Legal

Privacy Policy

We designed ShadowCRM so we'd have as little of your data as possible. Here's exactly what little we do have.

Effective date: 1 March 2026ShadowCRM GmbH · Düsseldorf, Germany

The short version

Your client data never leaves your device during normal use. We have no access to it, we don't want access to it, and the architecture is designed so we couldn't access it even if we tried. This policy describes the minimal information we do collect — and why.

What we collect

Purchase & billing
If you upgrade to Pro, our payment processor (Paddle) handles billing. We receive a transaction ID and your email for license delivery. We do not store card details.
Crash reports (opt-in)
If you opt in, crash logs are sent anonymously on app crash. These contain stack traces and system info — never contact data, never anything from your CRM database.
Encrypted backup (opt-in)
If you enable cloud backup, an AES-256 encrypted blob is stored on our servers. We hold no decryption key. The data is opaque to us.

What we never collect

  • Your contacts, notes, deals, or any CRM data
  • Usage patterns or in-app behaviour
  • Device identifiers or fingerprints
  • IP addresses in normal use
  • Any data when running fully offline

Data storage & retention

Billing records are retained for 7 years as required by German tax law. Crash reports (if you opt in) are deleted after 30 days. Encrypted backup blobs are deleted immediately upon account deletion or manual request.

Your rights (GDPR)

You have the right to access, correct, or delete any personal data we hold. Because we hold almost none, most requests resolve in minutes. Contact us at privacy@shadowcrm.app and we will respond within 72 hours.

Third parties

Paddle
Payment processing. Subject to Paddle's privacy policy. No client CRM data is involved.
Hetzner (Germany)
Encrypted backup storage. Servers located in Germany, subject to EU data protection law. Data is encrypted before upload — Hetzner cannot read it.

Changes to this policy

If we make material changes, we will notify Pro users by email and publish the updated policy with a changelog. The effective date is shown below.

Questions about this policy?
Email us at privacy@shadowcrm.app. We aim to respond within 72 hours. For security concerns, see our Security page.
privacy@shadowcrm.app