Privacy Policy

Effective: April 27, 2026

Short version: we store the data we need to make AnimalCRM work. We don't sell it. We don't train AI on it. You can export or delete your data at any time.

1. What we collect

From you directly:

• Account info: name, email, phone, password (hashed), business name and address.
• Customer data you upload: your contacts' names, emails, phone numbers, addresses, notes, estimates, invoices.
• Payment details: if you subscribe to Pro, Stripe collects your card info directly. We never see your full card number — we only see the last 4 digits and the Stripe customer ID.
• Content you create: estimates, invoices, photos, reviews, messages sent through the Service.

Automatically:

• Usage: pages you view, features you use, timestamps, IP address, browser/device.
• Performance & errors: via Sentry, so we can see when the app crashes.
• Analytics: aggregate page view data (via Plausible or similar) — privacy-focused, no third-party cookies, no cross-site tracking.

2. Who we share it with

We share data with third-party services only as needed to operate AnimalCRM:

• Stripe — payment processing. Their privacy policy.
• Twilio — SMS and voice calls. Their privacy policy.
• Mailgun — transactional email. Their privacy policy.
• Google — sign-in via OAuth and the Google Business Profile API for reviews. Their privacy policy.
• Apple — Sign in with Apple and push notifications for the iOS app.
• Fly.io — hosting and backups.
• Sentry — error monitoring.

We do not sell, rent, or trade your data with advertisers, data brokers, or anyone else.

3. SMS & email your customers receive

When you send a review request, estimate, invoice, or automated reminder through AnimalCRM, the message goes to your customer through Twilio or Mailgun. The customer sees the communication as coming from your business, not from us. You are responsible for having the customer's consent to contact them.

Every SMS we send on your behalf includes a way for the recipient to reply "STOP" to opt out. When they opt out, we stop sending them messages — no exceptions.

4. Cookies

We use essential cookies to keep you signed in and to remember your preferences. We don't use third-party advertising cookies or cross-site trackers.

5. Your rights

You can at any time:

• Export your data — email us and we'll send you a CSV of your contacts, jobs, estimates, invoices, and reviews.
• Delete your account — email us or cancel from your account settings. We'll remove your data within 30 days, except where we're legally required to keep records (e.g., tax records for paid invoices).
• Correct inaccurate data — edit it in the app, or email us.
• Stop marketing emails — unsubscribe link at the bottom of every marketing email.

If you're in the EU, UK, or California, you have additional rights under GDPR or CCPA. Email us to exercise them.

6. Security

Passwords are hashed with bcrypt. Data is encrypted in transit (HTTPS) and at rest. Backups are stored with Fly.io. We use two-factor authentication on our own admin accounts. No system is 100% secure — but we take reasonable measures.

7. Retention

We keep your data for as long as your account is active. If you delete your account, we remove personal data within 30 days. Aggregated, anonymized usage data may be retained longer for product analytics.

8. Children

AnimalCRM is for business use by adults. We don't knowingly collect data from anyone under 18. If you think a minor has signed up, email us and we'll delete the account.

9. Changes

If we make a material change to this policy, we'll email all active users at least 30 days before it takes effect.

10. Contact

Email rob@animalcrm.com or call 1-615-207-7126 with any privacy question.