← Back to CompCode

Privacy Policy

Last updated: April 22, 2026

CompCode ("we", "us", "our") operates the compcode.ai platform and related integrations. This policy describes how we collect, use, and protect your data.

1. Data We Collect

We collect only the data necessary to provide commission calculation and management services:

• Account data: Name, email address, and role (provided during signup or synced from your CRM).
• CRM data: Deal records, deal amounts, deal stages, and deal owner information synced from your connected CRM (Attio, HubSpot, or other supported integrations). We access this data through OAuth-authorized API connections.
• Commission data: Calculated commission amounts, plan configurations, quota targets, and statement snapshots generated by our engine.
• Usage data: API request logs, error logs, and feature usage metrics for service reliability and billing.

2. How We Use Your Data

• Calculate and display commission earnings, quotas, and attainment.
• Generate commission statements and support approval workflows.
• Sync deal and rep information between your CRM and CompCode.
• Provide dashboard views for reps, managers, and admins.
• Maintain service reliability, debug issues, and improve the product.
• Process billing and enforce usage limits.

3. Data Sharing

We do not sell your data. We share data only in these limited cases:

• CRM write-back: When enabled, we write commission results back to your CRM (e.g., custom fields on deal records). This is configured by your workspace admin.
• Infrastructure providers: We use Neon (database), Railway (hosting), and Trigger.dev (job processing). These providers process data on our behalf under data processing agreements.
• Legal requirements: We may disclose data if required by law or to protect our rights.

4. Data Storage and Security

• Data is stored in Neon Postgres databases with encryption at rest.
• All connections use TLS/HTTPS encryption in transit.
• CRM OAuth tokens are stored encrypted and refreshed automatically.
• API keys are generated using cryptographically secure random bytes.
• Webhook signatures are verified using HMAC-SHA256 to prevent tampering.
• Session tokens expire after 8 hours.

5. Data Retention

• Commission events: Retained as an immutable audit ledger for the lifetime of your workspace.
• Deal snapshots: Updated on each CRM sync; historical snapshots are overwritten.
• Statements: Versioned and retained until workspace deletion.
• Account data: Retained while your workspace is active. Deleted within 30 days of workspace deletion.

6. CRM Integration Permissions

When you connect a CRM, we request only the permissions necessary for commission management:

• Attio: Read deal records, deal owners, and workspace members. Create custom objects for commission tracking. Receive webhooks on deal changes.
• HubSpot: crm.objects.deals.read (deal data), crm.objects.owners.read (rep sync), crm.schemas.deals.read (field discovery). Receive webhooks on deal changes.

You can disconnect your CRM at any time from the Integrations page. Disconnecting revokes our access tokens but does not delete previously synced data. Contact us to request full data deletion.

7. Your Rights

You may:

• Access, export, or delete your data by contacting us.
• Disconnect CRM integrations at any time.
• Request deletion of your workspace and all associated data.

8. Cookies

We use only essential cookies for authentication (session tokens, OAuth state parameters). We do not use tracking cookies or third-party analytics.

9. Changes

We may update this policy. Material changes will be communicated via email or dashboard notification.

10. Contact

Questions about this policy? Email support@compcode.ai.

CompCode is operated by Sergejs Jaunzems. Registered in Latvia.