Privacy Policy

ToolForgeHQ LLC (“ClientPro,” “we,” “us,” or “our”) is committed to protecting the privacy of our users and the clients they serve. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have regarding your data. By using the ClientPro platform (“Service”), you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you register, we collect your first name, last name, email address, phone number, company name (optional), and password.
• Client Data: You upload information about your past clients, including their names, phone numbers, email addresses, property addresses, property types, closing dates, and any notes you add.
• Payment Information: When you subscribe, payment details (credit card number, billing address) are collected and processed by our payment processor, Stripe. We do not store your full credit card number on our servers. We receive and store only a tokenized reference, your card type, last four digits, and expiration date for display purposes.
• Communications: If you contact us for support or provide feedback, we may retain the content of those communications.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, actions taken, and timestamps.
• Device and Browser Information: We collect your IP address, browser type and version, operating system, device type, and screen resolution.
• Cookies and Similar Technologies: We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies or tracking pixels. See Section 7 for more details.

1.3 Information from Third Parties

If you import client data from a CSV file or integration, we collect the data contained in those imports. We do not purchase or acquire personal data from third-party data brokers.

2. How We Use Your Information

We use your information for the following purposes:

• Providing the Service: Sending automated text messages to your past clients on your behalf, scheduling messages, tracking engagement, and managing referrals.
• Account Management: Creating and maintaining your account, authenticating your identity, processing subscription payments, and providing customer support.
• Service Improvement: Analyzing usage patterns to improve features, fix bugs, and optimize the user experience. This analysis uses aggregated, anonymized data whenever possible.
• Communications: Sending you transactional emails (account confirmations, billing receipts, security alerts) and, with your consent, product updates or tips. You may opt out of non-transactional communications at any time.
• Legal Compliance: Complying with applicable laws, regulations, and legal processes, and protecting our rights and the rights of our users.

3. How We Share Your Information

We never sell your data or your clients' data. We share information only in the following limited circumstances:

• Twilio (SMS Provider): Client phone numbers and message content are transmitted to Twilio to deliver text messages on your behalf. Twilio processes this data under their own privacy policy and our data processing agreement with them.
• Stripe (Payment Processor): Your payment information is processed by Stripe. We share your email address and subscription details with Stripe to manage billing.
• Hosting Providers: Our Service is hosted on Render (backend) and Vercel (frontend). These providers store and process data on our behalf under strict data processing agreements.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of ClientPro, our users, or the public.
• Business Transfers: If ClientPro is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: Sensitive data stored in our database is encrypted using AES-256 encryption.
• Password Security: User passwords are hashed using bcrypt with industry-standard salt rounds. We never store plaintext passwords.
• Access Controls: Access to production systems and databases is restricted to authorized personnel only, using role-based access controls and audit logging.
• Regular Monitoring: We monitor our systems for security threats and unauthorized access attempts.

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

• Active Accounts: We retain your data for as long as your account is active and you maintain an active subscription.
• After Cancellation: When you cancel your subscription, we retain your account and client data for 90 days to allow for reactivation. After 90 days, your data is permanently deleted from our active systems.
• Message Logs: Records of messages sent through the Service (including delivery status and opt-out records) are retained for 3 years to support TCPA compliance documentation.
• Backups: Encrypted backups may retain deleted data for up to 30 additional days before being purged.
• Data Export: You may request an export of all your data at any time through your account settings or by contacting support.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we update or correct inaccurate personal data.
• Deletion: Request that we delete your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a structured, machine-readable format (CSV export).
• Opt-Out of Communications: Unsubscribe from non-essential emails at any time using the link in any email we send.

To exercise any of these rights, contact us at privacy@clientpro.io. We will respond to your request within 30 days.

7. Cookies

We use only essential cookies that are strictly necessary for the Service to function. These include:

• Authentication Cookies: To keep you logged in and maintain your session.
• Preference Cookies: To remember your settings and preferences within the application.

We do not use advertising cookies, third-party tracking pixels, or analytics cookies that track you across other websites. We do not participate in cross-site tracking or ad retargeting.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your CCPA rights.

To submit a CCPA request, contact us at privacy@clientpro.io with the subject line “CCPA Request.”

9. Children's Privacy

ClientPro is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will promptly delete that information.

10. International Users

ClientPro is operated from the United States. If you access the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.