Skip to main content
CRM
Terms Privacy

Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign up with Google, we receive your name, email, and profile picture from Google.

Client Data

You may store client information including names, email addresses, phone numbers, and mailing addresses. You are the data controller for your client data.

Usage Data

We automatically collect information about your interactions with the Service, including IP addresses, browser type, pages visited, and timestamps. This data helps us improve the Service.

Financial Data

Invoice and payment records are stored to provide the Service. Credit card information is processed and stored by Stripe — we never store card numbers on our servers.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Send transactional emails (invoices, contract notifications, booking confirmations)
  • Protect against fraud and unauthorized access
  • Comply with legal obligations (e.g., financial record retention)
  • Respond to your support requests

We do not sell your personal information to third parties.

3. Data Sharing

We share data only with:

  • Stripe — for payment processing
  • Postmark — for transactional email delivery
  • Google — for calendar integration and OAuth (only when you connect)
  • AWS — for file storage (contracts, invoices, uploads)

We may also disclose information when required by law or to protect our rights.

4. Data Retention

  • Account data: Retained while your account is active, deleted upon account termination
  • Signed contracts: Retained for 7 years per ESIGN Act requirements
  • Invoices and payments: Retained for 7 years per IRS requirements
  • Audit logs: Retained for 3 years for security and compliance
  • Usage data: Retained for 12 months, then aggregated or deleted

5. Your Rights

You have the right to:

  • Access your data — request a copy of all data we hold about you
  • Export your data — download your data in a portable format (JSON) via Settings
  • Correct your data — update your profile and client information at any time
  • Delete your data — delete your account via Settings (subject to legal retention requirements)
  • Restrict processing — contact us to limit how we use your data

California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to opt-out of the sale of personal information (we do not sell your data), and the right to non-discrimination for exercising privacy rights.

6. Security

We protect your data with:

  • 256-bit TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Two-factor authentication support
  • Regular security audits and penetration testing
  • Rate limiting and brute force protection
  • Content Security Policy enforcement

7. Cookies

We use essential cookies required for the Service to function:

  • Session cookie — maintains your login session (required)
  • CSRF token — protects against cross-site request forgery (required)
  • Remember me — keeps you signed in between visits (30 days)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Your continued use of the Service constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights, contact us at [email protected].