Legal
Privacy Policy
Last updated: May 30, 2026
crminvoicing (“we,” “us,” crminvoicing.com) operates crminvoicing.com, an all-in-one CRM, invoicing, and marketing platform for service businesses. This policy explains what we collect, why, and the choices you have.
Who this covers
We serve two kinds of people, and the data relationship differs:
- Account holders (our customers). The service businesses who sign up for and pay for crminvoicing.
- End customers of those businesses. When an account holder uses the platform to manage their own clients (jobs, invoices, messages), they enter information about those clients. For that data the account holder is the controller and we process it on their behalf.
Information we collect
Information you provide
- Account & business details: name, business name, email, phone, password (hashed), service area, industry.
- Payment information: processed by Stripe. We do not store your full card number; we keep a Stripe customer reference and subscription status.
- Content you create: customers, jobs, invoices, photos, messages, website pages, and other records you add to your account.
Information collected automatically
- Usage & device data: IP address, browser/user-agent, pages viewed, and timestamps, used for security, abuse prevention, and improving the service.
- Cookies: a session cookie to keep you logged in, and security tokens (CSRF, bot-protection challenges). We do not sell advertising or run third-party ad trackers.
- Login & security logs: sign-in attempts and credential-change events, retained for security and compliance.
How we use information
- Provide, operate, and secure the service.
- Process subscription payments and send billing notices.
- Send transactional email and SMS you or your end customers have opted into.
- Provide support and respond to your requests.
- Detect, prevent, and investigate fraud, abuse, and security incidents.
- Comply with legal obligations.
Service providers (subprocessors)
We share data with vetted providers only as needed to run the service:
| Provider | Purpose |
|---|---|
| Stripe | Subscription billing & card processing |
| Twilio | SMS messaging (platform-managed) |
| Brevo | Transactional & marketing email delivery |
| Cloudflare | Hosting/CDN, DNS, and bot protection |
| Business Profile, reviews, and maps features | |
| Square | Payment processing for account holders' own invoices |
| Anthropic | AI-assisted content features (captions, drafts, SEO) |
We do not sell your personal information.
Data retention
We keep account data for as long as your account is active. Security and audit logs are retained on a rolling schedule (generally 12–24 months) for fraud prevention and compliance. After account closure, we delete or de-identify data within a reasonable period, except where retention is legally required.
Security
We protect data in transit with TLS and encrypt sensitive credentials at rest. Passwords are stored using one-way hashing. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard practices.
Your choices & rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to opt out of certain processing. To exercise these rights, contact us at [email protected]. End customers of an account holder should contact that business directly; we will assist the account holder in responding.
Children
The service is not directed to children under 16 and we do not knowingly collect their information.
Changes
We may update this policy. Material changes will be posted here with a new “last updated” date.
Contact
Questions about privacy? Email [email protected]. A machine-readable security contact is published at /.well-known/security.txt.