Privacy Policy

1. Data Controller

TransferCRM processes personal data as a data controller. For multi-tenant SaaS, each tenant is also a data controller for their customer data.

2. Data We Collect

We collect only the data necessary to provide our service:

• Account data: name, email, company name, password (hashed)
• Business data: orders, clients, drivers, vehicles, routes
• Payment data: processed securely via Stripe (we do not store card numbers)
• Usage data: login times, feature usage, browser type
• Cookies: session cookies (essential), preference cookies (locale, theme)

3. Purpose of Processing

We process data to provide and improve the TransferCRM service, communicate with you about your account, ensure security, and comply with legal obligations.

4. Data Retention

We retain your data for the duration of your subscription plus 90 days. After account deletion, data is permanently removed within 30 days. Backups are purged within 90 days.

5. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data
• Right to data portability — export your data in a standard format
• Right to object — object to certain types of processing

6. Security

We use industry-standard security measures including TLS encryption, hashed passwords, tenant data isolation, role-based access control, and regular security audits.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. You can manage cookie preferences through your browser settings.

8. Contact

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

Email: privacy@transfercrm.com