Privacy Policy

How we collect, use, and protect your personal data.

Last updated: March 7, 2026

Table of Contents

1. Introduction

SmartCM ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service").

This policy applies to all users of the Service, including visitors, registered users, and administrators. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

SmartCM is operated by ionicsoft GmbH, registered in Germany. We comply with the European Union General Data Protection Regulation (GDPR) and applicable German data protection laws (BDSG).

2. Information We Collect

2.1 Information You Provide

When you create an account, use our services, or contact us, you may provide:

  • Name, email address, phone number, and billing address
  • Company name, VAT number, and business details
  • Account credentials (passwords are stored using one-way hashing)
  • Content you create, upload, or manage through the platform
  • Messages, support tickets, and feedback you submit
  • Payment information (processed by our payment provider; we do not store card details)

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time spent, and navigation patterns
  • Referring URL and exit pages
  • Session identifiers and cookies (see Section 5)

2.3 Information from Third Parties

We may receive information from third-party services you connect to SmartCM, such as email providers, analytics platforms, or social media accounts you choose to link.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the SmartCM platform
  • Account Management: To create and manage your user account and preferences
  • Communication: To send transactional emails, support responses, and service updates
  • Billing: To process payments, generate invoices, and manage subscriptions
  • Security: To detect and prevent fraud, abuse, and unauthorised access
  • Analytics: To understand usage patterns and improve user experience
  • Legal Compliance: To comply with legal obligations and respond to lawful requests

We process your data based on the legal grounds of contract performance, legitimate interest, consent, and legal obligation, as applicable under GDPR Article 6.

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Service Providers: Hosting providers, payment processors, email delivery services, and analytics providers that help us operate the Service, all bound by data processing agreements
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (your data will remain subject to this policy)
  • With Your Consent: When you explicitly authorise us to share data with a specific third party

All third-party providers with access to personal data are required to maintain appropriate security measures and are prohibited from using your data for their own marketing purposes.

5. Cookies

SmartCM uses cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for the platform to function (session management, CSRF protection, authentication). These cannot be disabled.
  • Preference Cookies: Store your language selection, theme preference, and display settings.
  • Analytics Cookies: Help us understand how visitors use the platform (only with your consent).

You can manage cookie preferences through the consent banner displayed on your first visit, or by adjusting your browser settings. Blocking essential cookies may impair platform functionality.

6. Data Security

We implement robust technical and organisational measures to protect your data, including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Password hashing using modern, salted algorithms
  • Regular security audits and vulnerability assessments
  • Role-based access controls for internal team members
  • Automated backups stored in geographically separate locations within the EU

While we take every reasonable precaution, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to use strong passwords and enable two-factor authentication where available.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Request limitation of how we process your data
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent (Art. 7): Withdraw previously given consent at any time

To exercise any of these rights, please contact us at privacy@smartcm.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data: Retained while your account is active and for 30 days after deletion request
  • Billing and invoicing data: Retained for 10 years as required by German tax law (AO, HGB)
  • Server logs: Automatically deleted after 90 days
  • Support tickets: Retained for 2 years after resolution
  • Analytics data: Aggregated and anonymised after 26 months

After the retention period, data is securely deleted or anonymised so that it can no longer be associated with you.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify registered users by email for significant changes
  • We may display a notice on the platform upon your next login

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Data Protection Officer

ionicsoft GmbH

Musterstrasse 42, 10115 Berlin, Germany

Email: privacy@smartcm.com

Phone: +49 30 1234 5678