Privacy Policy
Last updated: 3 July 2026
1. Who we are
NovaCRM ("NovaCRM", "we", "us", or "our") provides a no-code CRM builder that lets businesses design their own customer relationship management system. This policy explains what personal data we collect, why, and what rights you have over it. It applies to visitors of our website, users of our application ("account holders"), and, where relevant, the individuals whose data account holders store inside the CRMs they build ("end customers").
NovaCRM is operated by Ethen Beyer, trading as NovaCRM, a sole trader based in England and Wales at 19 Saint Johns Road, East Grinstead. If you have questions about this policy, contact us at hello@novacrm.uk.
2. What data we collect
We collect the following categories of data:
- Account data: name, email address, password (hashed, never stored in plain text), and profile image if you sign in with Google or Microsoft.
- Workspace data: the organisations, objects, fields, records, views, automations, and dashboards you create inside NovaCRM — including any customer or business data you choose to store there.
- Billing data: your subscription plan and payment history. Card details are collected and processed directly by Stripe; we never see or store your full card number.
- Usage data: log data such as IP address, browser type, pages visited, and timestamps, used for security, rate-limiting, and diagnosing faults.
- Content you submit to AI features: if you use the AI CRM Builder, the business description you type is sent to our AI provider (Anthropic) to generate a CRM structure. We do not send your existing customer records to the AI provider as part of this feature.
Where you use NovaCRM to store data about your own customers (an "end customer"), you — not NovaCRM — are the data controller for that data, and NovaCRM acts as a data processor on your instructions. You are responsible for having a lawful basis to collect and store that data and for honouring any rights requests your end customers make to you directly.
3. How we use your data
- To provide, maintain, and secure the NovaCRM service.
- To process payments and manage subscriptions via Stripe.
- To send essential account emails (email verification, password reset, automation notifications you configure).
- To respond to support requests.
- To detect, prevent, and investigate fraud, abuse, or security incidents.
- To improve the product, in aggregated or anonymised form wherever possible.
We do not sell your personal data, and we do not use your workspace data to train AI models.
4. Legal basis for processing (UK/EU GDPR)
Where UK GDPR or EU GDPR applies, we rely on the following legal bases:
- Contract: processing necessary to provide the service you signed up for.
- Legitimate interests: securing our systems, preventing abuse, and improving the product.
- Consent: where you opt in to non-essential communications.
- Legal obligation: where we must retain records for tax, accounting, or law enforcement purposes.
5. Who we share data with
We share data with a small number of sub-processors strictly to operate the service. Each is bound by a data processing agreement:
- Stripe — payment processing and subscription billing.
- Anthropic — powers the AI CRM Builder feature.
- Our hosting and database providers — infrastructure that stores and serves your data.
- Our transactional email provider — delivers verification, password reset, and automation emails.
We do not share your data with advertisers. If you connect a third-party integration (for example, an outbound webhook you configure), data will flow to the destination you specify — that sharing is controlled and initiated by you.
We may disclose data if required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets, in which case we will notify affected users.
6. International data transfers
Your data may be processed in countries outside your own, including the United States, by the sub-processors listed above. Where we transfer personal data outside the UK or EEA, we rely on adequacy decisions or Standard Contractual Clauses to ensure your data remains protected to UK/EU standards.
7. Data retention
We retain account and workspace data for as long as your account is active. If you delete an object, field, or record inside NovaCRM, it is removed from our production database; backups are retained for a limited period (typically 30 days) before being purged. If you close your account, we delete your workspace data within 90 days, except where we must retain billing records for legal or tax purposes.
8. Security
We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, hashed passwords, role-based access controls within each workspace, and audit logging of sensitive account actions. No system is 100% secure, and we cannot guarantee absolute security of data transmitted to us.
9. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to or restrict certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local data protection authority (in the UK, the ICO).
To exercise any of these rights, email hello@novacrm.uk. We will respond within one month, as required by law.
10. Cookies
We use strictly necessary cookies to keep you signed in and to remember your light/dark mode preference. We do not currently use analytics or advertising cookies. If this changes, we will update this policy and request consent where required.
11. Children's privacy
NovaCRM is intended for business use and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify account holders by email or via an in-app notice before the changes take effect.
13. Contact us
Questions about this policy or how we handle your data? Email hello@novacrm.uk.