Internal Use Guidelines

Acceptable use and data handling practices for InnHub CRM.

For InnHub staff only.

Version 1.0 · Last updated April 4, 2026 · Next review October 2026

System Overview

SoftwareInnHub CRM
DeveloperHarbour 22
Data OwnerInnHub
UsersInnHub staff only
Accessinnhub-crm.ch

Data Ownership

Software

  • CRM software code and intellectual property: Harbour 22

Data

  • All data entered into the CRM: InnHub
  • Partner information, contacts, interactions, notes: InnHub property
  • InnHub has full rights to export, backup, and delete their data

Data Collected

  • Organization Data: Company names, addresses, industry, status, priorities
  • Contact Data: Names, emails, phone numbers, positions, LinkedIn profiles
  • Interaction Data: Meeting notes, communication history, follow-up tasks
  • User Data: InnHub staff login credentials, usage logs

Data Storage & Security

  • Hosting: Supabase (AWS Frankfurt, EU region)
  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Backups: Daily automated backups
  • Access: Restricted to authenticated InnHub users only

User Responsibilities

  • Keep credentials secureStrong passwords, MFA enabled, never share login credentials
  • Business purposes onlyCRM is for partner relationship management only
  • Protect data confidentialityDo not share partner data outside InnHub without authorisation
  • Report security issuesImmediately report suspected breaches to security@innhub-crm.ch
  • Keep data accurateUpdate contact information, archive outdated records, delete duplicates
  • Use English as the main languageAll information entered into the CRM — organization profiles, contact records, notes, and interaction logs — should be written in English

Prohibited Activities

  • Sharing CRM access with non-InnHub personnel
  • Accessing data outside of job responsibilities
  • Exporting data to personal email or storage without authorisation
  • Using CRM for personal projects or external consulting
  • Attempting to bypass security controls

Data Retention

  • Active Partners: Data retained as long as partnership is active
  • Inactive Partners: Data archived after 24 months of no activity
  • Deleted Accounts: User can request complete data deletion
  • Backups: Retained for 30 days, then permanently deleted

User Access Levels

All users currently have full access to all data. Role-based access controls may be introduced in a future update.

AdministratorFull system access, user management, data export/import, system configuration
Standard UserView and edit assigned partners/contacts, create interactions, export own data
ViewerRead-only access, no editing capabilities, no exports

Data Subject Rights

For external contacts stored in the CRM, InnHub ensures:

  • Right to Access: Contacts can request their data
  • Right to Rectification: Incorrect data can be corrected
  • Right to Erasure: Data deleted upon request (where legally permissible)
  • Right to Export: Data provided in portable format

Contact for data requests: privacy@innhub-crm.ch

Incident Response

In case of a security incident or data breach:

  1. 1.Immediately notify security@innhub-crm.ch
  2. 2.Do not delete logs, modify data, or attempt to fix it yourself
  3. 3.Preserve all evidence and system states
  4. 4.Document what happened, when, and what data may be affected
Response time: Within 24 hoursEscalation: tobias@innhub.ch

Compliance

This CRM and its usage are governed by:

  • InnHub employment contracts
  • InnHub IT usage policies
  • Swiss Data Protection Act (DPA)
  • GDPR (for EU partner data)
  • Swiss labor law

Support & Questions

Technical Support: tobias@innhub.ch

Security Concerns: security@innhub-crm.ch

Data Requests: privacy@innhub-crm.ch

General Questions: tobias@innhub.ch

By using InnHub CRM, you acknowledge that you have read, understood, and agree to comply with these guidelines and all applicable InnHub policies.

Security Overview