Data Security

Last updated: 15 June 2026

We built the Quote Recovery Sprint to be the lowest-risk way to get value out of your CRM. The whole service runs on read-only access and rep approval — so we can never change your data or send anything in your name without your say-so. This page explains exactly how your data is handled and protected.

The principle: least access, no changes

We take the smallest amount of access needed to do the job, and only ever read — never write. We don't move your data out of the systems you already control, and nothing leaves your CRM without someone on your team approving it first.

What we access

During a sprint we use read-only access to your HubSpot or Pipedrive, limited to the records we need to find stalled quotes:

• Deals / opportunities, with their stages and dates
• Contacts and companies attached to those deals
• Quote and activity dates
• Notes attached to deals

We read this data only to identify which quotes have gone quiet and are worth reviving.

What we never access or change

• We don't access your drawings, technical specs, CAD files, machine programs, or any attached documents.
• We don't have write access — we can't edit, delete, move, or overwrite anything in your CRM.
• We don't change your pricing, your deal values, or your records.
• We don't copy or export your customer database. We work inside your CRM.
• We don't connect new software to your stack or ask your team to install anything.
• We don't use your data to train any public AI model.

How access is granted — and revoked

You provision access on your side, using your CRM's own controls — typically a read-only user seat or a read-only API key / private app that you create and own. Because you grant it, you can revoke it at any time, instantly, for any reason. We ask you to revoke access at the end of the sprint and confirm when we no longer need it.

Nothing sends without approval

Every follow-up email is drafted for your review and sent only after your rep approves it. There are no automated sequences running on their own, no bulk blasts, and no messages that go out without a human on your team clicking approve.

One person — under NDA and DPA if you want

The work is done by one person — Anatolii Kharchuk — not passed around a team or to subcontractors. We're happy to sign your NDA and a Data Processing Agreement before anything starts. Nothing about your customers, pricing, or jobs is shared with anyone outside the engagement.

AI-assisted work, reviewed by a human

We may use AI-assisted tools to help organise notes or draft follow-ups, but your confidential CRM data is never used to train public AI models, and every draft is reviewed by a person before it reaches you or your customers.

Working materials and devices

Any working notes and the Recoverable Revenue Report are kept on access-controlled, password-protected devices and are never shared with third parties. We keep working copies to the minimum needed to deliver the sprint.

Keeping data only as long as needed

• Access is revoked at the end of the sprint.
• Working notes we hold are deleted within 30 days of the sprint ending. The Recoverable Revenue Report and the results summary are yours to keep.
• We retain only the business records the law requires, such as invoices.
• Website analytics data is aggregate and anonymous (see our Privacy Policy).

Tools we rely on

This website is hosted on Vercel and uses Vercel's privacy-friendly, aggregate analytics. Calls are booked through Calendly, and client invoices run through Stripe. We don't use advertising trackers and we don't sell data. These providers process data under their own security and privacy terms.

If something goes wrong

If we ever became aware of a security incident affecting your data, we would notify you promptly — and, where the law requires, the relevant supervisory authority — and work with you to address it.

Questions

Security questions: ai.kharchuk@gmail.com.