Privacy Policy

Last updated: April 25, 2026

This policy describes how kimuraCRM (hereafter "kimuraCRM", "we" or "our") handles information in connection with the desktop application installed on your computer and the website at kimuracrm.com. It is aligned with the EU General Data Protection Regulation (GDPR), the Brazilian LGPD, and equivalent privacy principles where applicable.

1. One-sentence summary

The CRM data you create (contacts, companies, deals, attachments, activities) stays only on your computer. The application sends our servers only a minimal telemetry payload (about the installation, not about your customers), described in detail below.

2. Who controls the data

kimuraCRM is developed and operated by:

  • Zipline Tecnologia Ltda.
  • Brazilian tax ID (CNPJ): 04.693.497/0001-21
  • Address: Rua do Acampamento, 380 — Santa Maria/RS — 97050-002 — Brazil
  • Phone (Brazil): 0800 603 3336
  • Data Protection Officer (DPO): dpo@zipline.com.br

Zipline is also the publisher of the application on the Microsoft Store. For any matter related to this policy, use one of the channels listed in section 15.

3. Data that stays on your computer only

Everything you type or attach inside kimuraCRM — contacts, companies, deals, products, activities, notes, attachments (PDFs, images, documents), your company settings and backups — is stored in a local SQLite database under %APPDATA%\kimuraCRM on your Windows account. This data is never sent to our servers, to the cloud, or to any third party.

Automatic backups (one .zip per day, last 7 kept) are also stored on your computer in the same folder. Copying them elsewhere (USB drive, your own cloud, etc.) is up to you.

4. Telemetry the app sends

To understand how many people use kimuraCRM and in what context, the app sends the following information to kimuracrm.com:

4.1. On first registration (once per installation)

  • Install code (a random UUID generated on your computer — not linked to your name, email, or Windows account);
  • Company name you typed into the welcome wizard or settings;
  • Country you selected;
  • Interface language (pt-BR, en or es);
  • App version;
  • Currency you chose (USD, EUR, BRL, etc.).

4.2. On each session (once per app launch, after ~3 minutes of use)

  • Only the install code, to signal that this installation is still active.

4.3. Collected automatically by the server when receiving the request

  • IP address of your internet connection (necessarily logged by any web server);
  • Approximate geolocation derived from the IP (country, region, city), obtained via the public service ip-api.com.

Telemetry is "fire-and-forget": if you are offline or the server is down, the application keeps working normally with no warning. No content from your CRM (customer names, deal amounts, attachments, etc.) is ever sent.

5. What we use this data for

  • Knowing how many active installations exist;
  • Understanding the distribution by country, language and currency, to prioritize translations, regional support and currency formats;
  • Knowing which version is in use, to plan fixes and compatibility.

We do not sell this data, do not use it to build advertising profiles, and do not share it with advertisers.

6. Legal bases (GDPR / LGPD)

  • Legitimate interest (GDPR Art. 6(1)(f); LGPD Art. 7, IX) for minimal product-operation telemetry, strictly limited to what is necessary to understand aggregate usage and maintain the software;
  • Consent (GDPR Art. 6(1)(a); LGPD Art. 7, I) when you install and run the application after being given access to this policy.

7. Sharing with third parties

We do not share telemetry with third parties for commercial purposes. The only third parties involved in processing are:

  • Hosting provider for the website and the telemetry server, which only stores and routes the data on our behalf;
  • ip-api.com, queried by our server to convert IP addresses into approximate locations;
  • Microsoft Store, if you installed the app through it — in that case, Microsoft handles its own download/install data under its own privacy policy. We only receive aggregate statistics (country, install counts), with no personal information.

8. Cookies and local storage on the website

The site kimuracrm.com does not use tracking cookies, ad pixels, or behavioral analytics tools (Google Analytics, Facebook Pixel, etc.). We only use localStorage to remember your language choice (key kc_lang), so that automatic redirection respects your manual preference.

9. Retention

  • Application telemetry (install code, company, country, language, version, IP and approximate geolocation, creation and last-ping dates): for as long as the installation is active and for up to 24 months after the last received ping, after which the records are deleted or anonymized;
  • Server access logs: minimum of 6 months, as required by the Brazilian Internet Civil Framework (Marco Civil, Law 12.965/2014, art. 15);
  • Support communications (emails, tickets): minimum of 12 months from the closure of the case;
  • Erasure requests exercised through data-subject rights: handled within 30 days from the request.

10. Your rights

Under GDPR / LGPD you have the right to, among other things: confirm the existence of processing, access your data, correct it, anonymize it, port it, delete it, learn about shared use, and revoke consent. To exercise any of these rights, write to our Data Protection Officer at dpo@zipline.com.br, including your install code (visible at Settings → About inside the app). Without the code we cannot find your record, precisely because we do not ask for your name or email at install time.

11. How to disable telemetry

You can stop telemetry by blocking, in your system firewall, access from KimuraCrm.exe to the kimuracrm.com domain. The app will keep working normally — only the registration and ping calls will fail. We plan to add an explicit toggle inside the app in a future release.

12. Children

kimuraCRM is a business tool and is not directed to children under 13. We do not knowingly collect personal data from children.

13. Security

Communication between the app and our telemetry server uses HTTPS. The local database is not encrypted by default — anyone with physical access to your computer (and to your Windows account) can access the CRM files. We recommend keeping your Windows account password-protected and, where applicable, using BitLocker or equivalent disk encryption.

14. Changes to this policy

We may update this policy at any time. The date at the top indicates the latest revision. Material changes will be communicated in a future app version or highlighted on the website.

15. Contact