We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyze website traffic. By clicking “Accept,” you agree to our website's cookie use as described in our Cookie Policy. You can change your cookie settings at any time by clicking “Preferences.”
MigrationCrunch
Legal

Privacy Policy

Last updated: February 16, 2026

This policy explains, in plain English, what data MigrationCrunch and SalesCrunchCRM (the "Service") collect, how we use it, and the choices you have. If anything here is unclear, email privacy@migrationcrunch.com and a human will reply.

1. What we collect

We collect only what we need to run the product:

  • Account data: your name, email address, and password (hashed — we never see it in cleartext).
  • CRM data you import: contacts, notes, activities, and other records you upload or sync from a third-party CRM. This is your business data — we treat it that way.
  • Payment data: handled by Stripe. We see the last 4 digits of your card and a transaction ID, never the full number.
  • Product usage: basic logs (which pages you visit, which features you use) so we can fix bugs and improve the product. No fingerprinting.
  • Support emails: if you email us, we keep the email thread for support history.

We do not collect: location data, biometric data, advertising IDs, or social-network connections.

2. How we use it

Strictly to operate the Service:

  • Authenticate your login.
  • Run migrations and AI note re-association on data you upload.
  • Charge your card (via Stripe) for paid tiers.
  • Send transactional emails (purchase confirmations, password resets, migration completion).
  • Improve the product based on aggregated, anonymized usage patterns.
  • Respond to your support questions.

We do not sell your data. We do not run ads on it. We do not train external AI models on it.

3. Third parties we use (sub-processors)

To deliver the Service we share narrow slices of data with these vendors, each of which has their own privacy commitments:

  • Stripe — payment processing. They see your card details. We don't.
  • OpenAI / Anthropic / Google (via Emergent LLM gateway) — processes the AI features (note extraction, Crunchy assistant). Data sent to these vendors is used only to produce a response for your request and is not used to train their public models per their enterprise terms.
  • Resend — sends transactional emails (receipts, alerts).
  • Emergent (hosting) — the platform that runs our app infrastructure.
  • MongoDB Atlas — our database provider, encrypted at rest.
  • Rewardful (dormant) — affiliate tracking. Only activates if you arrive via an affiliate link. Currently inactive.

4. Where we store it

Data is stored in encrypted MongoDB clusters hosted in the United States. Payment data is held by Stripe in their PCI-compliant systems. Email messages are held by Resend.

5. How long we keep it

  • Account + CRM data: as long as your account is active, plus 30 days after you delete it (to handle accidental deletes and final invoices).
  • Payment records: 7 years (US tax + accounting requirements).
  • Server logs: 90 days.
  • AI inputs sent to LLM vendors: not stored by us after the response is returned; subject to each vendor's own retention windows (typically 30 days or less).

6. Your rights

Wherever you live, you can:

  • Export your data — request a copy any time.
  • Delete your account and all associated data.
  • Correct any inaccurate data we hold about you.
  • Object to processing or restrict it.
  • Opt out of non-essential cookies (the cookie banner on every page lets you choose).

To exercise any of these, email privacy@migrationcrunch.com with the subject line "Privacy request". We aim to respond within 7 days, never more than 30.

EU / UK residents: you also have the right to lodge a complaint with your local data protection authority.
California residents: you have rights under the CCPA/CPRA, including the right to know what we collect and to opt out of any "sale" of personal information (we don't sell any).

7. Cookies

We use a minimal set of cookies:

  • Essential: keep you logged in, remember your preferences. Cannot be disabled while using the app.
  • Analytics (optional): anonymous usage data so we can fix bugs. The cookie banner on every page lets you decline these.

No advertising cookies. No cross-site trackers.

8. Security

We use HTTPS everywhere, bcrypt for password hashing, encryption at rest in the database, and time-limited JWT tokens for authentication. If we discover a security incident that affects your data, we will notify you by email within 72 hours per GDPR requirements.

9. Children

The Service is not for anyone under 16. We don't knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.

10. Changes to this policy

If we materially change this policy, we will update the "Last updated" date at the top of the page and, where required, email account holders before the change takes effect.

11. Contact

Privacy questions: privacy@migrationcrunch.com

General support: chip@migrationcrunch.com

Or use the contact form.

Made with Emergent