← RotatorTOTS

Privacy Policy

Last updated May 2, 2026

RotatorTOTS ("we", "us", a solvely product) provides lead-routing software that integrates with HubSpot and other CRMs. This policy describes what we collect, why, how long we keep it, and how to get rid of it.

1. What we collect

When you sign up and use the product we collect:

  • Account data — email, name, and authentication identifiers from our auth provider (Clerk). We never store your password.
  • HubSpot OAuth tokens — access and refresh tokens you explicitly grant when connecting your HubSpot portal. Stored encrypted at rest; used only to route leads on your behalf.
  • CRM records you route — for each routing decision we store the object type + id, the assigned owner, the rule that matched, and a short snapshot (name, email, company, score) for display. We do not mirror your full CRM.
  • Usage metadata — pages visited, feature events, error reports via Sentry. No keystrokes, no session replay.

2. Why we collect it

  • Deliver the product: route leads, display dashboards, send the rare notification email.
  • Debug errors and improve reliability.
  • Bill you (if on a paid plan).
  • Communicate about service changes and security issues.

We never sell your data. We never train machine learning models on your CRM data.

3. Who we share it with

Sub-processors we rely on to run the service:

  • Vercel — application hosting.
  • Convex — database and serverless functions.
  • Clerk — authentication and user management.
  • Sentry — error reporting.
  • Stripe — payments (paid plans only).
  • HubSpot — only calls you authorize.

4. How long we keep it

While your account is active, indefinitely. When you uninstall RotatorTOTS or delete your workspace, we purge OAuth tokens immediately and all associated workspace data within 30 days. Audit logs and assignment history are kept for 2 years by default.

5. Your rights

You can export or delete your workspace data at any time from Settings. To exercise any GDPR/CCPA right — access, correction, portability, erasure, or objection — email privacy@solvely.net and we'll respond within 30 days.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest. OAuth credentials are stored encrypted. Access to production systems is restricted to solvely employees on a need-to-know basis and monitored.

7. Children

The service is not directed at users under 16. We do not knowingly collect data from children.

8. Changes to this policy

We may update this policy. We'll update the date at the top and notify workspace admins by email for material changes.

9. Contact

solvely, operator of RotatorTOTS. Email privacy@solvely.net for privacy questions, or help@solvely.net for support.