Privacy Policy

Last updated: June 5, 2026

1. Introduction

At AurixCRM ("we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy outlines how we collect, store, encrypt, and handle your information when you use AurixCRM and its social media scheduling tools.

2. Data We Collect and Retrieve

To provide our service, we retrieve and manage data related to your sales operations and integrated third-party accounts:

  • CRM Records: Lead contact details, status histories, notes, and locations (coordinates/towns).
  • OAuth Profiles: Username, profile names, display name, and avatar URLs from connected platforms (Google/YouTube, LinkedIn, TikTok, Twitter/X, and Meta).
  • Media Files: When you connect a Google Drive link, we access and download the specific media file to publish it to your selected platform(s). We do not store your binary media files in our system after publication.

3. Encryption & Security of Credentials

Your security is our highest priority. All API access tokens, refresh tokens, client secrets, and sensitive integration credentials are encrypted before being saved in our database.

We utilize robust **AES-256-GCM (Galois/Counter Mode)** authenticated encryption with NIST-compliant Initialization Vectors (IVs) to safeguard your connected tokens. This ensures absolute confidentiality and protects your integrations from unauthorized tampering.

4. Third-Party Integrations & Scope Access

When you grant access permissions via OAuth, we only request the specific scopes necessary to execute your commands:

  • Google & YouTube: Google Drive read-only access (to fetch media files) and YouTube video upload permissions.
  • LinkedIn: Profile info and the `w_member_social` permission to post professional updates.
  • TikTok: Basic user info and `video.upload` to post videos directly to your drafts folder.
  • Twitter/X: Read, write, and refresh token access to create tweets and upload media.

You can revoke our access to these platforms at any time directly through the respective platform's security settings or by deleting the integration inside AurixCRM.

5. Sharing of Data

We do not sell, trade, or rent your personal information to third parties. Your data is only shared with third-party service providers (such as Supabase for database hosting, Trigger.dev for background tasks, and Google/Meta/TikTok/LinkedIn/Twitter APIs) to the extent necessary to perform the services you request.

6. Your Rights

You have the right to access, update, correct, or delete your data in AurixCRM. You can disconnect integrations and wipe associated encrypted tokens at any time through the **Integrations** page.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

AurixCRM Security & Compliance Team

Email: [email protected]

Website: aurixcrm.com

© 2026 AurixCRM. All rights reserved.

Go to Dashboard →