Last Updated: May 11, 2026
CRMLynk ("CRMLynk," "we," "us," or "our") provides managed OAuth integration services through our websites, applications, APIs, and related products and services (collectively, the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Platform.
By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.
We may collect the following categories of Personal Information:
We may collect non-personal information including browser type, operating system, IP address, referring URLs, and usage patterns through standard web server logs.
Our Platform acts as an OAuth token broker between third-party providers (including Google, Microsoft, Meta, and Zoom) and subscriber deployments. During this process:
The following provider integrations are supported. Data accessed through these integrations is handled exclusively by the subscriber's deployment:
We use collected information to:
Google API Services Compliance: CRMLynk's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We do NOT retain Personal Information to develop, improve, or train generalized artificial intelligence or machine learning models, including user data provided via third-party APIs, including but not limited to Google Workspace APIs.
We do NOT use information received from Google APIs to:
If you choose to connect a YouTube or Google account through the Platform, this connection uses YouTube's API Services, and the Google Privacy Policy will apply to you.
If you have authorized us to access your information via YouTube API Services, in addition to our normal procedure for deleting stored data, you may revoke our access to your data via the Google Security Settings page.
If you choose to connect a Microsoft account through the Platform, this connection uses the Microsoft identity platform and Microsoft Graph API. The Microsoft Privacy Statement will apply to you.
CRMLynk accesses Microsoft data solely to facilitate the integration between Microsoft services (Outlook, Calendar, Contacts, OneDrive) and subscriber platform deployments. We do not store, retain, or independently process Microsoft user data. CRMLynk's use of Microsoft Graph API data complies with the Microsoft APIs Terms of Use. You may revoke access at any time through your Microsoft Account Permissions page.
If you choose to connect a Facebook or Instagram account through the Platform, this connection uses Meta's Graph API and related platform APIs. The Meta Privacy Policy applies to your use of Facebook and Instagram services.
CRMLynk facilitates the following Meta integrations on behalf of subscriber platform deployments:
CRMLynk may receive webhook notifications from Meta containing message content, user identifiers, and Page activity data. This data is routed to the appropriate subscriber deployment in transit and is not persisted by CRMLynk.
Data Deletion: You may request deletion of any Facebook or Instagram data associated with your use of the Platform by contacting us at [email protected]. CRMLynk also provides a Data Deletion Request callback endpoint to Meta. When Meta processes a user's data deletion request, CRMLynk will propagate the deletion to all affected subscriber deployments and return a confirmation code. You may also remove CRMLynk's access through your Facebook Business Integrations settings.
If you choose to connect a Zoom account through the Platform, this connection uses Zoom's OAuth and REST APIs. The Zoom Privacy Policy applies to your use of Zoom services.
CRMLynk facilitates the following Zoom integrations on behalf of subscriber platform deployments:
CRMLynk may receive webhook notifications from Zoom containing meeting event data and user identifiers. This data is routed to the appropriate subscriber deployment in transit and is not persisted by CRMLynk.
Deauthorization: When a user uninstalls or disconnects CRMLynk from their Zoom account, Zoom notifies CRMLynk via a deauthorization webhook. CRMLynk will propagate the deauthorization to the affected subscriber deployment and confirm data handling compliance with Zoom. You may also revoke access through your Zoom Installed Apps page.
CRMLynk's use of Zoom API data complies with the Zoom Marketplace Developer Agreement.
CRMLynk receives webhook notifications from third-party providers (Meta, Zoom, and others) and routes them to the appropriate subscriber deployment. During this routing process:
We implement industry-standard security measures to protect your information, including:
For additional detail, see our Security Policy and Data Retention Policy, available on request from [email protected].
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
In the event of a confirmed security incident affecting Personal Information CRMLynk processes, we will notify affected subscribers without undue delay and, where feasible, within 72 hours of becoming aware of the incident. The notification will include the nature and scope of the incident, the categories of data involved, the steps we are taking to contain and remediate the incident, and any actions affected parties should take. Subscribers are responsible for coordinating downstream notification to their own end users in accordance with applicable law.
Suspected incidents may be reported to [email protected] with the subject line "Security Incident".
We do not sell, rent, or trade your Personal Information. We may share your information only in the following circumstances:
We do NOT share your phone number or text messaging opt-in consent with third parties unless we have received your express written consent to do so. All categories described above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of text messaging services.
We retain Personal Information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
You may request deletion of your Personal Information at any time by contacting us at [email protected]. Upon receiving a verified deletion request, we will delete or de-identify your data within 30 days, except where retention is required by law.
When a subscriber's account is deactivated or terminated, we will delete associated deployment and account data within 30 days.
The CRMLynk Platform (the OAuth proxy service at auth.crmlynk.com) does not use cookies, web beacons, or similar tracking technologies. Our proxy infrastructure processes requests statelessly and does not set cookies on end-user browsers.
Our marketing and documentation website at crmlynk.com uses Google Analytics 4 (gtag.js, measurement ID G-QK59J4J3GT) for aggregate, non-personal traffic measurement. Google Analytics may set first-party cookies and collect IP addresses, browser metadata, and page-view paths. We use this data only to understand how visitors use the marketing site and to improve our content. We have configured Google Analytics with IP anonymization where supported.
We do NOT use:
On your first visit to crmlynk.com, you will see a consent banner asking whether to enable Google Analytics. Google Analytics is not loaded until you click "Accept." If you click "Reject analytics," the Google Analytics script is not loaded at all and no analytics cookies are set. Your choice is stored in your browser's local storage under the key crmlynk-consent and persists across visits on the same browser.
To change your choice later, click the "Cookie settings" link in the page footer, or clear the crmlynk-consent entry from your browser's local storage. You can also opt out at the browser level using the Google Analytics Opt-out Browser Add-on. Opting out does not affect your ability to use the Platform.
The Platform is not directed at individuals under the age of 16. We do not knowingly collect Personal Information from children under 16. If we become aware that we have collected Personal Information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with Personal Information, please contact us at [email protected].
The Platform may contain links to or integrations with third-party websites and services, including but not limited to Google, Microsoft, Meta (Facebook, Instagram), and Zoom. This Privacy Policy applies only to CRMLynk. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party service you interact with.
Our Platform does not currently respond to "Do Not Track" signals. We do not engage in cross-site tracking of our users.
Depending on your location, you may have the following rights regarding your Personal Information:
To exercise any of these rights, contact us at [email protected]. We will respond to requests within 30 days (or as required by applicable law).
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the following additional provisions apply:
Data Controller and Processor: CRMLynk is the Data Controller of Personal Information collected through the Platform (such as account and billing information). With respect to data processed on behalf of our subscribers through the integration services, CRMLynk acts as a Data Processor.
Legal Bases for Processing: We process Personal Information under the following legal bases:
International Transfers: Your data may be transferred to and processed in the United States. We rely on appropriate safeguards for such transfers, including Standard Contractual Clauses approved by the European Commission.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.
CRMLynk adheres to the principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the EEA, UK, and Switzerland to the United States.
CRMLynk commits to resolve complaints about our collection or use of your Personal Information. Individuals with inquiries or complaints should first contact us at [email protected]. We will respond within 45 days. If we are unable to resolve the matter directly, you may submit your complaint to JAMS (jamsadr.com/DPF-Dispute-Resolution) as an independent recourse mechanism, at no cost to you.
CRMLynk is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). In certain circumstances, you may invoke binding arbitration through the Data Privacy Framework Panel.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your Personal Information.
| Category | Collected | Disclosed | Sold |
|---|---|---|---|
| Identifiers (name, email, IP address) | Yes | Yes (service providers) | No |
| Commercial information (subscription history) | Yes | Yes (payment processor) | No |
| Internet or network activity (usage logs) | Yes | No | No |
| Geolocation data (approximate, from IP) | Yes | No | No |
| Inferences (usage patterns) | Yes | No | No |
| Sensitive Personal Information | No | No | No |
Your Rights: You have the right to know, delete, correct, and opt-out of the sale of your Personal Information. We do not sell Personal Information. To exercise your rights, contact [email protected].
We will not discriminate against you for exercising your CCPA rights.
If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) provides you with rights to access, correct, delete, and obtain a copy of your Personal Information. You also have the right to opt out of the processing of your data for targeted advertising, sale, or profiling. We do not engage in any of these activities.
To exercise your rights, contact [email protected]. If we decline your request, you may appeal by contacting us at the same address.
If you are a Colorado resident, the Colorado Privacy Act (CPA) provides you with rights to access, correct, delete, and obtain a portable copy of your Personal Information. You may opt out of targeted advertising, sale, or profiling. We do not engage in any of these activities.
To exercise your rights, contact [email protected].
If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) provides you with rights similar to those described in the Virginia and Colorado sections above. To exercise your rights, contact [email protected].
If you are a Utah resident, the Utah Consumer Privacy Act (UCPA) provides you with rights to access and delete your Personal Information, and to opt out of the sale of your data or targeted advertising. We do not sell data or engage in targeted advertising. To exercise your rights, contact [email protected].
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of the Platform after changes constitutes acceptance of the revised policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
CRMLynk
Email: [email protected]
Phone: (804) 617-9811
Mail: CRMLynk, Glen Allen, Virginia, United States
For data protection inquiries from EEA/UK residents, please use the email address above with "GDPR Request" in the subject line.