Privacy Policy

1. Information We Collect

We collect information necessary to provide, operate, and improve the Service. The types of information we collect include:

• Account data: name, email address, password (hashed), profile photo, and authentication provider details when you sign up or log in.
• Organization and member data: org name, slug, role assignments, team invitations, and activity logs related to your workspace.
• Lead and customer data: names, emails, phone numbers, addresses, and notes that you or your team enter into the CRM, or that are submitted through tenant websites, public lead forms, or custom domains connected to the Service.
• Billing and payment data: plan details, subscription status, transaction history, and payment method information handled by our payment processor. We do not store full credit card numbers.
• Analytics and log data: IP address, browser type, device information, pages visited, timestamps, and error logs. We use this to diagnose issues and improve performance.

2. Cookies and Authentication

We use cookies and similar technologies to maintain your session, remember preferences, and understand how the Service is used. Authentication cookies are essential for security and cannot be disabled. You can control other cookies through your browser settings, but disabling them may limit functionality.

3. How We Use Your Information

• To provide, maintain, and secure the Service.
• To process payments and manage subscriptions.
• To respond to support requests and send service-related notifications.
• To analyze usage trends and improve features and performance.
• To detect, prevent, and address fraud, abuse, or security issues.
• To comply with legal obligations and enforce our Terms of Service.

4. AI Features

Some features use artificial intelligence to generate content, suggestions, or summaries. When you use AI features, the inputs you provide may be processed by third-party AI providers. We do not use your private customer or lead data to train public AI models without your explicit consent. AI outputs are processed in accordance with the providers’ own privacy and security practices.

5. Service Providers and Processors

We rely on trusted third-party service providers to perform functions on our behalf, such as:

• Cloud hosting and database services
• Payment processing
• Authentication and identity verification
• Analytics and error monitoring
• Email delivery (when enabled)
• AI and machine-learning platforms (for optional AI features)

These processors are contractually bound to use your information only as necessary to provide their services to us and to maintain appropriate security and confidentiality measures.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will begin deleting or anonymizing your personal data within a reasonable period, except where we are required to retain it for legal, tax, or audit purposes. Backup copies may persist for a limited time in accordance with our retention schedules.

7. Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, regular security assessments, and monitoring. No system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials.

8. Your Rights and Data Requests

Depending on your location, you may have the right to:

• Access, correct, or delete your personal information.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.
• Request a copy of your data in a portable format.
• Lodge a complaint with a data protection authority.

To exercise these rights, contact us through the Help Center or in-app help. We will respond within the timeframes required by applicable law.

9. International Data Processing

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We use appropriate safeguards, such as standard contractual clauses, to ensure your information remains protected in accordance with this Privacy Policy.

10. Children

The Service is not intended for individuals under the age of 16 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on the Service and update the effective date. Material changes will be communicated to you through the Service or by email where appropriate.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please reach out through our Help Center or, if you are logged in, through in-app help.