KM CRM

← crm.kivimedia.co

Privacy Policy

Last updated: 2026-04-27

KM CRM ("we", "our", the "Service") is operated by Kivi Media. This Privacy Policy explains what information we collect when you use KM CRM, how we use it, how we protect it, and the choices you have.

1. Who we are

KM CRM is a multi-brand customer relationship management platform built for balloon decor studios. Studio owners and their staff use KM CRM to manage clients, projects, proposals, contracts, invoices, calendars, and email communication across one or more brands. Each brand's data is isolated from every other brand in the system.

2. Information we collect

2.1 Account information

  • Your name and email address, used for authentication.
  • The brand or brands you are a member of, and your role within each (super_admin, owner, admin, full_access, or team_member).
  • The CRM data you create inside KM CRM: contacts, projects, proposals, invoices, contracts, tasks, notes, calendar events, and email threads.

2.2 Data from connected third-party platforms

When you connect a third-party platform such as a Google Workspace account, we store:

  • An encrypted OAuth access token and refresh token issued to KM CRM by Google for the account you connected. Tokens are stored in our database and used only to call the Google APIs you have authorised.
  • Metadata about the connected account: the Google account email, granted scopes, token expiry.
  • Email and calendar content fetched from Google to populate the CRM views described in Section 4. This data is scoped to the brand the connection belongs to and is visible only to members of that brand.

2.3 Audit logs

Significant write actions inside KM CRM (creating or updating projects, sending proposals, applying labels, creating calendar events, etc.) are recorded with the user who initiated them, the time, and what was changed. This is part of the Service's safety and accountability model.

2.4 Usage and technical data

We log standard web server information (IP address, user agent, timestamps) to debug, prevent abuse, and secure the Service. We do not sell this data.

3. How we use your information

  • To provide the Service: authenticate you, show your CRM data, sync email and calendar from connected Google accounts, and perform the actions you initiate (sending a proposal, drafting a reply, creating a calendar event for a booked project).
  • To operate and improve the Service: debug errors, prevent abuse, monitor performance.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell your data. We do not use Google user data for advertising, audience targeting, or to train, fine-tune, or evaluate any AI or machine learning model.

4. Multi-tenant data isolation

KM CRM serves multiple independent balloon decor brands from a single database. Each row of CRM data is tagged with a brand_id and protected by Postgres row-level security policies. Members of one brand cannot read or write data belonging to any other brand. A user may belong to more than one brand; in that case they switch between brands explicitly and their active brand determines what they can see.

4b. Google platform data - specific commitments

When you connect a Google account to KM CRM, we request access to specific Google APIs that power features inside the product. The scopes, data flow, retention, and usage rules below apply.

4b.1 Scopes we request and why

  • Gmail (read-only) (https://www.googleapis.com/auth/gmail.readonly) - used to read messages from the inbox of the connected Gmail account so KM CRM can match them to existing CRM contacts and threads, and so the AI lead-extraction feature can parse the message body to detect new client enquiries (event date, location, budget, contact details). We read message metadata (From, To, Cc, Subject, Date, Message-ID, In-Reply-To, thread id) and the message body (plain text and HTML parts). We do not read attachments unless a future feature explicitly requires them, in which case this policy will be updated first.
  • Gmail (modify) (https://www.googleapis.com/auth/gmail.modify) - used to apply labels to organise messages inside Gmail (for example, marking a thread as belonging to a specific KM CRM project), and to create draft replies that a user has explicitly composed inside KM CRM. We never send, forward, archive, trash, or delete messages on your behalf. Drafts are only ever created; sending a draft requires the user to open Gmail and click Send, or to explicitly approve sending from inside KM CRM in a future feature that will be announced separately.
  • Google Calendar (https://www.googleapis.com/auth/calendar) - used to read events from the connected calendar so they appear in the KM CRM calendar view, and to create or update calendar events when a user books a client meeting or schedules a project event through the CRM. The calendar event mirrors the CRM project (title, location, start and end times, notes) and is updated when the project changes. We only ever write events that the user explicitly asks the CRM to schedule.

4b.2 What we store

  • Encrypted OAuth access and refresh tokens issued to KM CRM by Google for the account you connected, persisted in the integration_configs table scoped to the brand that authorised the connection.
  • Account metadata: Google account email, granted scopes, token expiry, and a Gmail history cursor used for incremental sync.
  • Email content needed for the CRM: parsed message headers, plain text and HTML bodies, and a stable Gmail message id to prevent duplicate ingestion. These rows live in the emails table scoped to the connected brand.
  • Calendar content needed for the CRM: event title, description, location, start and end times, and the Google event id linking back to the source event. These rows live in the calendar_events table scoped to the connected brand.

4b.3 What we never do

  • We do not sell, rent, or share Google user data with third parties beyond the processors strictly required to deliver the Service (see Section 6).
  • We do not use Google user data for advertising or audience targeting.
  • We do not use Google user data to train, fine-tune, or evaluate any generalised AI or machine learning model. AI processing is limited to the lead-extraction feature, which runs against a single message at a time and produces structured data (contact name, event date, budget) shown only inside the originating brand's CRM.
  • We do not send, forward, archive, trash, or delete Gmail messages on your behalf. Gmail write access is limited to applying labels and creating drafts.
  • We do not read or modify any Google data outside the scopes listed above.

4b.4 Disconnect and deletion

You can revoke KM CRM's access to your Google account at any time from myaccount.google.com/permissions, or from the Integrations area inside KM CRM (Settings → Integrations → Google → Disconnect). When you disconnect, we revoke the stored tokens, stop making any further calls on your behalf, and begin deletion of stored Google data as described in Section 8.

5. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies on KM CRM.

6. Processors and sub-processors

We use the following processors to deliver the Service. Each is bound by contract to protect your data:

  • Supabase - database, authentication, and file storage hosting (US region).
  • Vercel - application hosting.
  • Hetzner - background worker VPS hosting (EU region).
  • Anthropic - large language model provider, used for the in-product chatbot and the lead-extraction feature that parses inbound emails into structured CRM records. Anthropic is contractually prohibited from training models on customer content.
  • Resend - transactional email delivery for proposals, invoices, and notifications sent from KM CRM.
  • Stripe - payment processing for invoices and proposals where the brand has enabled online payment.

7. Data retention

CRM data and audit logs are retained for the duration of your brand's active subscription, plus 90 days. After that, we archive and then delete them within 30 days. You can delete specific contacts, projects, emails, or calendar events from the UI at any time.

8. Deleting your data

You can delete your data at any time by any of these means:

  • Disconnect Google inside KM CRM: Settings → Integrations → Google → Disconnect. Stops all Google API calls immediately and revokes our access tokens. Cached email and calendar data is purged within 30 days.
  • Revoke KM CRM from your Google Account: myaccount.google.com/permissions → KM CRM → Remove access. Our tokens are invalidated immediately and we begin deletion of stored Google data.
  • Delete CRM records from inside the app: individual contacts, projects, emails, and calendar events have a Delete action in the UI.
  • Email us: ziv@kivimedia.co with subject "KM CRM data deletion request". We will confirm receipt within 7 days and complete deletion within 30 days.

9. Security

  • TLS for all traffic in and out of the Service.
  • Encrypted OAuth tokens at rest.
  • Row-level security in our database - users can read only their own brand's data.
  • Secrets (API keys, tokens, service-role credentials) are never exposed to the browser or to logs.

10. International transfers

KM CRM is operated from Israel with infrastructure in the EU and US. By using the Service you consent to your data being processed in these regions.

11. Children

KM CRM is a B2B tool for balloon decor studios. The Service is not directed to children under 16 and we do not knowingly collect data from them.

12. Changes

We may update this policy. Material changes will be announced inside the app and/or by email to brand owners.

13. Contact

Questions or requests: ziv@kivimedia.co
Kivi Media, Israel.