Nyphex Alerts

Privacy Policy

Effective date: March 15, 2026

1. Introduction

Nyphex Alerts ("we", "us", "our") operates the alerts.nyphex.com website and SaaS platform. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2. Information We Collect

Account Information

  • Name and email address provided by your CRM during OAuth authentication
  • CRM account identifier and organization name
  • Notification preferences, timezone, and quiet-hours settings

CRM OAuth Tokens

When you connect Pipedrive or HubSpot, we receive OAuth 2.0 access and refresh tokens. These tokens are encrypted at rest using AES-256-GCM and are used solely to subscribe to CRM webhooks and retrieve deal event metadata for alert processing.

Deal Event Metadata

We process deal event metadata such as stage changes, deal status updates, deal value, pipeline name, and deal owner identifier. This metadata is used in real-time to evaluate alert rules and generate notifications.

What We Do NOT Store

  • We do not store the content of your deals, notes, emails, or activities
  • We do not store your customers' personally identifiable information (PII) from your CRM
  • We do not retain raw CRM webhook payloads after processing

Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details. We retain only your Stripe customer ID and subscription status.

Usage Data

  • Notification counts and delivery status
  • Alert rule configurations
  • Delivery channel configurations (webhook URLs, email addresses)

3. How We Use Your Information

  • To authenticate your account and maintain your session
  • To subscribe to CRM webhooks and process deal events
  • To evaluate alert rules and deliver notifications to your configured channels
  • To enforce plan limits and feature gating
  • To process billing through Stripe
  • To send service-related communications (limit warnings, account updates)

4. Data Security

We take the security of your data seriously:

  • OAuth tokens are encrypted at rest using AES-256-GCM with unique initialization vectors
  • All data in transit is encrypted via TLS
  • Database access is restricted and all queries are tenant-isolated
  • JWT-based authentication with short-lived access tokens (1 hour) and rotating refresh tokens (7 days)

5. Third-Party Services

We share data with the following third-party services as necessary to operate Nyphex Alerts:

  • Stripe — payment processing and subscription management
  • Pipedrive / HubSpot APIs — CRM data access via your authorized OAuth connection
  • Slack, Google Chat, Microsoft Teams — notification delivery to your configured webhooks

We do not sell your data to any third party.

6. Data Retention

Notification history and event logs are retained based on your plan tier:

  • Free — 7 days
  • Starter — 30 days
  • Pro — 90 days
  • Team — 1 year

Account data (profile, rules, channel configurations) is retained for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Export — request your data in a portable, machine-readable format
  • Restriction — request restriction of processing
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@nyphex.com. We will respond within 30 days.

8. Cookies

Nyphex Alerts uses only essential cookies required for authentication (JWT session tokens). We do not use tracking cookies or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via email or in-app notification. Continued use of Nyphex Alerts after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy or your data, contact us at privacy@nyphex.com.