Privacy policy

Last updated: July 4, 2026

This policy explains what data Abrelio ("we", "us") collects when you use abrelio.com and the Abrelio application, why we collect it, and the choices you have. The short version: we collect what we need to run a CRM for you, we never sell your data, and your customer records belong to you.

1. Data we collect

Account data. When you sign up we collect your name, email address, password (stored as a salted hash — we can't read it), company name, and preferred language. If you sign in with Google, we receive your name, email, and avatar from Google and never see your Google password.

Customer data you add. Contacts, leads, deals, companies, notes, tasks, documents, quotes, and invoices your team stores in Abrelio. For this data we act as a processor: you are the controller and decide what goes in and when it leaves.

Connected services. If you connect an email account (Gmail or Outlook), we sync the messages needed to show conversations next to your contacts. If you connect Meta lead forms, we receive the leads those forms generate. You can disconnect either at any time in Settings.

Billing data. Payments are processed by Stripe. We never see or store full card numbers — we keep only the subscription status, plan, and invoice history Stripe shares with us.

Usage and device data. Standard server logs (IP address, browser, timestamps) and product events (for example, "user created a deal") that help us keep the service secure and improve it. We do not run third-party advertising trackers.

2. How we use data

We use data to provide and secure the service, sync the integrations you enable, process subscription payments, answer support requests, send transactional emails (invites, password resets, billing receipts), and understand aggregate product usage. We do not sell personal data, and we do not use your CRM records to train advertising profiles or marketing audiences.

3. Legal bases

Where the GDPR applies, we process account and billing data to perform our contract with you, usage data under our legitimate interest in running a secure and reliable service, and optional communications with your consent, which you can withdraw at any time.

4. Subprocessors

We share data only with the vendors that host and power Abrelio, under data processing agreements: Amazon Web Services (hosting and databases), Stripe (payments), and our transactional email provider for system emails. If you enable the relevant integrations, data also flows to or from Google (email sync and sign-in) and Meta (lead forms) at your direction. We disclose data to authorities only when legally required, and we tell you when the law allows it.

5. Data retention and deletion

Your data stays in your workspace while your account is active. If you cancel, your workspace data is retained for 30 days so you can change your mind or export, then permanently deleted from production systems, with encrypted backups expiring within a further 35 days. You can also request immediate deletion on our contact page.

6. Your rights

You can access, correct, export, or delete your personal data. Exports to CSV are available on every plan, including Free, directly from the app. Depending on where you live (for example under the GDPR or CCPA), you may also have the right to object to or restrict certain processing and to lodge a complaint with your local data protection authority. To exercise any right, contact us — we respond within 30 days.

7. Security

All traffic is encrypted in transit with TLS, and data is encrypted at rest. Workspaces are isolated per tenant, access is role-based, and every sign-in can be protected with SSO. Our team's access to production data is limited, logged, and used only to operate the service or help you when you ask.

8. Cookies

We use only the cookies needed to keep you signed in and remember preferences like language and theme. No third-party advertising cookies run on abrelio.com or in the app.

9. Children

Abrelio is a business tool and is not directed at children under 16. We do not knowingly collect data from them.

10. Changes to this policy

If we make material changes, we will notify workspace admins by email and post the updated policy here at least 14 days before it takes effect.

11. Contact

Questions or requests about this policy? Write to privacy@abrelio.com or use our contact page.