Cubitro Flow 2.0 is live think ChatGPT, but it's your CRM.

Privacy

Your data, on a short leash.

Cubitro is a CRM. To do that job we store what you and your team put into it. Nothing here is sold, traded, or used to train models you don’t control.

// last updated · June 17, 2026

01 · who we are

The company behind Cubitro

Cubitro is a service operated by Tomjar Invest AB, a Swedish company registered with org. number 559317-2520. When this policy says “we,” that’s us. We are the data controller for your account data and the data processor for everything you put into your workspace.

02 · what we collect

Account data

Your name, work email, password hash, and the workspace(s) you belong to. Basic billing details if you’re on a paid plan. We log sign-ins and security events so we can keep the account safe.

Workspace content

Contacts, companies, deals, notes, voice captures, files, and anything else you save inside Cubitro. This is yours. We store and process it so the product works , search, sync, AI capture, exports.

Product telemetry

Anonymous usage events (page views, feature usage, error traces) to find bugs and understand what to build next. No ad networks, no third-party trackers, no fingerprinting.

03 · how we use it

To run the product

Authenticate you, render your workspace, sync devices, send transactional email (receipts, password resets, security alerts).

To improve the product

Aggregated, de-identified usage stats. Your CRM records are never used to train public AI models. AI features run on per-request prompts and don’t teach the underlying model anything about you.

What we never do

Sell your data. Rent it. Share it with advertisers. Read your workspace content for any purpose other than running the product or responding to a support request you opened.

04 · hosting & subprocessors

Where your data lives

Primary data storage and databases are hosted within the European Union (Ireland). Static assets and edge delivery are distributed through a global network that includes EU nodes, so your data is served from locations close to you. All infrastructure vendors are bound by data-processing agreements compliant with GDPR.

Other services that touch the data

Transactional email (password resets, receipts, security alerts), error monitoring, and payment processing. Each vendor is vetted for GDPR compliance and processes data only on our instructions. Email privacy@cubitro.com for the current subprocessor list.

05 · your rights

Access, export, delete

Under GDPR you can ask for a copy of your data, correct it, or have it deleted. You can delete your account directly from Settings inside the dashboard, that wipes your workspace from production systems and queues backups for deletion on their normal cycle.

Complain

If you think we’ve mishandled your data you can complain to the Swedish Authority for Privacy Protection (IMY) or your local EU data-protection authority.

06 · retention

How long we keep things

Workspace content lives as long as your account does. After deletion it’s removed from production within 30 days and from backups within 90. Invoices and other records we’re legally required to keep (Swedish bookkeeping law) are retained for the statutory period.

07 · security

The basics, done properly

Data is encrypted in transit (TLS) and at rest. Passwords are hashed. Access to production is limited to engineers who need it and is audited. We’ll tell you without delay if a breach affects your data.

08 · contact

Talk to a human

Privacy questions, data requests, or anything that feels off: privacy@cubitro.com. A person on the team will answer.