Privacy Policy

This Privacy Policy explains how Cornerstone CRM ("we," "us," or "our"), a Texas-built CRM helping businesses nationwide, collects, uses, protects, and discloses information gathered from users ("you" or "customer") of our CRM platform and website.

1. Information We Collect

We collect information to provide and improve our services, including:

Customer-Provided Information: Information you provide when registering, requesting a demo, using the platform, or contacting us. This includes names, email addresses, phone numbers, company names, billing information, and details entered into contact forms or chat widgets.
Customer Data Stored on the CRM: This is the data you and your end-users input and store within your Cornerstone CRM account, such as client contact lists, sales opportunities, communications (email, text, chat logs), scheduling details, and financial information. This data belongs to you.
Usage and Technical Data: Information about how you access and use the platform, including IP addresses, browser type, operating system, pages viewed, time spent, and referral sources.
Security and Audit Logs: Data gathered for security, traceability, and compliance purposes, including audit logs and network monitoring data.

2. How We Use Your Information

We use the collected information for the following purposes:

Service Provision: To operate, maintain, and provide the core Cornerstone CRM platform and its features, including the AI Employee suite.
Communication: To send essential service notifications, updates, marketing materials (you can opt-out), and to respond to your inquiries and support requests.
Communication: To send essential service notifications, updates, marketing materials (you can opt-out), and to respond to your inquiries and support requests.
Billing and Account Management: To process payments and manage your subscription, including our transparent pricing plans.
Security and Legal Compliance: To protect against security threats, fraud, and illegal activity, and to comply with legal obligations, including support for HIPAA and GDPR/CCPA standards.

3. How We Protect Your Information

We are committed to Integrity and take security seriously. We implement industry-leading measures to protect your data, including:

Secure Infrastructure: Hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) in U.S. data centers.
Encryption: Data is protected with AES-256 encryption at rest and TLS/SSL encryption in transit.
Access Control: We use Role-Based Access Controls (RBAC) and support Multi-Factor Authentication (MFA).
Continuous Monitoring: We employ continuous monitoring, firewalls, DDoS protection, and protection against the OWASP Top 10 vulnerabilities.

4. Disclosure of Information

We do not sell your customer data. We may share information only in the following limited circumstances:

With Your Consent: If you instruct us to share information.
Service Providers: With third-party vendors who perform services on our behalf (e.g., billing processors, hosting providers, or partners for the Business Launch Kit). These providers are bound by confidentiality obligations.
Legal Compliance and Protection: If required by law, subpoena, or to protect our rights, your safety, or the safety of others.

5. Data Rights and Choices

Access and Correction: You can access and update your account information within the platform.
Data Portability: Your data belongs to you. If you cancel, you can easily export your contacts, conversations, and reports.
Marketing Opt-Out: You can opt out of receiving promotional emails from us by following the unsubscribe link in those emails.

6. Compliance

We are designed with compliance in mind. We offer an optional HIPAA Compliance Add-On (which includes a Business Associate Agreement, MFA enforcement, and audit logging) and employ GDPR-ready and CCPA-aware data handling practices.

7. Contact Us

If you have questions about this Privacy Policy, please contact us. We offer local and U.S.-based assistance by phone, chat, or email.