Privacy Policy

Last updated: April 14, 2026

1. Overview

Rich Contact ("the Plugin") is a plugin for the Crisp platform that automatically creates CRM contact profiles from messaging channel conversations. This Privacy Policy explains how we handle data in connection with the Plugin.

2. Data We Process

When a conversation is initiated through a messaging channel, the Plugin processes the following visitor data provided by the Crisp platform:

Phone number — used to create the contact profile and check for duplicates
Name / Nickname — used to identify the contact
Channel of origin — used to tag the contact (e.g., "whatsapp", "aircall")
Geolocation (optional) — country and city, only if enabled in settings

3. How We Process Data

The Plugin acts as a real-time processor within the Crisp ecosystem:

Data is received from Crisp's real-time messaging API
Data is processed in memory to build a contact profile
The contact profile is written back to your Crisp CRM via the Crisp API
No data is stored, exported, or transmitted outside of the Crisp platform

4. Data Storage

The Plugin does not maintain its own database. All contact data resides exclusively in your Crisp workspace. Settings configured through the Plugin are stored by Crisp as part of your plugin subscription.

5. Data Retention

Since no data is stored by the Plugin, there is no data retention period. Visitor data is processed transiently in memory and discarded after the contact is created. To delete contact data, use the standard Crisp CRM contact management features.

6. Third Parties

The Plugin does not share data with any third parties. The only data flow is between the Crisp platform and the Plugin server, using Crisp's authenticated APIs.

7. Security

The Plugin uses the following security measures:

Authenticated connections to Crisp APIs using plugin tokens
No personal data logged in production (phone numbers and emails are masked)
Rate limiting to prevent abuse
Input validation on all incoming data

8. GDPR Compliance

For users in the European Economic Area (EEA), the Plugin processes personal data under the legitimate interest legal basis (Article 6(1)(f) GDPR) — specifically, the interest of the data controller (you) in maintaining a complete CRM of customer interactions. Since the Plugin does not store data independently, your Crisp workspace's data processing agreement with Crisp governs data protection obligations.

9. Your Rights

As the Plugin does not independently store personal data, rights related to access, rectification, erasure, and data portability should be exercised through your Crisp workspace. Uninstalling the Plugin stops all further data processing.

10. Data Disclosure

Rich Contact processes Crisp visitor data (phone number, display name, channel origin, and optionally geolocation) solely to create contact profiles within the customer's Crisp CRM workspace. All processed data is limited to information already available within the Crisp platform.

We do not store any personal data. Data is processed transiently in server memory and discarded immediately after the contact profile is created. We do not maintain databases, logs, or any persistent records containing personal data.

Plugin configuration settings (channel preferences, segment names, feature toggles) are stored by Crisp as part of the plugin subscription. We do not store these settings independently.

All processed data is used exclusively for service delivery within the customer's Crisp workspace and is not used, shared, or sold for any other purpose.

11. Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised date.

12. Contact

For privacy-related questions, contact us at support@richcontact.app.