Last Updated: April 7, 2026
CRMLynk ("CRMLynk," "we," "us," or "our") provides managed OAuth integration services through our websites, applications, APIs, and related products and services (collectively, the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Platform.
By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.
We may collect the following categories of Personal Information:
We may collect non-personal information including browser type, operating system, IP address, referring URLs, and usage patterns through standard web server logs.
Our Platform routes OAuth authentication flows between third-party providers (including Google, Microsoft, Meta, and Zoom) and subscriber deployments. During this process:
The following provider integrations are supported. Data accessed through these integrations is handled exclusively by the subscriber's deployment:
We use collected information to:
Google API Services Compliance: CRMLynk's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We do NOT retain Personal Information to develop, improve, or train generalized artificial intelligence or machine learning models, including user data provided via third-party APIs, including but not limited to Google Workspace APIs.
We do NOT use information received from Google APIs to:
If you choose to connect a YouTube or Google account through the Platform, this connection uses YouTube's API Services, and the Google Privacy Policy will apply to you.
If you have authorized us to access your information via YouTube API Services, in addition to our normal procedure for deleting stored data, you may revoke our access to your data via the Google Security Settings page.
If you choose to connect a Microsoft account through the Platform, this connection uses the Microsoft identity platform and Microsoft Graph API. The Microsoft Privacy Statement will apply to you.
CRMLynk accesses Microsoft data solely to facilitate the integration between Microsoft services (Outlook, Calendar, Contacts, OneDrive) and subscriber platform deployments. We do not store, retain, or independently process Microsoft user data. CRMLynk's use of Microsoft Graph API data complies with the Microsoft APIs Terms of Use. You may revoke access at any time through your Microsoft Account Permissions page.
If you choose to connect a Facebook or Instagram account through the Platform, this connection uses Meta's Graph API and related platform APIs. The Meta Privacy Policy applies to your use of Facebook and Instagram services.
CRMLynk facilitates the following Meta integrations on behalf of subscriber platform deployments:
CRMLynk may receive webhook notifications from Meta containing message content, user identifiers, and Page activity data. This data is routed to the appropriate subscriber deployment in transit and is not persisted by CRMLynk.
Data Deletion: You may request deletion of any Facebook or Instagram data associated with your use of the Platform by contacting us at [email protected]. CRMLynk also provides a Data Deletion Request callback endpoint to Meta. When Meta processes a user's data deletion request, CRMLynk will propagate the deletion to all affected subscriber deployments and return a confirmation code. You may also remove CRMLynk's access through your Facebook Business Integrations settings.
If you choose to connect a Zoom account through the Platform, this connection uses Zoom's OAuth and REST APIs. The Zoom Privacy Policy applies to your use of Zoom services.
CRMLynk facilitates the following Zoom integrations on behalf of subscriber platform deployments:
CRMLynk may receive webhook notifications from Zoom containing meeting event data and user identifiers. This data is routed to the appropriate subscriber deployment in transit and is not persisted by CRMLynk.
Deauthorization: When a user uninstalls or disconnects CRMLynk from their Zoom account, Zoom notifies CRMLynk via a deauthorization webhook. CRMLynk will propagate the deauthorization to the affected subscriber deployment and confirm data handling compliance with Zoom. You may also revoke access through your Zoom Installed Apps page.
CRMLynk's use of Zoom API data complies with the Zoom Marketplace Developer Agreement.
CRMLynk receives webhook notifications from third-party providers (Meta, Zoom, and others) and routes them to the appropriate subscriber deployment. During this routing process:
We implement industry-standard security measures to protect your information, including:
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
We do not sell, rent, or trade your Personal Information. We may share your information only in the following circumstances:
We do NOT share your phone number or text messaging opt-in consent with third parties unless we have received your express written consent to do so. All categories described above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of text messaging services.
We retain Personal Information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
You may request deletion of your Personal Information at any time by contacting us at [email protected]. Upon receiving a verified deletion request, we will delete or de-identify your data within 30 days, except where retention is required by law.
When a subscriber's account is deactivated or terminated, we will delete associated deployment and account data within 30 days.
The CRMLynk Platform (the OAuth proxy service) does not use cookies, web beacons, or similar tracking technologies. Our proxy infrastructure processes requests statelessly and does not set cookies on end-user browsers.
Our marketing website at crmlynk.com may use essential cookies for basic functionality (such as session management). We do not use advertising cookies, analytics tracking pixels, or third-party tracking scripts.
The Platform is not directed at individuals under the age of 16. We do not knowingly collect Personal Information from children under 16. If we become aware that we have collected Personal Information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with Personal Information, please contact us at [email protected].
The Platform may contain links to or integrations with third-party websites and services, including but not limited to Google, Microsoft, Meta (Facebook, Instagram), and Zoom. This Privacy Policy applies only to CRMLynk. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party service you interact with.
Our Platform does not currently respond to "Do Not Track" signals. We do not engage in cross-site tracking of our users.
Depending on your location, you may have the following rights regarding your Personal Information:
To exercise any of these rights, contact us at [email protected]. We will respond to requests within 30 days (or as required by applicable law).
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the following additional provisions apply:
Data Controller and Processor: CRMLynk is the Data Controller of Personal Information collected through the Platform (such as account and billing information). With respect to data processed on behalf of our subscribers through the integration services, CRMLynk acts as a Data Processor.
Legal Bases for Processing: We process Personal Information under the following legal bases:
International Transfers: Your data may be transferred to and processed in the United States. We rely on appropriate safeguards for such transfers, including Standard Contractual Clauses approved by the European Commission.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.
CRMLynk adheres to the principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the EEA, UK, and Switzerland to the United States.
CRMLynk commits to resolve complaints about our collection or use of your Personal Information. Individuals with inquiries or complaints should first contact us at [email protected]. We will respond within 45 days. If we are unable to resolve the matter directly, you may submit your complaint to JAMS (jamsadr.com/DPF-Dispute-Resolution) as an independent recourse mechanism, at no cost to you.
CRMLynk is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). In certain circumstances, you may invoke binding arbitration through the Data Privacy Framework Panel.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your Personal Information.
| Category | Collected | Disclosed | Sold |
|---|---|---|---|
| Identifiers (name, email, IP address) | Yes | Yes (service providers) | No |
| Commercial information (subscription history) | Yes | Yes (payment processor) | No |
| Internet or network activity (usage logs) | Yes | No | No |
| Geolocation data (approximate, from IP) | Yes | No | No |
| Inferences (usage patterns) | Yes | No | No |
| Sensitive Personal Information | No | No | No |
Your Rights: You have the right to know, delete, correct, and opt-out of the sale of your Personal Information. We do not sell Personal Information. To exercise your rights, contact [email protected].
We will not discriminate against you for exercising your CCPA rights.
If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) provides you with rights to access, correct, delete, and obtain a copy of your Personal Information. You also have the right to opt out of the processing of your data for targeted advertising, sale, or profiling. We do not engage in any of these activities.
To exercise your rights, contact [email protected]. If we decline your request, you may appeal by contacting us at the same address.
If you are a Colorado resident, the Colorado Privacy Act (CPA) provides you with rights to access, correct, delete, and obtain a portable copy of your Personal Information. You may opt out of targeted advertising, sale, or profiling. We do not engage in any of these activities.
To exercise your rights, contact [email protected].
If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) provides you with rights similar to those described in the Virginia and Colorado sections above. To exercise your rights, contact [email protected].
If you are a Utah resident, the Utah Consumer Privacy Act (UCPA) provides you with rights to access and delete your Personal Information, and to opt out of the sale of your data or targeted advertising. We do not sell data or engage in targeted advertising. To exercise your rights, contact [email protected].
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of the Platform after changes constitutes acceptance of the revised policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
CRMLynk
Email: [email protected]
Mail: CRMLynk, Virginia, United States
For data protection inquiries from EEA/UK residents, please use the email address above with "GDPR Request" in the subject line.