Privacy Policy

Last updated: February 10, 2026

Introduction

GrayCRM, a division of Eighty Eight Services LLC ("we", "us", "our"), operates the GrayCRM service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and subdomain
  • Password (encrypted)
  • Billing information (processed securely by Stripe)

Customer Data

You control what contact information you store in GrayCRM. This may include:

  • Contact names, email addresses, phone numbers
  • Custom attributes and tags you define
  • Notes and interaction history
  • Any other data you choose to import or enter

Usage Information

We automatically collect information about how you use the Service:

  • API usage logs and request metadata
  • Browser type, IP address, device information
  • Pages visited and features used
  • Session duration and interaction patterns

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and send related information
  • Send administrative information, updates, and security alerts
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following situations:

Service Providers

We use third-party service providers to help us operate the Service:

  • Heroku: Cloud hosting and infrastructure
  • Amazon SES: Transactional email delivery
  • Stripe: Payment processing
  • Honeybadger: Error monitoring and performance tracking

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You can request deletion of your account and data at any time.

After account deletion, we will delete your personal information within 30 days, except where we are required to retain certain data for legal or accounting purposes.

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Data encryption in transit (TLS/SSL) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection and security
  • Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

GDPR Rights (European Union)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing

CCPA Rights (California)

  • Know: Request disclosure of data collected about you
  • Delete: Request deletion of your data
  • Opt-out: Opt-out of sale of personal information (we don't sell data)
  • Non-discrimination: Not be discriminated against for exercising your rights

To exercise any of these rights, please contact us at privacy@graycrm.io.

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service and hold certain information:

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: Help us understand how users interact with the Service
  • Preference cookies: Remember your settings (e.g., dark mode preference)

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We will also notify you via email or a prominent notice within the Service prior to the change becoming effective.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: privacy@graycrm.io

Company: Eighty Eight Services LLC (GrayCRM Division)

Website: https://graycrm.io