Skip to main content
Legal documents

Privacy Policy — SaaS Platform (CRM)

Last updated: ·Version 1.0

Introduction

This policy applies to users of our CRM platform (the "Platform") available at `crm.soulbe.io`. This policy supersedes the general privacy policy of the marketing site (`soulbe.io/privacy`) with respect to activities within the Platform.

If you are only visiting the marketing site soulbe.io without registering for the Platform — the relevant policy for you is here.

1. Who We Are (As Service Provider)

SoulBe ("we", "the Company", "the Provider") operates the Platform under a White Label model based on GoHighLevel / LeadConnector infrastructure.

  • Operator: SoulBe
  • Contact email and privacy inquiries: hello@soulbe.io
  • Registered address: [To be added]

2. Key Definitions (Important!)

  • Customer / Subscriber — You, the paying entity that subscribed to the service.
  • Authorized User — Employees, consultants, and partners of the Customer who use the Platform on the Customer's behalf.
  • End UserThe Customer's customers (leads, contacts) whose data the Customer manages campaigns about within the Platform.
  • Data Controller — The entity determining the purposes and means of data processing.
  • Data Processor — The entity processing data on behalf of the Controller.

Data relationships:

  • With respect to the Customer's own data (account, billing, usage): SoulBe = Controller.
  • With respect to End User data (contacts in the CRM): the Customer = Controller. SoulBe = Data Processor acting on the Customer's behalf. GHL/LeadConnector = Sub-processor.

3. Information We Collect

3.1 Customer's Own Data (Account Data)

  • Registration details: Name, email, phone, company name, business registration number.
  • Billing confirmations: Payment method (processed by payment provider — we do not store credit card numbers).
  • Usage data: When you logged in, which features you used.
  • Security logs: Login attempts, IP, device type.

3.2 End User Data (Customer Content)

This is the data you input into the Platform for your business operations:

  • Contacts, leads, phone numbers, email addresses.
  • Communications (WhatsApp, SMS, email) in the unified Inbox.
  • Tags, pipeline status, automation actions.
  • Files you uploaded.

We do not use this data for our own purposes beyond operating, securing, and maintaining the service for you.

3.3 Information from Tracking Technologies

See our Cookie Policy.

4. Legal Basis

  • Contract performance — Providing the service you signed up for.
  • Legal obligation — Accounting (7 years), tax reporting.
  • Legitimate interest — Security, service improvement, fraud prevention.
  • Consent — For optional features (e.g. AI analytics if enabled).

5. Sub-processors

The Platform relies on sub-processors that process data on our behalf (and on yours, regarding end users):

| Sub-processor | Role | Location | |---|---|---| | GoHighLevel / LeadConnector | CRM infrastructure, data storage | U.S. | | Cloudflare / Ludicrous Cloud | CDN, security, WAF | Global | | AWS / Vercel | Adjacent storage, landing page hosting | U.S. / EU | | Stripe | Payment processing | U.S. | | Mailgun / SendGrid | Email delivery | U.S. | | Twilio / Meta WhatsApp Business | SMS / WhatsApp delivery | U.S. / EU |

Each sub-processor is bound by a DPA that restricts them to processing data solely for the purpose of providing the service. An updated list is available on request.

Sub-processor changes: We will give at least 30 days' notice before adding a new sub-processor. You may object on reasonable grounds.

6. International Data Transfers

Some sub-processors are located outside Israel and the EEA. We ensure safeguards:

  • Standard Contractual Clauses (SCCs) of the European Commission.
  • Data Privacy Framework (for certified U.S. providers).
  • Encryption in transit (TLS 1.2+) and at rest (AES-256).

7. Data Security

  • Encryption — TLS for all traffic, AES-256 for data at rest.
  • Access control — 2FA for admin users, role-based permissions.
  • Logs and monitoring — Access logs, anomaly tracking, alerts.
  • Backups — Daily, retained for 30 days.
  • Penetration testing — Periodic, by an external provider.
  • Incident response — Documented breach-notification process within 72 hours (GDPR Art. 33).

8. Retention Periods

  • Active account: For the duration of the engagement.
  • After account closure: Up to 90 days for full deletion from Production. Request "data export" within 30 days of termination — we will provide an export in CSV/JSON.
  • Backups: Up to 30 additional days.
  • Accounting records: 7 years (legal obligation).
  • Security logs: Up to 12 months.

9. End User Rights

Important to understand: the Customer (you) is the Controller of your end users' data. That means:

  • You are responsible for obtaining their consent.
  • You handle their requests (access, deletion, portability).
  • You draft your own privacy policy facing them.

If an end user contacts us directly — we will refer them to you. We will help you fulfill the request in accordance with our DPA.

For details, see the Data Processing Agreement (DPA).

10. Your Rights as a SaaS Customer

  • Access — Admin area with all your data plus export.
  • Rectification — Via the admin interface.
  • Erasure — Request in writing, executed within 30 days except for retention obligations.
  • Portability — Structured export (CSV/JSON).

For any inquiry: hello@soulbe.io, we respond within 30 days.

11. Changes to Policy

Material changes will be notified by email and within the Platform at least 30 days in advance. If you disagree — you may terminate the subscription.

12. Governing Law

Laws of the State of Israel. Exclusive jurisdiction — the competent courts in the Tel Aviv-Jaffa District.

For matters relating to EU end users, we operate in accordance with GDPR.

13. Contact Us

  • DPO (Data Protection Officer) / privacy questions: hello@soulbe.io
  • Israeli supervisory authority: privacyprotection.gov.il
  • EU supervisory authorities: edpb.europa.eu
All documents·Questions? Contact us
שלחו הודעה