← Back to VynexCRM

Privacy Policy

Last updated: February 15, 2026

VynexCRM ("we", "us", "our") is operated by Kyrnich & Co. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at vynexcrm.com.

1. Data Controller & Processor Roles

VynexCRM acts as a data processor on behalf of our customers (workspace owners), who are the data controllers for end-user contact data processed through our platform. For data we collect directly from our users (account holders), we act as the data controller.

2. Information We Collect

Account Information

• Name, email address, and password (hashed) when you register
• Workspace name and configuration
• Two-factor authentication data (if enabled)

Contact Data (Processed on Behalf of Customers)

• Contact names, email addresses, phone numbers
• Messaging conversation content (Telegram, WhatsApp, Messenger, Instagram)
• Custom fields defined by workspace owners
• Lead and deal information

Technical Data

• IP address, browser type, device information
• Usage logs and session data
• Cookies (session cookies for authentication only)

3. How We Use Your Information

• To provide and maintain the VynexCRM service
• To authenticate your identity and manage your account
• To process messaging conversations on behalf of workspace owners
• To send service-related communications (password resets, security alerts)
• To comply with legal obligations

4. Legal Basis for Processing (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the service you signed up for
• Legitimate interest (Art. 6(1)(f)): Service improvement, security, fraud prevention
• Legal obligation (Art. 6(1)(c)): Compliance with applicable laws
• Consent (Art. 6(1)(a)): Where explicitly obtained (e.g., marketing communications)

5. Data Encryption & Security

We take data security seriously:

• All personal data (emails, phone numbers) is encrypted at rest using AES-256 via Rails Active Record Encryption
• Channel credentials and API tokens are encrypted
• Passwords are hashed using bcrypt
• All connections use TLS/HTTPS
• Multi-tenant data isolation ensures workspace data is strictly separated
• Session-based authentication with CSRF protection
• Rate limiting on authentication endpoints

6. Data Retention

We retain personal data only as long as necessary:

• Account data: Retained while your account is active; deleted upon account deletion
• Contact data: Retained per workspace owner's configuration (default: 3 years for messages in closed conversations)
• Audit logs: Retained for 1 year (configurable)
• Technical logs: Retained for 90 days

Workspace owners can configure custom retention periods in workspace settings.

7. Your Rights (GDPR)

If you are an EU/EEA resident, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Data portability — receive your data in a structured format (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7)

For contact data managed by workspace owners, please direct requests to the workspace owner (data controller). For your account data, contact us at privacy@vynexcrm.com.

8. Sub-Processors

We use the following sub-processors:

• DigitalOcean — Cloud hosting (infrastructure)
• Telegram Bot API — Messaging channel integration
• Meta (WhatsApp Business API, Messenger, Instagram) — Messaging channel integration

9. International Data Transfers

Our servers are hosted by DigitalOcean. Data may be processed in jurisdictions outside the EU/EEA. Where applicable, we rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework to ensure adequate protection.

10. Cookies

We use only essential session cookies for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

11. Children's Privacy

VynexCRM is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

13. Contact Us

For privacy-related inquiries:

• Email: privacy@vynexcrm.com
• Company: Kyrnich & Co