the Gmail API. This connection is entirely optional and requires your explicit consent via Google OAuth.

The same data access principles apply as with Microsoft 365 email integration: emails are searched on demand, headers are stored when you view a deal, body content is fetched only when you open an email, and attachments are downloaded only when you request them. SalesBob requests read-only access to your Gmail (gmail.readonly scope).

You can disconnect your Google account at any time via Settings. You can also revoke access from your Google Account security settings at myaccount.google.com.

Legal basis: Art. 6 (1) (a) GDPR (your explicit consent when connecting your Google account).

10. Cloudflare Turnstile

We use Cloudflare Turnstile to protect our forms from spam and automated access. This service is operated by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.

Turnstile verifies that you are a human visitor without tracking or collecting personal data. The following data may be transmitted to Cloudflare:

  • IP address
  • Browser information
  • Challenge interaction data

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in protecting our website against misuse and spam).

More information: https://www.cloudflare.com/privacypolicy/

11. Web Analytics (Cloudflare)

We use Cloudflare Web Analytics on our public marketing website to understand traffic volume and visitor patterns. This privacy-friendly analytics service is operated by Cloudflare, Inc. and runs without your consent because it is technically necessary to operate the site responsibly and does not identify you.

Cloudflare Web Analytics does not use cookies, does not track users across websites, and does not collect personal data. Only anonymized, aggregate data is collected:

  • Page views and referrer information
  • General browser and device type
  • Country (derived from anonymized IP)

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in improving our website based on usage patterns).

12. Microsoft Clarity (with consent)

On our public-facing pages — the marketing website and our pre-login signup pages (such as /register and /waitlist) — we use Microsoft Clarity, a product analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA. Clarity helps us understand how visitors interact with those pages so we can identify usability issues and improve the experience.

Clarity is loaded only after you click "Accept" in our cookie banner. If you reject or have not yet decided, no Clarity script is loaded and no data is sent to Microsoft. You can revoke your consent at any time via the "Cookie preferences" link in the footer.

When you consent, Clarity may collect the following on our public-facing pages:

  • Session recordings (mouse movement, clicks, scrolls). Form fields and other sensitive content are masked by default.
  • Heatmaps and click maps showing aggregated user behaviour.
  • Technical metadata: page URL, referrer, browser, device type, approximate location (country/city level), truncated IP address.
  • Persistent cookies set by Clarity (such as "_clck" and "_clsk") to recognise returning visitors and group sessions.

Data is transferred to Microsoft and may be processed in the United States under the EU-US Data Privacy Framework (to which Microsoft is certified) and, as an additional safeguard, the EU Standard Contractual Clauses. Microsoft acts as our processor for the analytics we see in the Clarity dashboard, but also as an independent controller for its own purposes — including improving Microsoft products, security and fraud prevention, and Microsoft Advertising. Clarity uses both first-party cookies (set by our domain) and Microsoft's third-party tracking technologies. We never use Clarity on signed-in CRM pages — it runs only on our public-facing marketing and signup pages.

Legal basis: Art. 6 (1) (a) GDPR (your explicit consent given via our cookie banner).

More information about Clarity: https://privacy.microsoft.com/privacystatement

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: help@bob.sale