Privacy Policy

Last updated: March 13, 2026

What We Collect

When you connect your CRM to AuctorOS, we access deal data, contact records, activity history, and pipeline metadata necessary to detect revenue risk and execute interventions. We collect:

• CRM Data: Deal records, contact information, activity logs, pipeline stages, and associated metadata from your connected CRM (HubSpot, Salesforce, Pipedrive, or Zoho).
• Account Information: Your name, email address, company name, and role when you create an account or start a pilot.
• Usage Data: How you interact with AuctorOS — scans run, actions approved, pages visited — to improve the product.

How We Use Your Data

Your data is used exclusively to power AuctorOS for your workspace:

• Risk Detection: Scanning your pipeline for revenue signals like reply latency, champion activity, multi-threading depth, and 9 other signal types.
• Autonomous Actions: Creating tasks, triggering escalations, updating forecasts, and writing risk scores back to your CRM.
• Reporting: Generating weekly impact reports, forecast accuracy metrics, and deal proof chains.
• Product Improvement: Aggregated, anonymized usage patterns to improve detection accuracy. Your deal-level data is never shared or used outside your workspace.

What We Never Do

• We never sell your data to third parties.
• We never share your CRM data with other customers.
• We never use your deal data to train models for other workspaces.
• We never access your CRM outside the scopes you authorize during OAuth connection.
• We never store CRM credentials — we use OAuth tokens with automatic refresh and encrypted storage.

Data Storage & Security

Your data is stored on dedicated infrastructure with the following protections:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256).
• Isolation: Each workspace has isolated data. No cross-tenant access is possible.
• Access Control: Role-based access with admin, manager, and read-only roles. Every action is logged in an immutable audit trail.
• Infrastructure: Hosted on DigitalOcean with firewall rules restricting access to HTTPS and SSH only. Database is not exposed to the internet.

Data Retention

We retain your CRM data for as long as your account is active. When you disconnect your CRM or close your account:

• CRM data is deleted within 30 days of disconnection.
• Audit logs are retained for 90 days for compliance purposes, then deleted.
• Account information is deleted within 30 days of account closure.

Your Rights

You can request at any time:

• Data Export: A full export of all data AuctorOS holds about your workspace, available via the Audit Export feature in the dashboard.
• Data Deletion: Complete removal of all your data from our systems.
• CRM Disconnection: Immediate revocation of CRM access through the Integrations panel.

To exercise any of these rights, email privacy@auctoros.ai or use the in-app controls.

Cookies

AuctorOS uses only essential session cookies to keep you logged in. We do not use tracking cookies, advertising pixels, or third-party analytics that share data with external parties.

Changes

We may update this policy as the product evolves. Material changes will be communicated via email to all active accounts. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Email privacy@auctoros.ai or reach the founder directly at cam@auctoros.ai.