Skip to content
Convertly Docs

Data Handling

Data storage

All Convertly CRM data is stored in a PocketBase SQLite database running on Convertly’s dedicated servers. This includes:

  • Tenant organization records
  • Lead and contact data
  • Form submissions
  • Pipeline and task data
  • Automation logs
  • Billing records

File uploads (attachments, exports) are stored on the same server in PocketBase’s file storage directory.

Data ownership

Your organization’s data belongs to you. Convertly does not:

  • Sell your customer data to third parties
  • Use your lead or contact data for advertising
  • Share your data with other Convertly tenants

Data isolation

Each tenant (organization) is isolated by a client_id field. All data queries are scoped to the requesting user’s organization — there is no shared data pool between tenants.

Backups

Convertly performs automated daily backups of the database and file storage. Backups are stored offsite. In the event of data loss, Convertly can restore from a recent backup. Contact support if you believe you have experienced data loss.

Data retention

Data typeRetention policy
Active account dataRetained indefinitely while account is active
Deleted leads / contactsMoved to Trash first, then removable by authorized admins
Automation logsRetained for 90 days
Form submission historyRetained indefinitely while account is active
Billing recordsRetained for 7 years (legal requirement)

Account deletion

When a tenant account is closed:

  • CRM data (leads, contacts, tasks, automations) is deleted
  • Billing records are retained per legal requirements
  • Stripe subscription is cancelled

To request account deletion, contact support@convertlycrm.com.

GDPR and privacy

Convertly CRM can be used in compliance with GDPR when configured appropriately. Tenant-level obligations include:

  • Obtaining lawful basis for processing lead data
  • Including a privacy policy on your lead capture forms
  • Responding to data subject access requests from your leads

Convertly provides data deletion functionality: Admins can delete individual lead records from the CRM at any time.

For data subject requests from your leads, you are the data controller. Convertly provides the tools; you manage your own compliance.

Third-party data sharing

The only third parties that receive data from Convertly are:

  • Stripe — billing data shared with the payment processor
  • Google Ads — conversion events (gclid, value) shared when Closed Won trigger fires, if Google Ads integration is configured
  • Meta (CAPI) — conversion events (fbclid) shared when Closed Won trigger fires, if Meta CAPI integration is configured

All other data remains on Convertly’s servers.