← Back
EspañolEnglish

Privacy Policy

Effective date: 5/11/2026 | Last updated: 5/11/2026

1. Data controller

This policy applies to personal data processing by Ayuda CRM and its operating affiliates (together, the "Controller") in connection with the use of CRM, landing pages, forms, APIs, automation, and related services.

Privacy contact: privacy@ayuda.app

Mailing address: Corporate address available upon request through our privacy channel.

Phone: Available upon request through our privacy channel.

2. Geographic scope and legal frameworks

This notice is designed for international compliance with emphasis on:

  • European Union / EEA: GDPR and ePrivacy guidance.
  • United States: CCPA/CPRA and equivalent state frameworks where applicable.
  • Mexico: LFPDPPP and its regulations.
  • Latin America: habeas data principles and equivalent access/correction/deletion rights.

3. Personal data we process

  • Identifiers: name, email, phone, company, job title, online identifiers.
  • Usage data: navigation events, pages viewed, interactions with forms and campaigns.
  • Commercial data: conversation history, pipeline stages, operational notes.
  • Technical data: approximate IP, device, browser, time zone, security logs.
  • Billing and transactional data when you purchase paid services.

4. Purposes and legal bases

  • Provide and operate the Service (contract performance).
  • Security, fraud prevention, and operational continuity (legitimate interest).
  • Analytics, product improvement, and campaign measurement (legitimate interest and/or consent depending on region).
  • Marketing and commercial communications (consent where required by law).
  • Legal, tax, and regulatory compliance (legal obligation).

5. Cookies, pixels, and similar technologies

We use strictly necessary, functional, analytics, and advertising/measurement cookies. Where applicable law requires it, we obtain prior consent for non-essential categories and provide mechanisms to reject, withdraw, or adjust preferences.

If no dedicated cookie policy link is provided, this section applies supplementally across all Service domains.

For US residents, we honor compatible privacy preference signals (including Global Privacy Control where applicable) consistent with state requirements.

6. Disclosure and international transfers

We may share data with vendors acting as processors (hosting, analytics, messaging, payments, support) under processing agreements and appropriate security measures.

Where international transfers occur, we implement appropriate safeguards (for example, standard contractual clauses or equivalent measures) and risk assessments where required.

7. Retention and security

We retain data only as long as needed for legitimate purposes and legal obligations, applying minimization, access controls, encryption in transit and at rest where applicable, monitoring, and reasonable organizational and technical security measures.

8. Data subject rights

Depending on your jurisdiction, you may exercise:

  • Access to your data and information about processing.
  • Rectification of inaccurate or incomplete data.
  • Erasure/deletion of data where applicable.
  • Objection or restriction of processing where legally permitted.
  • Data portability where applicable.
  • Withdrawal of consent without retroactive effect.
  • Non-discrimination for exercising privacy rights (US where applicable).

In Mexico, these rights include ARCO rights and revocation under LFPDPPP. You may submit requests by email at privacy@ayuda.app.

9. EU/EEA-specific rights (GDPR)

  • Legal basis and transparency for each purpose.
  • Right to lodge a complaint with a competent supervisory authority.
  • Ability to request copies of safeguards for international transfers.
  • Right to object to automated decisions where legally provided.

10. US-specific rights (CCPA/CPRA and state laws)

  • Know categories and specific pieces of personal information collected.
  • Request correction and deletion of personal information.
  • Opt-out of sale or sharing of personal information, where applicable.
  • Limit use of sensitive personal information, where applicable.
  • Non-discrimination for exercising privacy rights.

11. Children

Our services are not intentionally directed to children where prohibited by law. If we learn that children’s data is processed without a valid legal basis, we will take reasonable steps to delete it.

12. Changes to this policy

We may update this policy for regulatory, functional, or security reasons. We will publish the current version with an updated date. For materially relevant changes, we will provide notice as required by applicable law.

13. Google and Microsoft integrations (OAuth and APIs)

When you connect third-party accounts in the application, personal data processing may include information those providers make available through permissions you explicitly authorize. This section supplements the preceding sections and describes minimization and limited-use practices for those integrations.

13.1 Google (Calendar, Gmail, Search Console)

Depending on features enabled by your organization, the Service may request Google permissions to: sync appointments and availability with Google Calendar; create, update, or cancel events associated with appointments; send transactional appointment emails (confirmations, reminders, reschedules, or cancellations) via Gmail on behalf of the connected user; and, if enabled, read Search Console performance data for verified sites for SEO and content improvement.

The Service uses data obtained from Google APIs only to provide or improve user-facing features corresponding to those permissions; we do not sell Google user data or use it for third-party personalized advertising unrelated to the Service. Tokens and credentials are stored using appropriate safeguards (for example, encryption at rest where applicable), and users may revoke access from application settings or their Google account.

Use of Google user data complies with the Google API Services User Data Policy (Limited Use). Reference: Google API Services User Data Policy.

13.2 Microsoft (Outlook / Microsoft 365 and calendar)

If you connect a Microsoft account, the Service may use Microsoft Graph permissions to send transactional emails and sync calendars or events, as shown on Microsoft’s consent screen and your organization’s configuration. Data is processed to operate those features and maintain service security; you may disconnect in the app or manage permissions from your Microsoft account.

13.3 Responsibility among providers

Google and Microsoft are independent controllers for processing they perform under their own privacy notices. The Controller for processing through the Service is identified in Section 1 of this document; OAuth connections are performed to execute instructions from the user or the Customer using the platform.

14. Terms and legal channels

See the Terms and Conditions of Use published in this application.

For privacy requests, rights, audits, or regulatory questions, privacy@ayuda.app.