Privacy Policy

1. Information We Collect

We collect information you provide when creating an account (name, email, password, company name, business address, phone number, employee count), data you enter into the Service (contacts, leads, companies, quotes, activities, tasks, call logs, email templates), and usage data automatically collected through the Service (login timestamps, feature usage, browser type, IP address).

Telephony & Messaging Data: When you use the integrated telephony features, we collect and store call logs (caller/recipient phone numbers, call duration, timestamps, call direction), SMS/MMS message content and metadata, voicemail recordings and transcriptions, call recordings (when enabled by your organization), and phone number porting request details. End-user phone numbers are collected by your business during the normal course of customer interactions (phone calls, in-person consultations, online forms, or email exchanges).

2. How We Use Your Information

We use your information to: provide, maintain, and improve the Service; process payments and manage your subscription; send transactional emails (password resets, billing notifications, system alerts); provide customer support; detect and prevent fraud or abuse; and comply with legal obligations. We do not sell your personal information or Customer Data to third parties.

3. Data Sharing

We share data only with service providers that are essential to operating the Service: Stripe for payment processing, Neon (PostgreSQL) for database hosting, Vercel for application hosting, Resend for transactional email delivery, and Twilio for telephony services (voice calls, SMS/MMS messaging, phone number provisioning, call recording, and transcription). Each provider processes data only as necessary to perform their service and is bound by their own privacy policies. We may also disclose information if required by law or to protect our rights.

4. Internal Access

DboS platform administrators may access customer account data for customer support, troubleshooting, investigating policy violations, and service improvement. All administrative access is logged in the system audit trail. Access is limited to authorized personnel and is performed only when reasonably necessary.

5. Data Security

We implement industry-standard security measures including: encrypted data transmission (TLS/HTTPS), encrypted data at rest (AES-256-GCM for sensitive credentials), bcrypt password hashing, TOTP-based multi-factor authentication, organization-scoped data isolation (multi-tenancy), and audit logging of all significant actions. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure.

6. Data Retention

We retain your account data for as long as your account is active. Upon account deletion or subscription termination, your data is retained for 30 days to allow for export, after which it is permanently deleted from our systems. Audit logs may be retained for up to 12 months for security and compliance purposes. Backup data is automatically purged according to our retention schedule.

7. Your Rights

You have the right to: access and export all your Customer Data at any time through the Service; correct inaccurate information in your account profile; delete your account and associated data; and request information about what data we hold about you. To exercise these rights, contact us at the address below or use the built-in tools in the Service settings.

8. Cookies & Analytics

The Service uses essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use third-party advertising cookies or tracking pixels. Session cookies are cleared when you close your browser.

9. SMS/MMS Messaging & Consent

Program name: DboS CRM Business Messaging. The Service enables registered roofing businesses ("Subscribers") to send and receive SMS and MMS text messages to their customers and leads ("End Users") through Twilio's messaging platform. Messages are transactional and conversational in nature — including appointment scheduling, estimate follow-ups, project updates, and customer service responses. No marketing or promotional bulk messages are sent through the Service.

Consent (Opt-In Methods): End Users provide consent to receive text messages through one or more of the following methods: (1) Verbal consent — during an in-person consultation, home inspection, or phone call, the customer provides their phone number and agrees to receive text communications; (2) Online contact form / website — the customer submits their phone number through the business's website with a disclosure about text messaging; (3) Email exchange — the customer provides their phone number via email correspondence; (4) Text-in keyword — the End User texts START to the business's phone number. In all cases, the End User has voluntarily provided their phone number and consented to receive business-related communications. Consent is recorded in the CRM with source and timestamp.

Opt-Out: End Users may opt out at any time by replying STOP to any message. Other accepted opt-out keywords: UNSUBSCRIBE, CANCEL, END, QUIT. Upon opting out, no further messages will be sent to that phone number. The system automatically blocks all outbound SMS to opted-out numbers. End Users may also contact the sending business directly or email support@dbos-crm.com.

Help: Text HELP or INFO to any message for support information. For assistance, contact support@dbos-crm.com.

Message Frequency: Message frequency varies based on business interactions. End Users typically receive 1–10 messages per month depending on active projects, appointments, and service requests. Message and data rates may apply.

No Sharing: Phone numbers, message content, and opt-in/opt-out data are not sold, shared, or used for any purpose outside of the business relationship between the Subscriber and their End Users. We do not share End User phone numbers or opt-in data with third parties for marketing purposes.

For full SMS program terms, visit https://dbos-crm.com/sms-terms.

10. Call Recording & Transcription

Organizations may enable call recording and transcription features within the Service. When enabled, inbound and outbound calls may be recorded and transcribed. Call recordings are stored securely and access is limited to authorized members of the organization that initiated or received the call. Recordings are retained according to the organization's configured retention period and are automatically deleted after expiration. Transcriptions may be processed using AI services to extract relevant business information (caller name, contact details, issue type) for the purpose of improving customer service workflows. Organizations are responsible for complying with applicable call recording consent laws in their jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or your data, please contact us at support@dbos-crm.com.