PRIVACY POLICY
Data handling.
Plain English, no legalese. Last updated 2 June 2026.
What we ask for
Read-only access to your HubSpot CRM data via HubSpot's official OAuth flow. We request only the scopes needed for the audit — see the full list below. We never request write access, never modify your data.
What we do with it
Your CRM data is processed in-memory during the audit (~30–90 seconds) and is never persisted to our servers, written to a database, or shared with third parties. The audit completes, the PDF is generated and emailed to you, the access token is discarded.
What we keep
Only your email address (to send the report) and your audit summary scores (anonymized, used to refine industry benchmarks). The full audit report is sent to your email and not retained on our side after delivery.
Revoke access
Any time. In HubSpot: Settings → Integrations → Connected Apps → find PineRiverData CRM Audit → Remove. Or email audit@pineriverdata.com to delete your audit summary and email from our records.
Scopes we request
crm.objects.contacts.read, crm.objects.companies.read, crm.objects.deals.read, crm.objects.owners.read, crm.schemas.contacts.read, crm.schemas.companies.read, crm.schemas.deals.read, automation (Pro+ tier only), oauth. All read-only.
Where we are
PineRiverData is UK-based. UK GDPR and EU GDPR apply. ICO registration: pending if you process more than 50 audits per year.
Third parties we use
Anthropic Claude API (for the AI executive narrative; only audit summary data is sent, never raw CRM records). Resend (for email delivery). Vercel (hosting). Loops.so (optional — if enabled, your audit summary is forwarded for the post-audit follow-up email sequence; you can opt out via any email's unsubscribe link). All processed under their respective DPAs.
Contact
Questions: email audit@pineriverdata.com or visit pineriverdata.com.