Privacy Policy

Questlane processes the following categories of data to operate your CRM and sales pipeline workspace:

• Account & authorization data: email, workspace name, roles, permissions, billing information
• CRM data: contacts, companies, deals, tasks, and classifications you create or import from your connected data sources (Postgres, MongoDB, REST APIs, or other systems)
• Email content: messages, attachments, and metadata from IMAP, SMTP, or Gmail mailboxes you connect to the platform
• Workflow & automation data: task assignments, workflow execution logs, scheduled actions, and automation templates
• Usage analytics: feature interactions, session logs, and performance metrics to improve the service

We use your data to:

• Provide and operate your CRM workspace and sales pipeline tools
• Sync, process, and map data from your connected sources via assisted field-mapping
• Execute workflows, send task reminders, and enable team collaboration
• Store your emails and enable search and communication history
• Provide customer support and troubleshoot service issues
• Improve platform security and prevent fraud
• Comply with legal and regulatory obligations (GDPR, etc.)

We do not sell your data. We may share information with service providers and sub-processors necessary to operate Questlane:

• Hetzner: cloud hosting infrastructure in the EU where your PostgreSQL database and data are stored
• Stripe: processes your subscription billing payments (does not see your CRM or email data)
• LLM provider: used only for assisted field-mapping and classification assistance during data import (your data is processed under a Data Processing Agreement)
• Email service providers: your own connected IMAP/SMTP or Gmail accounts (we relay messages through your credentials, never store them)

We also share information with legal authorities when required by law, and in connection with business transfers or acquisitions.

Your data is stored in PostgreSQL databases on Hetzner infrastructure located in the European Union. We implement industry-standard security measures including encryption in transit (TLS), access controls, and regular security audits.

However, no system is completely secure. Please report security concerns to [email protected].

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion (right to be forgotten)
• Restrict processing
• Receive a copy of your data (data portability)
• Withdraw consent at any time

To exercise these rights, contact [email protected] with your request.