Privacy Policy

Effective: May 25, 2026

Short version: we store the data we need to make AnimalCRM work. We don't sell it. We don't train AI on it. You can export or delete your data at any time.

1. What we collect

From you directly:

• Account info: name, email, phone, password (hashed), business name and address.
• Customer data you upload: your contacts' names, emails, phone numbers, addresses, notes, estimates, invoices.
• Payment details: if you subscribe to Pro, Stripe collects your card info directly. We never see your full card number — we only see the last 4 digits and the Stripe customer ID.
• Content you create: estimates, invoices, photos, reviews, messages sent through the Service.

Automatically:

• Usage: pages you view, features you use, timestamps, IP address, browser/device.
• Performance & errors: via Sentry, so we can see when the app crashes.
• Analytics: aggregate page view data (via Plausible or similar) — privacy-focused, no third-party cookies, no cross-site tracking.
• Location (mobile app only): precise GPS coordinates (latitude, longitude, accuracy) when you clock in or out of a job. If you enable background location tracking in Settings, coordinates are also recorded at intervals while a time entry is active. Location is never collected in the background unless you explicitly turn this on, and it stops as soon as you clock out. See Section 6 for full details.

2. Who we share it with

We share data with third-party services only as needed to operate AnimalCRM:

• Stripe — payment processing. Their privacy policy.
• Twilio — SMS and voice calls. Their privacy policy.
• Mailgun — transactional email. Their privacy policy.
• Google — sign-in via OAuth and the Google Business Profile API for reviews. Their privacy policy.
• Apple — Sign in with Apple and push notifications for the iOS app.
• Fly.io — hosting and backups.
• Sentry — error monitoring.

We do not sell, rent, or trade your data with advertisers, data brokers, or anyone else.

3. SMS & email your customers receive

When you send a review request, estimate, invoice, or automated reminder through AnimalCRM, the message goes to your customer through Twilio or Mailgun. The customer sees the communication as coming from your business, not from us. You are responsible for having the customer's consent to contact them.

Every SMS we send on your behalf includes a way for the recipient to reply "STOP" to opt out. When they opt out, we stop sending them messages — no exceptions.

4. Cookies

We use essential cookies to keep you signed in and to remember your preferences. We don't use third-party advertising cookies or cross-site trackers.

5. Your rights

You can at any time:

• Export your data — email us and we'll send you a CSV of your contacts, jobs, estimates, invoices, and reviews.
• Delete your account — email us or cancel from your account settings. We'll remove your data within 30 days, except where we're legally required to keep records (e.g., tax records for paid invoices).
• Correct inaccurate data — edit it in the app, or email us.
• Stop marketing emails — unsubscribe link at the bottom of every marketing email.

If you're in the EU, UK, or California, you have additional rights under GDPR or CCPA. Email us to exercise them.

6. Mobile app permissions

The Android and iOS apps request the following device permissions:

Location (precise, foreground and background)

• What we collect: GPS latitude, longitude, and accuracy at the moment you clock in and clock out.
• Background location: if you enable "Location Tracking" in the app's Settings screen, the app also records location pings at intervals while a time entry is active. This continues in the background so location is captured even if you switch to another app. Background collection stops automatically when you clock out, and can be turned off at any time in Settings.
• Why: to attach a proof-of-location to time entries, so contractors and their teams can verify where field work took place.
• Who sees it: only users on your AnimalCRM account (you and any team members you invite). We do not share raw GPS data with third parties.
• How long: location data is stored with the time entry it belongs to. Deleting a time entry removes its location data. Deleting your account removes all location data within 30 days.

Camera

• Used to take job-site photos for the AI photo estimator and to attach photos to job records. Photos are uploaded to your account and are not used for any other purpose.

Microphone

• Used for voice dictation (estimate/job/invoice from voice) and in-app calls via Twilio. Audio is processed on-device for speech-to-text and is not stored by AnimalCRM.

Notifications

• Used to deliver job reminders and real-time updates. You can disable notifications at any time in your device settings.

7. Security

Passwords are hashed with bcrypt. Data is encrypted in transit (HTTPS) and at rest. Backups are stored with Fly.io. We use two-factor authentication on our own admin accounts. No system is 100% secure — but we take reasonable measures.

8. Retention

We keep your data for as long as your account is active. If you delete your account, we remove personal data within 30 days. Aggregated, anonymized usage data may be retained longer for product analytics.

9. Children

AnimalCRM is for business use by adults. We don't knowingly collect data from anyone under 18. If you think a minor has signed up, email us and we'll delete the account.

10. Changes

If we make a material change to this policy, we'll email all active users at least 30 days before it takes effect.

11. Contact

Email rob@animalcrm.com or call 1-615-207-7126 with any privacy question.