crm.care
crm.care
AI marketing operator
Sign inStart free trial

Privacy policy

Last updated · 2026 May 5

This privacy policy describes how crm.care ("we", "us") collects, uses, and shares personal data in connection with our marketing site at crm.care and our application at app.crm.care (together, the "Service").

Who we are

crm.care is operated by [Your Company Ltd], registered in [England and Wales] at [Registered address]. For data-protection purposes we are the data controller for visitor data collected on the marketing site, and the data processor for workspace data inside the application — your team is the controller of the data your workspace contains.

You can reach our data-protection contact at hello@crm.care.

What we collect

From visitors to the marketing site

  • Server logs — IP address, user-agent string, requested URL, response status. Retained for 30 days for abuse-prevention and debugging.
  • Analytics — anonymised page-view counts and referrer information via [your analytics provider — e.g. Plausible / Vercel Analytics]. We do not use cross-site tracking cookies.

From signed-in users

  • Account data — email address, name, profile image (provided by Clerk during sign-up).
  • Workspace data — the briefs, campaigns, emails, social posts, calendar items, comments, and other content you create inside the app.
  • Usage data — counts of campaigns created, images generated, audit-trail entries (which user did what, and when).
  • Billing data — your subscription tier and status. Payment card details are handled by Lemon Squeezy (our payment processor) and never touch crm.care's servers.

How we use your data

  • To provide the Service (run the campaigns, ship the emails, etc).
  • To bill you (via Lemon Squeezy as Merchant of Record).
  • To send transactional emails (review notifications, comment mentions, billing alerts) via Resend.
  • To diagnose problems and improve the product.
  • To enforce our terms and prevent abuse.

We do not sell your data, train AI models on your workspace content, or share it with advertisers.

Sub-processors we share data with

Running the Service requires us to share specific data with specific providers. Our current sub-processors:

  • Clerk (San Francisco, US) — authentication and user-account management.
  • Neon (San Francisco, US; data hosted in EU-West-2 / London) — managed Postgres database.
  • Vercel (San Francisco, US) — application hosting.
  • Anthropic (San Francisco, US) — Claude AI model API. Workspace text content is sent in API calls for generation; Anthropic does not train on this data.
  • OpenAI (San Francisco, US) — GPT image model API for image generation.
  • Lemon Squeezy (US) — Merchant of Record for billing. Handles your payment-card data and is the controller for that data subset.
  • Resend (US) — transactional email delivery.

Where data is transferred outside the UK / EU we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.

Where your data is stored

Workspace data lives in our Neon Postgres database in the EU-West-2 (London) region by default. Backups are stored in the same region. AI generations send relevant context to Anthropic / OpenAI per call — that subset transits the US during the API roundtrip but isn't persisted by those providers beyond their standard log-retention windows.

How long we keep your data

  • Active workspaces — for as long as your subscription is active.
  • Cancelled / expired workspaces — retained for 75 days after the trial expires or subscription ends, then scheduled for deletion. You can request earlier deletion at any time.
  • Audit / billing records — retained for 6 years after subscription end as required by UK / EU tax-record obligations.
  • Server logs — 30 days.

Your rights

Under UK and EU GDPR you have the right to:

  • Request a copy of the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data deleted (subject to retention obligations for billing records).
  • Object to our processing on legitimate-interest grounds.
  • Withdraw consent (where processing is consent-based).
  • Lodge a complaint with the Information Commissioner's Office (ICO) in the UK, or your local supervisory authority in the EU.

To exercise any of these rights, email hello@crm.care. We will respond within 30 days.

California residents (CCPA / CPRA)

If you are a California resident you have additional rights under the CCPA / CPRA, including the right to know what categories of personal information we collect, the right to delete, and the right to opt out of any "sale" of personal information. We do not sell personal information.

Cookies

We use the minimum necessary cookies: an authentication cookie set by Clerk (HttpOnly, Secure, SameSite=Lax) and an active-org cookie set by crm.care to remember your workspace selection. We do not use third-party tracking cookies.

Changes to this policy

We'll update this page when our practices change. Material changes will be flagged in-app to signed-in users and via email to subscribers.

Contact us

Questions or requests: hello@crm.care.