Cubitro Flow 2.0 is live — think ChatGPT, but it's your CRM.
Privacy
Cubitro is a CRM. To do that job we store what you and your team put into it. Nothing here is sold, traded, or used to train models you don’t control.
// last updated · June 17, 2026
Cubitro is a service operated by Tomjar Invest AB, a Swedish company registered with org. number 559317-2520. When this policy says “we,” that’s us. We are the data controller for your account data and the data processor for everything you put into your workspace.
Your name, work email, password hash, and the workspace(s) you belong to. Basic billing details if you’re on a paid plan. We log sign-ins and security events so we can keep the account safe.
Contacts, companies, deals, notes, voice captures, files, and anything else you save inside Cubitro. This is yours. We store and process it so the product works , search, sync, AI capture, exports.
Anonymous usage events (page views, feature usage, error traces) to find bugs and understand what to build next. No ad networks, no third-party trackers, no fingerprinting.
Authenticate you, render your workspace, sync devices, send transactional email (receipts, password resets, security alerts).
Aggregated, de-identified usage stats. Your CRM records are never used to train public AI models. AI features run on per-request prompts and don’t teach the underlying model anything about you.
Sell your data. Rent it. Share it with advertisers. Read your workspace content for any purpose other than running the product or responding to a support request you opened.
Primary data storage and databases are hosted within the European Union (Ireland). Static assets and edge delivery are distributed through a global network that includes EU nodes, so your data is served from locations close to you. All infrastructure vendors are bound by data-processing agreements compliant with GDPR.
Transactional email (password resets, receipts, security alerts), error monitoring, and payment processing. Each vendor is vetted for GDPR compliance and processes data only on our instructions. Email privacy@cubitro.com for the current subprocessor list.
Under GDPR you can ask for a copy of your data, correct it, or have it deleted. You can delete your account directly from Settings inside the dashboard, that wipes your workspace from production systems and queues backups for deletion on their normal cycle.
If you think we’ve mishandled your data you can complain to the Swedish Authority for Privacy Protection (IMY) or your local EU data-protection authority.
Workspace content lives as long as your account does. After deletion it’s removed from production within 30 days and from backups within 90. Invoices and other records we’re legally required to keep (Swedish bookkeeping law) are retained for the statutory period.
Data is encrypted in transit (TLS) and at rest. Passwords are hashed. Access to production is limited to engineers who need it and is audited. We’ll tell you without delay if a breach affects your data.
Privacy questions, data requests, or anything that feels off: privacy@cubitro.com. A person on the team will answer.