1. Scope and roles
When we provide our public website and marketing, we act as a data controller. When our customers use SalesOS to process personal data about their own contacts and users, we act as a data processor on their behalf; that customer is the controller of the data in their Workspace and is responsible for its lawful use.
2. Personal data we process
- Account data — name, work email, company, role, and authentication details of users we register.
- Customer Data — information customers submit to their Workspace, which may include contact details, deal and communication records, documents, and activity.
- Usage and device data — log data, IP address, browser type, and interactions, used to operate and secure the Service.
- Enquiry data — information you provide when you request a demo or contact us, such as name, email, and message.
3. How we use personal data and legal bases
- To provide, maintain, and secure the Service — on the basis of performance of a contract and our legitimate interests.
- To respond to demo requests and enquiries — on the basis of steps taken at your request prior to a contract, and our legitimate interests.
- To improve and troubleshoot the Service, and to prevent fraud and abuse — on the basis of our legitimate interests.
- To comply with legal obligations, including accounting and tax requirements — on the basis of a legal obligation.
4. Sharing and sub-processors
We share personal data with service providers that help us operate the Service (for example hosting, email delivery, and analytics), and with third-party integrations that a customer chooses to enable using their own accounts and credentials. These providers process data on our or the customer's instructions under appropriate agreements. We do not sell personal data.
5. Google user data and Limited Use
When you connect a Google account (for example Gmail or Google Calendar), SalesOS accesses your Google user data only to provide the features you enable — synchronizing and sending email from your own address, logging activity, and reading and writing calendar events for availability, bookings, and Google Meet links. You choose which connections to enable and can disconnect them at any time.
SalesOS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, and we do not sell it or transfer it to third parties except as needed to provide these features, comply with the law, or as part of a merger or acquisition.
6. International transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
7. Data retention
We retain personal data for as long as needed to provide the Service and for legitimate business or legal purposes. Customer Data is retained according to the customer's configuration and instructions; on termination it is deleted after a reasonable period unless retention is required by law.
8. Your rights
Subject to applicable law, you have the right to:
- access, rectify, or erase your personal data;
- restrict or object to processing;
- data portability;
- withdraw consent where processing is based on consent;
- lodge a complaint with a supervisory authority — in Romania, the National Supervisory Authority for Personal Data Processing (ANSPDCP).
If your data is held within a customer's Workspace, please direct your request to that customer as the controller; we will assist them as required.
9. Security
We implement appropriate technical and organizational measures to protect personal data, including tenant isolation, access controls, encryption in transit, and audit logging. No method of transmission or storage is completely secure, but we work to protect your data and to address incidents promptly.
10. Cookies
Our website and application use strictly necessary cookies to provide authentication and core functionality. Where we use non-essential cookies, we do so in accordance with applicable law.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date and, where appropriate, provide additional notice.
12. Contact us
For any privacy question or to exercise your rights, contact contact@codesilk.com, or write to CODESILK S.R.L., Str. Drum Pădurea Neagră, nr. 1-17, Municipiul București, Romania.