Privacy Policy

1. Introduction

SubstackCRM ("we," "us," or "our") provides a CRM for Substack creators to manage direct messages, score leads, and stay on top of reader relationships. This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use our website and browser extension.

2. Information we collect

We collect information in three ways: information you provide, information synced from Substack, and information collected automatically when you use the service.

• Account information — When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
• Substack data — With your authorization via our browser extension, we sync direct messages, conversation metadata, and related Substack activity needed to power inbox management and lead scoring.
• Usage data — We collect analytics such as pages visited, features used, and error reports to improve the product. This may include device type, browser, and approximate location derived from IP address.

3. How we use your information

We use the information we collect to provide, maintain, and improve SubstackCRM, including:

• Authenticating your account and keeping you signed in
• Syncing and displaying your Substack direct messages
• Scoring and organizing leads based on conversation activity
• Sending product-related emails such as reminders or follow-up notifications you configure
• Analyzing usage patterns to fix bugs and improve features
• Protecting the security and integrity of our service

4. How we share information

We do not sell your personal information. We may share information only in these limited circumstances:

• Service providers — We use trusted third parties to host infrastructure, process analytics, and deliver email. They may access data only to perform services on our behalf.
• Legal requirements — We may disclose information if required by law or to protect the rights, safety, and security of our users and the public.
• Business transfers — If SubstackCRM is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Third-party services

SubstackCRM integrates with services that have their own privacy policies:

• Google — Used for authentication. See Google's Privacy Policy for details on how Google handles your data.
• Substack — We access Substack data you authorize through our extension, subject to Substack's terms and policies.
• PostHog — Used for product analytics to understand how features are used and to diagnose issues.

6. Data retention

We retain your account and synced Substack data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law.

7. Security

We implement technical and organizational measures designed to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, or to object to or restrict certain processing. To make a request, contact us at the email below. You can also stop syncing Substack data at any time by disconnecting or uninstalling the browser extension.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of SubstackCRM after changes take effect constitutes acceptance of the updated policy.

10. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@substackcrm.com.