CRM Data & Security Policy

Introduction

Sofilytics provides a CRM and marketing automation platform (“Platform”) that may integrate with external services (such as email, calendars, and other applications). This CRM Data & Security Policy explains how we handle data when users connect third-party accounts via OAuth2 authentication.

Information We Collect via OAuth2

When you authorize Sofilytics to connect with a third-party service, we may collect:

  • OAuth2 Access Tokens issued by the provider (e.g., Google or Microsoft), which allow secure access without storing your password.
  • Basic Account Information (such as name, email address, or account ID), as authorized by you.
  • Authorized Data (such as emails, calendar events, contacts, or tasks) — but only to the extent you explicitly grant permission.

We never request or store your third-party login credentials.

How We Use This Information

OAuth2 information is used solely to:

  • Provide the features you enable (e.g., syncing email, contacts, or events).
  • Maintain secure connectivity with your external accounts.
  • Troubleshoot issues and improve Platform functionality.

We do not use connected account data for advertising or marketing.

Data Storage & Security

  • Access tokens and user data are encrypted in transit and at rest.
  • Tokens are refreshed automatically when supported.
  • Revoked or expired tokens are deleted from our systems.
  • We apply industry-standard security measures, including access controls, monitoring, and periodic audits.

Sharing of Information

We do not sell or share OAuth2 tokens or connected account data. Data may only be shared:

  • With trusted service providers who help operate our Platform (bound by confidentiality obligations).
  • As required by law or regulation.

User Control

You can:

  • Disconnect integrations at any time within your Sofilytics account settings.
  • Revoke access directly with the third-party provider (e.g., Google Security Settings).
  • Request deletion of all OAuth2-related data we hold by contacting us.

Data Retention

OAuth2 tokens and related data are retained only as long as needed to provide CRM services. Once revoked or deleted, they are permanently removed from our systems.

Children’s Privacy

The Sofilytics Platform is not directed to children under 16, and we do not knowingly collect personal data from children.

Contact Us

If you have questions about this CRM Data & Security Policy, please contact us via our Contact Form.

For details about our marketing website data practices, please see our Website Privacy Policy.