Privacy policy

This page explains what personal data BRO-CRM collects, why we collect it, and how you can exercise your rights under GDPR / RODO.

Data controller

BRO-CRM is the data controller for the marketing website. For data stored inside a tenant workspace the business owner is the controller and BRO-CRM acts as processor.

What we collect

Account email, encrypted password hash, language preference, business workspace metadata, billing data when a paid plan is active, and minimal server logs for security.

Legal basis

Performance of contract for the SaaS service, legitimate interest for security and abuse prevention, and consent for non-essential analytics.

Your rights

You may request access, rectification, erasure, restriction, portability, and object to processing. Contact us through the email below to exercise any right.

Data retention

Account data is retained for the lifetime of the account plus 30 days after deletion. Billing records are kept for 7 years per Polish tax law. Server logs are rotated after 90 days. Anonymised booking and payment history may be retained longer for business owner reporting.

Cookies and tracking

We use technically necessary cookies for authentication and language preference. With your consent we may collect anonymous usage statistics. You can manage consent at any time via the cookie banner.

Contact

Email: [email protected].