Privacy Policy

Last Updated: February 18, 2026

1. Who We Are

CFCRM (Customer First CRM) is a customer relationship management platform built for service businesses — chimney sweeps, HVAC companies, plumbers, electricians, roofers, and similar trades. We provide tools for managing customers, jobs, estimates, invoices, scheduling, parts inventory, payments, and integrations with accounting software.

• Platform: CFCRM — Customer First CRM
• Website: https://cfcrm.app
• Email: support@cfcrm.app

This Privacy Policy applies to all users of CFCRM, including business owners and administrators ("Admins"), employees and field technicians ("Technicians"), end customers who use the customer portal or submit appointment requests ("Customer Portal Users"), and visitors to our website.

2. Our Privacy Commitments — What We Promise

3. Information We Collect

Here is a complete accounting of every type of data CFCRM collects, exactly why we collect it, and what we do with it:

3.1 Account and Profile Information

Data	Why We Collect It	Who Provides It
Full name	Identify you within the platform, display in UI, include on documents (estimates, invoices)	You, at registration
Email address	Account login, password reset, system notifications, contact for support	You, at registration
Phone number	Optional contact method, used if you enable SMS notifications for your account	You, optionally
Password (hashed)	Account authentication. We store only the bcrypt/argon2 hash — we never store or can recover your plaintext password	You, at registration
Business name	Display on your customer-facing documents, portal, booking widget	Admin, at setup
Role (admin/technician)	Access control — determines what features and data you can access	Set by Admin

3.2 Business Data You Enter

Data Category	Examples	Purpose
Customer records	Names, addresses, phone numbers, emails, tags, notes, service history, photos	Core CRM functionality — manage your customer relationships
Job records	Job titles, descriptions, status, assigned technician, scheduled dates, completion notes, photos	Track and manage service work
Estimates and invoices	Line items, quantities, prices, discounts, taxes, notes, terms, customer references	Generate and deliver professional estimates and invoices
Payments	Payment amounts, dates, methods, reference numbers, linked invoices	Track payment history and outstanding balances
Parts catalog	Part names, SKUs, prices, costs, descriptions, categories	Manage inventory and pricing for estimates/invoices
Part orders	Ordered parts, quantities, prices, job assignments, order status	Track parts ordering for jobs
Schedule data	Appointment dates, times, durations, assigned technicians, recurrence rules	Calendar management and route optimization
Workflow automations	Trigger conditions, actions, templates, timing rules	Automate reminders, follow-ups, and status-based actions
Uploaded files	Photos, documents attached to jobs, customers, or estimates	Visual documentation of work performed, property conditions, etc.

All of this data belongs to you. We store and process it solely to provide the CFCRM service. We do not analyze it for trends, sell aggregate insights, or use it for any purpose beyond operating the software for your benefit.

3.3 Data from Third-Party Integrations

When you connect a third-party service, we receive data from that service. Here is exactly what comes in from each integration:

Intuit QuickBooks Online

When you connect your QuickBooks Online account to CFCRM, the following data is accessed and synchronized:

Data Type	What Specifically	Direction	Why
Customers	Display name, given/family name, company name, email, phone, billing address, tax status, active status, notes	Bidirectional	Keep customer records consistent between CRM and accounting
Items / Products	Name, type, description, unit price, purchase cost, SKU, tax status, income/expense account references	Bidirectional	Keep your parts/products catalog in sync for accurate invoicing
Estimates	Line items (item ref, quantity, rate, amount), customer reference, doc number, memo, expiration date, discount	CFCRM → QuickBooks	Push estimates to QuickBooks for accounting records
Invoices	Line items, customer reference, doc number, due date, memo, discount, balance	CFCRM → QuickBooks	Create invoices in QuickBooks when estimates are accepted
Payments	Amount, date, payment method, reference number, linked invoice/transaction	Bidirectional	Record payments in both systems for accurate bookkeeping
Company Info	Company name only	QuickBooks → CFCRM	Display which QuickBooks company is connected in the settings UI

How authentication works: CFCRM uses OAuth 2.0 (the industry standard) to connect to QuickBooks. You are redirected to Intuit's own login page to authorize CFCRM. We never see your QuickBooks username or password. Intuit gives us time-limited access tokens (valid for approximately 1 hour) and a refresh token. Access tokens are automatically refreshed. All tokens are stored securely in your tenant's configuration.

What you control:

• You choose which data types to sync (customers, estimates, invoices, payments, items) — each can be toggled independently
• You can trigger manual syncs or let automatic sync handle it
• You can view detailed sync logs showing every record that was synced, when, and any errors
• You can disconnect at any time with one click — this immediately deletes all QuickBooks tokens and stops all sync activity
• You can also revoke access directly from your Intuit account at accounts.intuit.com

Stripe (Payment Processing)

• What we receive: Transaction IDs, payment amounts, payment status (succeeded/failed/pending), customer email (for receipts), Stripe Connect account IDs
• What we never receive or store: Credit card numbers, CVVs, bank account numbers, or any raw payment credentials. All sensitive payment data is handled entirely by Stripe's PCI DSS Level 1 certified infrastructure.
• Purpose: Process payments for your estimates/invoices and display payment status in CFCRM

Google Maps

• What is sent to Google: Street addresses (for autocomplete and geocoding) and geographic coordinates (for routing and distance calculations)
• What is NOT sent: Customer names, phone numbers, emails, financial data, or any other personal information
• Purpose: Address validation, map display, route optimization, and driving time estimates for scheduling

Gmail

• Scope: Send-only. We request only the gmail.send OAuth scope. We cannot and do not read your inbox, drafts, contacts, labels, or any other Gmail data.
• What is sent: Outgoing emails on your behalf (appointment reminders, estimate/invoice deliveries, status notifications)
• Purpose: Send automated and manual business communications to your customers from a real email address

3.4 Customer Portal and Appointment Booking Data

When your customers interact with CFCRM through the customer portal or appointment booking widget:

Data	Purpose
Name, email, phone	Contact information for appointment scheduling and service delivery
Service address	Location where services will be performed; geocoded for routing
Service details and notes	Understanding what work is requested
Preferred dates/times	Scheduling the appointment
Consent record	Documenting that the customer agreed to terms and communications
Geographic coordinates	Route optimization and accurate service area determination

This data is stored in the Tenant's isolated database and managed by the business that the customer is requesting service from. CFCRM acts as a data processor on behalf of the business (the data controller).

3.5 Automatically Collected Technical Data

Data	Purpose	Retention
IP address	Security (detecting unauthorized access, abuse prevention)	Server logs rotated regularly
Browser type and version	Ensuring compatibility, debugging rendering issues	Server logs rotated regularly
Pages and features accessed	Understanding which features are used to prioritize development	Aggregated, not individually tracked
Timestamps	Security audit trail, debugging	Server logs rotated regularly
Error logs	Identifying and fixing bugs	Retained for troubleshooting, rotated regularly

We do not use analytics services like Google Analytics, Mixpanel, Amplitude, or similar third-party tracking tools. We do not embed tracking pixels. We do not fingerprint your browser or device.

4. How We Use Your Information

Every piece of data we collect serves a specific, stated purpose. Here is the complete list:

Purpose	Data Used	Legal Basis (GDPR)
Provide the CRM service	All business data you enter (customers, jobs, estimates, etc.)	Contract performance
Authenticate your identity	Email, password hash, session tokens	Contract performance
Sync with QuickBooks	Customers, items, estimates, invoices, payments (as configured by you)	Consent (you explicitly connect the integration)
Process payments via Stripe	Transaction data, amounts, customer email	Consent (you explicitly connect Stripe)
Send emails via Gmail	Recipient addresses, email content	Consent (platform admin connects Gmail)
Geocode addresses via Google Maps	Street addresses, coordinates	Legitimate interest (providing the scheduling features you use)
Send appointment reminders and notifications	Customer contact info, appointment details	Consent (customer consents at booking; you configure automations)
Security and abuse prevention	IP addresses, access logs, authentication attempts	Legitimate interest (protecting the platform)
Bug fixes and technical support	Error logs, usage context when you report an issue	Legitimate interest (maintaining the service)
Feature development	Aggregated, anonymized usage patterns (which features are used, not by whom)	Legitimate interest (improving the product)

That's it. There are no hidden uses. We don't use your data for "marketing insights," "partner offers," "personalized experiences" powered by surveillance, or any of the other euphemisms that companies use to justify data exploitation.

5. How We Share Your Information

5.1 With Third-Party Services You Connect

When you enable an integration (QuickBooks, Stripe, Google Maps, Gmail), data flows to those services as described in Section 3.3. Each integration is:

• Explicitly opted into by you
• Individually configurable (you choose what syncs)
• Disconnectable at any time

We share only the minimum data necessary for each integration to function.

5.2 With Infrastructure Providers

The CFCRM platform runs on server infrastructure. Our hosting provider has physical access to the servers. We select providers with strong security practices and appropriate certifications. Infrastructure providers do not have application-level access to your data — they provide compute, storage, and networking, not data access.

5.3 With Law Enforcement (Only When Legally Required)

We may disclose your information if we are compelled to by:

• A valid court order
• A lawful subpoena
• A regulatory requirement
• Other binding legal process

If legally permitted, we will notify you before disclosing your data in response to legal process, so you have the opportunity to object.

5.4 In a Business Transfer

If CFCRM is acquired, merged, or if substantially all of our assets are sold, your data would transfer to the new owner. In that event:

• We will notify you before the transfer
• The new owner will be bound by the commitments in this Privacy Policy
• You will have the opportunity to export your data and close your account if you disagree

5.5 Who We Never Share With

To be absolutely clear, we never share your data with:

• Advertisers or ad networks
• Data brokers or data aggregators
• Marketing companies
• Social media platforms
• AI/ML training services (unless you explicitly opt in to a specific feature)
• Other CFCRM tenants or their users
• Any party not listed in Sections 5.1-5.4 above

6. Data Storage, Security, and Architecture

We take security seriously because your livelihood depends on this software and the data in it. Here's exactly how we protect your information:

6.1 Tenant Data Isolation

CFCRM uses a multi-tenant architecture with physical database isolation. This is important and worth explaining:

• Each Tenant (business) gets its own dedicated SQLite database file
• This is NOT a shared database with row-level filtering (where a bug could leak data between tenants)
• Your data is in a completely separate file from every other tenant's data
• There is a separate authentication database that stores user credentials and tenant configuration, but no business data
• One tenant literally cannot query another tenant's data — the databases are separate at the filesystem level

6.2 Encryption

• In transit: All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.2+ (industry standard encryption)
• Passwords: Stored as salted, one-way hashes. We cannot recover your password — only you can reset it.
• Third-party tokens: OAuth tokens for QuickBooks, Gmail, and other services are stored in your tenant's configuration within the database
• Payment data: Credit card numbers and bank details are handled entirely by Stripe and never touch our servers

6.3 Access Controls

• Role-based access: Admins, Technicians, and Customer Portal users have different permission levels. Technicians cannot access billing, integrations, or user management. Portal users can only see their own jobs and invoices.
• API authentication: All API requests require valid session tokens. Tokens are cryptographically generated and expire.
• Admin functions: Sensitive operations (connecting integrations, managing users, changing settings) require Admin role verification on every request.

6.4 QuickBooks Token Security (Specifically)

Since QuickBooks contains sensitive financial data, here's the specific security around QB tokens:

• Access tokens are short-lived (approximately 1 hour) and automatically refreshed via a scheduled job that runs every 5 minutes, only refreshing tokens that are near expiration
• Refresh tokens are stored in your tenant's configuration and are used only to obtain new access tokens
• If a refresh fails, sync stops and you'll need to re-authenticate — we don't retry indefinitely
• Disconnect immediately deletes all QB tokens from the database and clears the sync mapping table
• You can also revoke CFCRM's access from Intuit's side at accounts.intuit.com, which invalidates all tokens regardless of what we have stored

6.5 Webhook Security

If QuickBooks webhooks are configured (for real-time sync), incoming webhook requests are verified using HMAC-SHA256 signatures with a verifier token. Requests that fail signature verification are rejected and logged.

6.6 Backup and Recovery

• Tenant databases are backed up regularly
• We recommend that you also maintain your own backups by periodically exporting your data (CSV, IIF, or via QuickBooks sync)
• In the event of data loss, we will restore from the most recent backup available and notify you of any data gap

7. Data Retention

7.1 Active Accounts

We retain all your data for as long as your account is active. Data you delete within the application (e.g., deleting a customer record) is handled as follows:

• Some deletions are "soft deletes" (marked inactive but retained for historical accuracy — e.g., a deactivated parts catalog item still appears on past invoices)
• Some deletions are permanent (e.g., deleting a part order)
• The behavior is consistent with what a reasonable business user would expect

7.2 Sync Logs

QuickBooks synchronization logs (which records were synced, when, success/failure) are retained for troubleshooting and audit purposes. These logs help you verify that your data is syncing correctly and help us debug issues.

7.3 After Disconnecting an Integration

When you disconnect a third-party integration (like QuickBooks):

• All authentication tokens for that service are deleted immediately
• Sync stops instantly
• Data that was already synced to either system remains in place — we don't reach into the third-party service and delete things, and we don't delete the local copies of synced records
• Sync mapping records (which CFCRM record corresponds to which QB record) are cleared

7.4 After Account Termination

• We retain your data for 30 days after termination to allow you to request an export or reactivate your account
• After 30 days, your tenant database may be permanently deleted
• Backups that include your data may persist for an additional period based on our backup rotation schedule, after which they are also deleted
• If legally required to retain certain data (e.g., financial records for tax compliance), we will retain only what is legally necessary and delete the rest

7.5 Server Logs

Technical server logs (access logs, error logs) are retained for a limited period for security and troubleshooting, then automatically rotated and deleted.

8. Your Rights and Choices

We believe you should have full control over your data. Here are your rights and exactly how to exercise them:

8.1 Access Your Data

You can view all of your data directly within the CFCRM interface at any time. You can also export it (see 8.3). If you need a formal data access report, contact us.

8.2 Correct Your Data

You can edit any data within CFCRM directly. If you believe our system contains inaccurate data about you that you cannot correct yourself, contact us and we will fix it.

8.3 Export Your Data (Portability)

You can export your data at any time in multiple formats:

• CSV files — Universal format compatible with Excel, Google Sheets, and virtually any software
• IIF files — Intuit Interchange Format for direct import into QuickBooks Desktop
• PDF documents — For estimates, invoices, and other formatted documents
• QuickBooks Online sync — Continuous live sync provides a persistent copy of your key business data in QuickBooks
• API access — For programmatic data extraction and migration

We will never charge you for exporting your own data or make it difficult to do so.

8.4 Delete Your Data

You can delete individual records within the application. To request complete deletion of your account and all associated data, contact us. We will process the deletion within 30 days, subject to any legal retention requirements.

8.5 Control Integrations

You have granular control over every integration:

• Connect/Disconnect: Enable or disable any integration at any time from Settings
• Per-entity sync control: For QuickBooks, toggle sync on/off for customers, estimates, invoices, payments, and items independently
• Manual sync: Trigger syncs manually instead of relying on automatic sync
• Sync visibility: View detailed sync logs showing what was synced, when, and whether it succeeded

8.6 Communication Preferences

For your customers: Customers who receive communications through CFCRM (appointment reminders, status updates) can opt out by:

• Replying "STOP" to any SMS message
• Clicking the "unsubscribe" link in any email
• Contacting you (the service provider) directly

For you: System notifications from CFCRM can be configured in your Settings.

8.7 How to Exercise Your Rights

For any privacy-related request, contact us at support@cfcrm.app. We will respond within 30 days (or sooner — we're a small team and we actually read our email).

9. Cookies, Local Storage, and Tracking

9.1 What We Use

Technology	What It Stores	Why
Session token (localStorage)	Encrypted authentication token	Keep you logged in between page loads
Theme preference (localStorage)	"light" or "dark"	Remember your UI theme preference
View preferences (localStorage)	Last selected filters, view modes	Restore your preferred view when you return
Service Worker cache	Application code and assets	Enable offline functionality (PWA) and faster page loads

9.2 What We Don't Use

• No third-party analytics (no Google Analytics, Mixpanel, Amplitude, Heap, Hotjar, etc.)
• No advertising cookies or tracking pixels
• No cross-site tracking
• No browser fingerprinting
• No social media widgets that track you (no Facebook Like buttons, Twitter embeds, etc.)
• No cookie consent banner (because we don't use any cookies that would require one — everything we store is essential for the application to function)

10. Children's Privacy

CFCRM is a business-to-business software tool designed for adult professionals. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EU). If we become aware that we have collected personal information from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. International Data Transfers

CFCRM's servers are located in the United States. If you access CFCRM from outside the United States, your data will be transferred to and processed in the United States. By using CFCRM, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions: we rely on the necessity of the transfer for the performance of our contract with you (providing the CFCRM service) as the legal basis for international data transfers.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: You can request information about what personal information we collect, use, disclose, and sell. (Spoiler: we've already told you everything in this policy, and we don't sell anything.)
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions (legal obligations, completing transactions, security).
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell personal information. We have never sold personal information. We will not sell personal information. This right is automatically satisfied.
• Right to Opt-Out of Sharing for Cross-Context Behavioral Advertising: We do not share personal information for behavioral advertising. This right is automatically satisfied.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (like financial data you enter) only for the purposes of providing the CFCRM service — the purposes you would reasonably expect.

To exercise these rights, contact us at support@cfcrm.app.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation:

• Right of Access (Art. 15): Obtain confirmation of whether your data is being processed and receive a copy
• Right to Rectification (Art. 16): Have inaccurate personal data corrected
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data
• Right to Restriction of Processing (Art. 18): Request that we limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (we support CSV, IIF, and API access)
• Right to Object (Art. 21): Object to processing based on legitimate interest
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

Legal bases for processing:

• Contract performance (Art. 6(1)(b)): Processing your data to provide the CFCRM service you signed up for
• Consent (Art. 6(1)(a)): Processing data through integrations you explicitly connect (QuickBooks, Stripe, Gmail)
• Legitimate interest (Art. 6(1)(f)): Security monitoring, bug fixing, and service improvement — balanced against your rights and interests
• Legal obligation (Art. 6(1)(c)): Retaining data when required by law

Data processor role: When you (a business) use CFCRM to manage your customers' data, CFCRM acts as a Data Processor and you act as the Data Controller. We process your customers' data only according to your instructions (i.e., the features you use and the automations you configure).

14. SMS/Text Message Privacy

CFCRM sends SMS/text messages to end customers on behalf of service businesses ("Tenants") that use the platform. These messages are transactional and informational in nature — they relate to services the customer has requested or received.

14.1 Types of Messages Sent

SMS messages sent through CFCRM include:

• Appointment confirmations — Confirming a scheduled service appointment
• Appointment reminders — Reminding customers of upcoming appointments
• Technician ETA notifications — Alerting customers that a technician is on the way with an estimated arrival time
• Estimate and invoice links — Providing a link for customers to view, approve, or pay an estimate or invoice
• Service completion notices — Notifying customers that work has been completed

No marketing, promotional, or advertising messages are sent through this system.

14.2 How Consent Is Obtained

Customers consent to receive SMS messages through one or more of the following methods:

• Online opt-in: Customers submit a service request or contact form through the business's website (powered by CFCRM). The form includes a clear disclosure stating that by providing their phone number, the customer consents to receive appointment reminders, service updates, and transactional messages via SMS. The disclosure includes information about message frequency, data rates, opt-out instructions, and links to this Privacy Policy and our Terms of Service.
• Phone opt-in: When a customer calls to schedule service, staff verbally informs the customer that appointment reminders and service updates will be sent by text, states that message frequency varies and standard message and data rates may apply, and confirms the customer's consent. Verbal consent is recorded in the CFCRM system.
• In-person opt-in: When a customer provides their phone number on a service agreement or intake form, the form includes a written disclosure about SMS communications, message frequency, data rates, opt-out instructions, and a reference to this Privacy Policy.

All customer phone numbers and consent records are stored in the CFCRM platform. Messages are only sent to customers who have provided their phone number in the context of an active business relationship with a Tenant.

14.3 SMS Delivery Provider

SMS messages are delivered through Twilio, a third-party communications platform. When a message is sent:

• The recipient's phone number is shared with Twilio solely for message delivery
• Message content is transmitted to Twilio for delivery
• Twilio processes this data in accordance with their own privacy policy
• CFCRM does not sell, share, or use phone numbers or message content for any purpose other than delivering the requested communications

14.4 Message Frequency and Rates

• Message frequency varies based on appointment activity and the automations configured by the service business
• Standard message and data rates may apply, as determined by the recipient's mobile carrier

14.5 Opt-Out and Help

• Recipients can opt out at any time by replying STOP to any message. Additional opt-out keywords accepted: STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT, OPTOUT, REVOKE
• Upon opting out, the recipient will receive a confirmation message and will not receive further SMS messages from that number
• Recipients can reply HELP or INFO to any message for assistance
• Recipients can also contact the service business directly to opt out
• To re-subscribe after opting out, reply START to the same number

15. Changes to This Privacy Policy

We may update this Privacy Policy as our practices evolve or as laws change. When we do:

• We will update the "Last Updated" date at the top
• For minor changes (clarifications, formatting), we'll simply update the document
• For material changes (new data collection, new sharing practices, changes to your rights), we will:
  • Provide prominent notice through the CFCRM interface
  • Give you at least 30 days' notice before the changes take effect
  • Clearly explain what changed and why

Your continued use of CFCRM after changes take effect constitutes acceptance. If you disagree with material changes, you may export your data and terminate your account before the changes take effect.

16. Contact Us

We mean it when we say we value transparency. If you have questions about this Privacy Policy, want to exercise your rights, or just want to understand how something works — reach out:

• Platform: CFCRM — Customer First CRM
• Website: https://cfcrm.app
• Email: support@cfcrm.app

We respond to privacy inquiries within 30 days, but usually much sooner.

See also: End User License Agreement | Terms of Service