Legal

Privacy Policy

Last updated: 2026-06-11 · Controller / Developer: ROCKETECH.IT (“ROCKETECH”) · Application: Touchpoint Planner for Bitrix24 (“the App”)

1. Scope

This policy explains what data the App processes when installed on a Bitrix24 portal and how it is handled.

2. Data we process

• OAuth tokens (access + refresh) and portal identifiers (member_id, domain, application token) — required to call the Bitrix24 REST API on your behalf.
• Touch-point metadata we create: the CRM activity id it references, owner type/id, our type code, result note, follow-up chain links, responsible id and deadline date (denormalized from CRM), timestamps.
• Settings: enabled entities, default follow-up interval, time zone, notification preferences, and which users may see the whole team.
• Feedback (optional): a message and, if you provide it, an email address, submitted via the in-app feedback widget.

The App does not copy your full CRM database. CRM records (lead/deal/contact/company details) are read live from Bitrix24 at render time using your user’s permissions and are not stored by the App beyond the metadata above.

3. Where data is stored

App data is stored in Supabase (PostgreSQL) hosted in the Singapore (ap-southeast-1) region, with row-level security enabled and access restricted to the App’s server using a service key. The App is hosted on Railway over HTTPS/SSL.

4. How we use data

Solely to operate the App’s features for your portal: rendering the board, creating/moving/completing touch-points, sending the daily IM digest, producing reports, and improving the product based on feedback you choose to send. We do not sell your data or use it for advertising.

5. Sub-processors

• Supabase (database hosting)
• Railway (application hosting)
• Bitrix24 (the CRM platform you connect)

6. Retention and deletion

Tokens and App metadata are retained while the App is installed. On uninstall, all of your portal’s tokens and metadata are permanently deleted from our database (cascading delete keyed on the portal). You may also request deletion via the contact below.

7. Security

RLS deny-all by default, server-only service keys, short-lived in-memory app sessions (no cookies), no tokens in URLs or logs, and TLS in transit.

8. Your rights

Depending on your jurisdiction (e.g., GDPR), you may have rights to access, correct, or delete your data, and to object to or restrict processing. Contact us to exercise these rights.

9. Changes

We may update this policy; changes are reflected by the “Last updated” date.

10. Contact

ROCKETECH.IT — info@rocketech.it

---

← Back to support & documents