Privacy Policymanage.recreo.live

Last updated: December 9, 2025

This Privacy Policy describes how Recreo (also referred to as "Recreo Tech", "we", "us" or "our") collects, uses, and protects personal data when you use our CRM platform available at manage.recreo.live (the "Service").

We are committed to safeguarding the privacy and security of the business and customer data you entrust to us.

1. Who we are

Recreo
Rancho Acapulco 222
Monterrey, Nuevo León, Mexico

If you have any questions about this Privacy Policy or how we handle personal data, you can contact us at:

ricardo@recreo.live

2. Scope of this Policy

This Privacy Policy applies to:

  • Users who access and use manage.recreo.live (currently primarily existing clients, with the possibility of public sign-ups in the future).
  • The personal data of your own customers, leads, and contacts that you store in our CRM.

Depending on the context:

  • We act as a data controller for personal data related to your account, billing, and direct relationship with us.
  • We act as a data processor for personal data that you upload or manage within the CRM about your own customers, leads, and contacts.

3. Information we collect

3.1 Information you provide to us

When you use the Service, you may provide:

  • Account and contact details: Name, email address, company name, role, and similar data for user registration and account management.
  • CRM data: Information about your customers, leads, suppliers, and business operations (e.g., contact details, deals, notes, tasks, files, activity logs).
  • Support communications: Messages you send to us via email or within the platform (support requests, feedback, feature requests).
  • Billing and subscription information: When billing is enabled through Stripe, we receive limited billing-related information from Stripe (e.g., payment status, last 4 digits of card, country), but full card details are processed and stored by Stripe, not by us.

3.2 Information collected automatically

When you access or use the Service, we automatically collect:

  • IP address and approximate location (city/region level).
  • Browser type, device type, operating system.
  • Log data: pages visited, actions performed, timestamps, and session identifiers.
  • Technical and performance data for error tracking and security.

This information helps us operate, secure, and improve the platform.

3.3 Information from third-party integrations

If you connect third-party services to the CRM (now or in the future), we may receive data such as:

  • Contact and customer information.
  • Email metadata or content (where explicitly configured).
  • Documents, files, or other records relevant to your CRM workflows.
  • Transaction or billing details from payment providers (e.g., Stripe).

The data received will depend on your configuration and the permissions you grant.

4. How we use your information

We use the information we collect for the following purposes:

  • To provide and maintain the Service – Including account creation, authentication, and access to CRM features.
  • To operate CRM functionality – Storing and processing your business and customer data so you can manage contacts, deals, communications, tasks, and automations.
  • To provide support and communicate with you – Responding to inquiries, sending technical notices, updates, security alerts, and administrative messages.
  • To process payments (when enabled) – Managing subscriptions and payments via Stripe, including invoices, billing notices, and payment confirmations.
  • To improve and develop the Service – Analyzing usage patterns, performance, and feedback to enhance features and user experience.
  • To secure the Service – Detecting, preventing, and responding to fraud, abuse, security incidents, or other harmful activity.
  • To comply with legal obligations – Accounting, tax, and regulatory requirements, as well as responding to lawful requests from authorities.

We do not sell your personal data.

5. Use of artificial intelligence (AI)

We use AI providers to power certain features within the Service:

  • Claude (Anthropic) – Used (in implementation) as an integrated chat assistant, per tenant, that can be configured to be aware of your business data and needs.
  • OpenAI – Used to assist with generating reports and summaries from data you provide.

5.1 What data may be processed by AI providers?

Depending on your configuration and use:

  • Text you input into the chat or reporting features.
  • Selected CRM data that you explicitly choose to send for analysis or generation (e.g., summaries, reports, insights).

We take steps to:

  • Limit the data sent to what is necessary for each request.
  • Configure the AI providers, where technically possible, so that your data is not used to train their models for unrelated purposes.

However, these providers process data under their own terms and privacy policies. We encourage you to review them before enabling or heavily using AI features.

5.2 Automated decision-making

We do not use AI to make fully automated decisions that produce legal or similarly significant effects on individuals (such as automatic loan approvals or employment decisions). AI is used as a tool to assist you, and you remain responsible for decisions made based on its output.

6. Legal bases for processing (GDPR, where applicable)

If you are located in the European Economic Area (EEA), the United Kingdom, or another region where GDPR-like laws apply, we process personal data under the following legal bases:

  • Performance of a contract – To provide and operate the Service you have requested.
  • Legitimate interests – For security, service improvement, analytics, and internal administration, provided these interests are not overridden by your rights.
  • Consent – For certain activities (e.g., optional communications, specific AI features, or cookies that are not strictly necessary). You can withdraw consent at any time.
  • Legal obligations – To comply with applicable laws (e.g., tax, accounting, regulatory, and law enforcement requests).

7. How we share information

We do not sell personal data. We may share data with:

7.1 Service providers (subprocessors)

We use trusted third parties to help us operate the Service, including:

  • Hosting and infrastructure:
    • DigitalOcean (servers and PostgreSQL database, running Ruby on Rails in Docker containers)
    • Vercel (Next.js frontend hosting)
  • Email and file services:
    • AWS (e.g., Simple Email Service, S3, and CDN/CloudFront for email and file delivery)
  • Payments:
    • Stripe (subscription and billing management)
  • AI providers:
    • Anthropic (Claude)
    • OpenAI

These providers are authorized to access personal data only as necessary to perform services on our behalf and are bound by contractual obligations to protect it.

7.2 Legal and compliance

We may disclose personal data when required to:

  • Comply with a legal obligation or regulatory requirement.
  • Respond to lawful requests from public authorities.
  • Protect our rights, property, or safety, or that of our users or others.

7.3 Business transfers

If we undergo a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of that transaction, subject to appropriate confidentiality safeguards and continuity of privacy protections.

8. International data transfers

Because our infrastructure and some of our service providers (such as AWS, DigitalOcean, Vercel, Stripe, Anthropic, and OpenAI) may be located in different countries, your data may be transferred and processed outside of your country of residence.

Where required by law (e.g., under GDPR), we implement appropriate safeguards for such transfers, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Equivalent contractual or organizational measures ensuring a similar level of protection.

9. Data retention

We retain personal data only as long as necessary for the purposes outlined in this Policy, including:

  • Providing and maintaining the Service.
  • Complying with legal, accounting, and reporting requirements.
  • Resolving disputes and enforcing agreements.

When data is no longer needed, we will delete it or anonymize it. You may also request deletion of your account and associated CRM data, subject to our legal obligations to retain certain records.

10. Your rights

Depending on your location, you may have the following rights over your personal data:

  • Access: Request confirmation that we process your data and obtain a copy.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, in certain circumstances ("right to be forgotten").
  • Restriction: Request that we limit our processing of your data in specific situations.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at:

ricardo@recreo.live

We may ask for verification of your identity before responding.

If you are in the EEA, UK, or a similar jurisdiction, you also have the right to lodge a complaint with your local data protection authority.

11. Cookies and similar technologies

We may use cookies and similar technologies to:

  • Keep you logged in and maintain sessions.
  • Remember your preferences.
  • Measure usage and performance of the Service.

Where required by law, we will seek your consent for non-essential cookies. You can control cookies through your browser settings, but disabling certain cookies may affect some functionality of the Service.

12. Security

We implement reasonable technical and organizational measures to protect personal data, including:

  • Encrypted connections (HTTPS/TLS).
  • Segregated environments and containers for services.
  • Access controls and authentication.
  • Backups and disaster recovery procedures.
  • Monitoring for suspicious activity and potential threats.

No system can be 100% secure, but we continuously work to strengthen our security posture.

13. Children's privacy

The Service is intended for business use and is not directed to children under 18 years old. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will:

  • Update the "Last updated" date at the top of this page, and
  • Provide notice within the Service or via email where appropriate.

Your continued use of the Service after changes become effective means you accept the updated Policy.

15. Contact us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, you can contact us at:

ricardo@recreo.live
manage.recreo.live
Monterrey, Nuevo León, Mexico

By using this application, you agree to our Terms of Service and Privacy Policy.