ioworkiowork

Privacy Policy

Last updated: April 1, 2026

1. Introduction

iowork SAS ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data when you use iowork ("the Service").

We are established in France and comply with the EU General Data Protection Regulation (GDPR) and applicable French data protection laws.

2. Data Controller

iowork SAS
Contact: privacy@iowork.io

3. Data We Collect

3.1 Account Data

When you register, we collect your name, email address, and authentication credentials (managed by Clerk, our authentication provider).

3.2 CRM Data

Data you input into the Service: contacts, properties, deals, activities, reminders, documents, and notes. This data belongs to you and is processed solely to provide the Service.

3.3 Usage Data

We collect analytics data including page views, feature usage, and performance metrics to improve the Service. This data is aggregated and does not identify individual CRM records.

3.4 Telegram Data

If you connect a Telegram bot, we process messages sent to and from the bot to provide CRM functionality. Message content is used solely for executing CRM operations and is not shared with third parties.

4. Legal Basis for Processing

  • Contract performance: Processing CRM data to provide the Service you subscribed to.
  • Legitimate interest: Usage analytics to improve the Service; security monitoring.
  • Consent: Marketing communications (opt-in only).

5. How We Use Your Data

  • Provide, maintain, and improve the Service
  • Process AI features (lead scoring, property matching, description generation)
  • Send transactional notifications (deal updates, reminders)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

6. AI Processing

We use third-party AI services (including Anthropic Claude and OpenAI) to power AI features. Your CRM data may be sent to these services for processing. AI providers process data under strict data processing agreements and do not use your data to train their models.

7. Data Sharing

We share data only with:

  • Clerk: Authentication and user management
  • Convex: Database hosting (EU region)
  • Vercel: Application hosting
  • AI providers: As described in section 6
  • Stripe: Payment processing (if applicable)

We do not sell your data. We do not share CRM data with other users outside your agency.

8. Data Storage and Security

  • Data is hosted in the EU (Convex EU region)
  • All data is encrypted in transit (TLS) and at rest
  • Access is controlled via Clerk authentication
  • Agency data is isolated — agents in one agency cannot access another agency's data

9. Data Retention

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Data deleted within 30 days of account closure
  • Backups: Removed within 90 days

10. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest

To exercise these rights, either email privacy@iowork.io or use our data-subject request form. We will respond within 30 days. If you hold an agent account, you can also export your data and schedule account deletion from Settings › Privacy.

11. Cookies

We use essential cookies for authentication (Clerk session cookies) and optional analytics cookies. You can manage cookie preferences in your browser settings.

12. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

14. Contact and Complaints

For privacy inquiries: privacy@iowork.io

You also have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.