1. Introduction

directCRM ("we", "us", or "our") operates the website directcrm.app and provides cloud-based CRM software as a service. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data.

This policy applies to all users of the directCRM service, including visitors to our website and registered account holders. By using directCRM, you agree to the practices described in this policy. If you do not agree, please do not use our service.

2. Information We Collect

We collect information you provide directly to us and information generated through your use of the service:

  • Account information: When you create an account we collect your first name, work email address, password (stored in hashed form), and company name.
  • Billing information: Payment details are processed by our payment provider. We do not store full card numbers on our servers.
  • Customer data you enter: Contacts, notes, activities, deals, and any other data you add to your CRM account. This data belongs to you.
  • Usage data: We collect information about how you use the service — pages visited, features used, actions taken, browser type, IP address, and timestamps. This data is used in aggregate to improve the product.
  • Cookies: We use cookies to keep you signed in and to collect anonymous analytics. See Section 7 for details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account and provide the directCRM service.
  • To process payments and send billing receipts.
  • To send important account emails such as trial expiration notices, password resets, and service updates.
  • To respond to your support requests and emails.
  • To improve and develop the product using aggregated, anonymized usage data.
  • To comply with legal obligations.

We do not sell your personal data. We do not share your personal information with advertisers or third parties for their own marketing purposes.

4. Data Storage and Security

All data is encrypted in transit using TLS (HTTPS) and encrypted at rest. We perform continuous automated backups to prevent data loss. Access to production systems is restricted to authorized personnel only.

While we take security seriously and follow industry best practices, no system is completely immune to risk. We encourage you to use a strong, unique password for your directCRM account.

5. Data Retention

We retain your data for as long as your account is active. When you cancel your subscription, your data remains accessible for 30 days to allow you to export it. After those 30 days, your account and all associated data are permanently deleted from our servers.

You may request immediate deletion of your account at any time by contacting us at hello@directcrm.app.

6. Your Rights

You have the following rights with respect to your personal data:

  • Access: You can view and download the data stored in your account at any time from your account settings.
  • Correction: You can update your account information directly in the application.
  • Deletion: You can request deletion of your account and all associated data by emailing us.
  • Portability: You can export all your CRM data (contacts, activities, deals) to CSV or Excel format at any time from within the application, at no charge.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale (we do not sell personal information). To exercise any of these rights, contact us at hello@directcrm.app.

7. Cookies

We use two categories of cookies:

  • Essential cookies: Required for the service to function. These keep you signed in during your session. They cannot be disabled without breaking the application.
  • Analytics cookies: Used to collect anonymous data about how visitors use our website (pages visited, time on page, referral source). This data is aggregated and not linked to individual users. You can disable these cookies in your browser settings or via your cookie preferences.

For more detail, see our Cookie Policy.

8. Third-Party Services

We may use third-party analytics providers to help us understand how the service is used. These providers receive anonymized, aggregated data only — we do not share data that identifies you personally with any analytics provider.

We use a third-party payment processor to handle billing. When you enter payment information, you are subject to that provider's privacy policy in addition to ours. We do not receive or store your full payment card details.

We do not share your personal data with advertisers.

9. Children

directCRM is not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to the address associated with your account at least 14 days before the changes take effect. The updated policy will also be posted on this page with a revised "Last updated" date.

Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

directCRM
Email: hello@directcrm.app