Last updated: March 31, 2026
CRM Health Scanner ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at crmhealthscanner.com ("the Service"). By using the Service, you consent to the practices described in this policy.
We collect the following categories of information:
Account Information: When you connect your HubSpot account via OAuth, we receive and store your HubSpot portal ID, access token, and refresh token. If you provide your email address for weekly reports, we store that as well.
CRM Data (Read-Only): When you initiate a scan, we temporarily access your HubSpot contact data to analyze data quality. This includes contact fields such as email addresses, phone numbers, company names, job titles, and location information. We use this data solely to generate your data health score and revenue impact estimate.
Scan Results: We store aggregated scan results including your overall score, grade, total contacts, and counts of missing or duplicate fields. We do not store individual contact records after the scan is complete.
Usage Data: We collect standard usage analytics through Vercel Analytics, including page views, device type, and general location. This data is anonymized and used to improve the Service.
We use the collected information to: (a) perform CRM data quality scans and generate health scores; (b) calculate estimated revenue impact based on industry benchmarks; (c) provide data cleanup services if you subscribe to a paid plan; (d) send weekly health report emails if you opt in; (e) generate white-label PDF reports for agency accounts; (f) improve and maintain the Service; and (g) communicate with you about your account and the Service.
We take the handling of your HubSpot data seriously:
Read-Only by Default: Free scans use read-only access. We never modify your HubSpot data without your explicit consent and action.
Temporary Processing: Contact data is accessed in real-time during a scan and is not permanently stored. Only aggregated scores and statistics are retained.
OAuth Security: We use HubSpot's official OAuth 2.0 protocol for authentication. We never ask for or store your HubSpot password.
Token Storage: OAuth access and refresh tokens are stored securely in our database and are used solely to maintain your connection to HubSpot. Tokens are automatically refreshed as needed and are deleted when you disconnect your account.
Your data is stored in Supabase (PostgreSQL) with row-level security enabled. All data is transmitted over HTTPS. We implement industry-standard security measures to protect your information from unauthorized access, alteration, or destruction. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.
We do not sell, rent, or trade your personal information or CRM data to third parties. We may share data only in the following circumstances:
Service Providers: We use third-party services to operate the Service, including Vercel (hosting), Supabase (database), Resend (email delivery), and PayPal (payment processing). These providers have access only to the data necessary to perform their functions and are bound by their own privacy policies.
Agency Accounts: If your HubSpot portal is connected by an agency using our agency dashboard, the agency will have access to your portal's scan results, scores, and generated reports. The agency is responsible for obtaining your authorization before connecting your portal.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request.
We retain your account information and scan history for as long as your account is active. If you disconnect your HubSpot account or request account deletion, we will delete your data within 30 days. Aggregated, anonymized analytics data may be retained indefinitely for the purpose of improving the Service.
You have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) disconnect your HubSpot account at any time; (e) opt out of weekly report emails at any time; and (f) request a copy of your data in a portable format. To exercise any of these rights, contact us at karan@crmhealthscanner.com.
We use essential cookies to maintain your session and authentication state. We use Vercel Analytics for anonymized usage tracking. We do not use advertising cookies or share cookie data with third parties. Our live chat widget (Tawk.to) may set its own cookies as described in their privacy policy.
The Service is operated from Australia. If you access the Service from outside Australia, your data may be transferred to and processed in countries where our service providers operate, including the United States. By using the Service, you consent to such transfers.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or our data practices, please contact us at karan@crmhealthscanner.com.