Privacy Policy

Welcome to CrocCRM ("Company", "we", "our", or "us").

CrocCRM is a secure financial workflow and underwriting automation platform designed for brokers, lenders, and financial service providers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, dashboard, APIs, and related services (collectively, the "Service").

If you do not agree with the terms of this Privacy Policy, please do not use our Service.

2.1 Information You Provide to Us

We may collect:

• Name
• Business name
• Email address
• Phone number
• Login credentials
• Uploaded documents (PDFs, bank statements, applications)
• Communications sent through the platform
• OAuth-authorized email access (Gmail / Microsoft)

2.2 Financial & Business Information

Because CrocCRM supports underwriting workflows, we may process:

• Bank statements
• Transaction data
• Revenue data
• Credit-related information
• Funding request amounts
• Business industry and state
• Lender selection data

We process this information solely to provide underwriting automation and CRM functionality.

2.3 Automatically Collected Information

We may collect:

• IP address
• Device information
• Browser type
• Usage logs
• Timestamp metadata
• Email message IDs (for reply tracking)
• Document access tracking tokens

We use your information to:

• Provide and operate the CrocCRM platform
• Process underwriting data
• Apply recipient-specific PDF watermarking
• Send and track emails via connected accounts
• Monitor lender responses
• Improve system performance
• Maintain security and fraud prevention
• Comply with legal obligations

We do not sell your data.

If you connect your Google or Microsoft email account:

• We only access email metadata and messages necessary to send and track funding submissions.
• We do not read unrelated personal emails.
• We do not store your email password.
• OAuth tokens are stored securely and encrypted.

CrocCRM complies with Google API Services User Data Policy.

Uploaded documents may be:

• Parsed for underwriting metrics
• Watermarked with recipient-specific identifiers
• Logged for compliance and audit purposes
• Stored securely in encrypted cloud storage

We do not claim ownership of your uploaded documents.

We implement industry-standard security measures, including:

• HTTPS encryption
• Encrypted cloud storage
• Role-based access control
• Token-based authentication
• Secure database storage
• Access logging

While we use commercially reasonable safeguards, no system is 100% secure.

We may share information:

• With lenders selected by you
• With cloud service providers (hosting, storage, email services)
• To comply with legal obligations
• To protect rights, security, and fraud prevention

We do not sell personal information to third parties.

We retain data:

• As long as your account is active
• As necessary to provide services
• As required by regulatory compliance
• For audit and dispute resolution purposes

You may request deletion of your account data by contacting us.

Depending on your jurisdiction, you may have rights to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Export your data
• Withdraw consent

To exercise these rights, contact: support@croccrm.com

CrocCRM is intended for business users and is not directed to individuals under 18 years of age.

We may use third-party services including:

• Cloud hosting providers
• Email service providers
• Database providers
• Authentication providers

These services have their own privacy policies.

CrocCRM is designed with consideration for:

• GDPR principles
• CCPA compliance principles
• SOC-style security practices
• Financial data handling standards

Formal certifications may be pursued separately.

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date.

If you have questions regarding this Privacy Policy: