Privacy Policy

1. Introduction

Arvelo Built CRM is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based Customer Relationship Management (CRM) platform.

By using Arvelo Built CRM, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you:

• Create an Account: Name, email address, phone number, company name, job title
• Use the Service: Lead data, contact information, opportunity details, notes, activities, custom fields
• Contact Support: Support tickets, email communications, feedback
• Configure Settings: User preferences, notification settings, integration configurations

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access logs, error logs, performance metrics, security events
• Cookies and Tracking: Session cookies, authentication tokens, analytics cookies

2.3 Third-Party Information

We may receive information from third-party services you integrate with our platform, such as:

• Email providers (for email parsing and integration)
• Calendar services (for scheduling and reminders)
• Payment processors (for subscription management)
• Other CRM or business tools (for data synchronization)

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve our CRM platform
• Account Management: Process registrations, authenticate users, manage subscriptions
• Data Processing: Store, organize, and process your CRM data (leads, contacts, opportunities)
• Communication: Send service updates, security alerts, support responses
• Security: Detect and prevent fraud, unauthorized access, and security threats
• Analytics: Understand usage patterns, improve features, optimize performance
• Compliance: Meet legal obligations, respond to legal requests, enforce our terms
• Business Operations: Billing, customer support, product development

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely in:

• AWS RDS MySQL: Encrypted database with automated backups
• Multi-Tenant Architecture: Logical data isolation by tenant
• Geographic Location: Data stored in US East (N. Virginia) region
• Backup Retention: 7-day automated backups, 90-day manual snapshots

4.2 Security Measures

We implement industry-standard security measures:

• Encryption: TLS/SSL in transit, AES-256 encryption at rest
• Authentication: Strong password requirements, Argon2id hashing, 2FA support
• Access Controls: Role-based permissions, tenant isolation, audit logging
• Network Security: Firewalls, security groups, DDoS protection
• Monitoring: 24/7 security monitoring, intrusion detection, anomaly alerts
• Compliance: SOC 2 Type II, GDPR-ready, CCPA-compliant

4.3 Data Retention

We retain your data:

• Active Accounts: Data retained for the duration of your subscription
• Deleted Accounts: Data deleted within 30 days of account termination
• Backups: Retained for 7 days (automated) or 90 days (manual snapshots)
• Audit Logs: Retained for 7 years for compliance purposes
• Legal Requirements: May retain data longer if required by law

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We may share information with trusted service providers who assist in operating our Service:

• AWS: Cloud infrastructure, hosting, database services
• Email Services: Transactional emails, notifications (AWS SES)
• Payment Processors: Subscription billing, payment processing
• Analytics: Usage analytics, performance monitoring (anonymized data only)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal process
• Government requests or regulatory investigations
• Protection of rights, property, or safety
• Enforcement of our Terms of Service

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Access your personal data through the Service dashboard
• Export your data in standard formats (CSV, Excel)
• Request a copy of your data in machine-readable format

6.2 Correction and Deletion

You can:

• Update your account information through account settings
• Correct inaccurate data directly in the Service
• Request deletion of your account and data (subject to legal retention requirements)

6.3 Opt-Out Rights

You can:

• Opt-out of marketing emails (unsubscribe link in emails)
• Disable cookies through browser settings
• Adjust notification preferences in account settings

6.4 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at privacy@arvelobuilt.com.

6.5 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, and shared
• Delete your personal information (subject to exceptions)
• Opt-out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising your privacy rights

7. Cookies and Tracking Technologies

7.1 Types of Cookies

We use the following types of cookies:

• Essential Cookies: Required for Service functionality (authentication, session management)
• Analytics Cookies: Help us understand how users interact with the Service (anonymized)
• Preference Cookies: Remember your settings and preferences

7.2 Cookie Management

You can control cookies through:

• Browser settings (disable or delete cookies)
• Our cookie preference center (when available)
• Note: Disabling essential cookies may affect Service functionality

8. Children's Privacy

Arvelo Built CRM is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@arvelobuilt.com, and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. By using our Service, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours of discovery (as required by GDPR)
• Notify relevant authorities as required by law
• Provide details about the breach and steps we are taking to address it
• Recommend actions you can take to protect yourself

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to registered users
• Notice within the Service
• Updated "Last Updated" date at the top of this Policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: