Privacy Policy

At GriffinCRM, we respect your privacy. This page explains how we handle your information and your rights.

GriffinCRM – Privacy Policy

Last Updated: October 02, 2025

 

This Privacy Policy describes how DutchCrew LLC collects, uses, discloses, and protects personal information when you use our websites, applications, and services, including:

• Our website at https://www.griffincrm.com and any site that links to this Privacy Policy;

• The GriffinCRM web app at https://app.griffincrm.com and client portals (e.g., https://login.griffincrm.com);

• Any other interactions with us, including sales, support, and marketing communications.

 

GriffinCRM is a cloud-based customer relationship management (CRM) platform delivered as Software as a Service (SaaS). GriffinCRM is operated by DutchCrew LLC and runs on software and infrastructure licensed from third-party providers, including Go High Level (“GHL”).

 

If you have questions or concerns, contact us at [email protected] or (678) 944-7720.

 

 

Table of Contents

1. Information We Collect

2. How We Use Information

3. Legal Bases for Processing (GDPR/UK GDPR)

4. Cookies & Tracking Technologies

5. Third Parties We Disclose Information To

6. Sensitive Personal Information

7. Customer Data vs. Your Account Data

8. Data Retention

9. Security of Your Information & Breach Notification

10. Your Privacy Rights (US State Rights, GDPR/UK GDPR)

11. Children’s Privacy

12. Do Not Track & Global Privacy Control

13. International Transfers

14. Updates to this Policy

15. Contact Us

 

 

1) Information We Collect

 

A. Information You Provide Directly

We collect personal information you provide when you create an account, subscribe, contact support, or otherwise interact with us. This may include:

• Identifiers and contact details (name, business name, email, phone, mailing and billing address, job title);

• Account credentials (username and encrypted password);

• Contact preferences and marketing opt‑ins;

• Payment details (card brand, last 4 digits, expiration; full card data is entered via and processed by Stripe or PayPal—see “Payments” below).

 

Payments. We use third‑party payment processors (Stripe and PayPal) to process payments. Your payment information is provided directly to the processor and is governed by their privacy policies:

• Stripe: https://stripe.com/privacy

• PayPal: https://www.paypal.com/us/legalhub/privacy-full

GriffinCRM does not store full credit/debit card numbers.

 

B. Information Collected Automatically (Derivative Data)

When you visit or use the Services, we automatically collect certain information, such as:

• Log & Usage Data (IP address, pages viewed, actions taken, timestamps, crash/error logs);

• Device Data (device type, operating system, browser type and version, application identifiers, ISP or mobile carrier);

• Approximate Location Data derived from your IP address (city/region only; no precise GPS).

 

C. Mobile App & Notifications

If you use the LeadConnector mobile app (or a future white‑label app), we may send push notifications for account alerts and reminders. You can disable push notifications in your device settings.

 

D. Information from Other Sources

We do not collect personal information about you from third‑party sources. If we introduce integrations that import data (e.g., Google or Meta), we will update this Policy and provide appropriate notices.

 

 

2) How We Use Information

 

We use personal information to:

• Provide, operate, and maintain the Services;

• Authenticate users and manage accounts;

• Process billing and manage subscriptions;

• Respond to inquiries, provide support, and request feedback;

• Send administrative communications (e.g., policy updates, billing notices, service alerts);

• Analyze usage trends, evaluate and improve the Services and marketing;

• Maintain security, prevent fraud and abuse, and enforce policies;

• Comply with legal obligations.

 

Marketing & Promotions. With your consent where required, we may send marketing emails/SMS about features, updates, and promotions. You may opt out at any time (email unsubscribe link or replying STOP/UNSUBSCRIBE to SMS).

 

Advertising & Retargeting (Optional). We may use advertising platforms (e.g., Google Ads, Facebook Ads) to show ads to prior visitors. These platforms may collect limited activity data via cookies/pixels. You can manage ad preferences in the platform tools and your browser.

 

 

3) Legal Bases for Processing (GDPR/UK GDPR)

 

Where applicable, we rely on the following legal bases:

• Performance of a contract (to provide the Services);

• Legitimate interests (e.g., service improvement, security);

• Consent (e.g., marketing communications, certain cookies);

• Compliance with legal obligations (e.g., tax, accounting).

 

 

4) Cookies & Tracking Technologies

 

We use cookies, web beacons, pixels, and similar technologies to:

• Keep you signed in and remember preferences;

• Understand how users interact with the Services;

• Measure and improve marketing effectiveness;

• (If enabled) deliver relevant advertising and retargeting.

 

Types

• Essential Cookies – required for core functionality and security;

• Analytics Cookies – usage insights (e.g., Google Analytics, possibly with Demographics & Interests Reporting);

• Marketing/Retargeting Cookies – used by advertising partners (e.g., Google Ads, Facebook Ads).

 

Managing Cookies. You can control cookies via your browser settings. Some features may not work without essential cookies. You may opt out of Google Analytics via https://tools.google.com/dlpage/gaoptout and manage ad settings with the relevant platforms.

 

 

5) Third Parties We Disclose Information To

 

We disclose personal information to trusted service providers that help us operate GriffinCRM, including:

• Hosting & Cloud Infrastructure (e.g., Go High Level);

• Communication & Messaging (e.g., email/SMS delivery providers);

• Data Storage & Backup;

• Analytics (e.g., Google Analytics);

• Payment Processors (Stripe, PayPal);

• Sales & Marketing Tools.

 

Service Provider Contracts & DPAs. These providers are contractually bound to use personal information only to provide services to us, implement appropriate security measures, and assist with compliance (including standard data processing agreements where applicable). We do not sell personal information.

 

Business Transfers. We may disclose information in connection with a merger, sale of assets, financing, or acquisition, subject to applicable law.

 

Third‑Party Platform Dependency (GHL). GriffinCRM operates on software and infrastructure licensed from third‑party providers, including Go High Level. Certain functionality and uptime are dependent on these providers. We are not responsible for service interruptions, changes, or limitations imposed by third‑party providers.

 

 

6) Sensitive Personal Information

 

We collect limited sensitive personal information necessary to provide the Services:

• Account login information (username and encrypted password);

• Payment information (processed by Stripe/PayPal; GriffinCRM does not store full card numbers).

 

We do not collect biometric data, government ID numbers, health data, or children’s data. Sensitive information is disclosed only to service providers as needed (e.g., to payment processors) and retained only as long as your account is active or as required by law.

 

 

7) Customer Data vs. Your Account Data

 

Your Account Data. Information we collect about you as a GriffinCRM subscriber (e.g., your name, contact info, billing records, usage history) to manage your account and provide the Services.

 

Customer Data. Information you upload/import about your own customers, leads, or contacts (“Customer Data”). You retain ownership of Customer Data. We process and store Customer Data solely to provide the Services and act as your data processor. You are responsible for complying with applicable laws (e.g., GDPR, CCPA, CAN‑SPAM, TCPA) when collecting and using Customer Data. Upon termination, you may request an export within 30 days; thereafter we may delete or anonymize Customer Data per our retention policy.

 

 

8) Data Retention

 

We retain personal information for as long as you maintain an account with GriffinCRM. After account closure, we retain only what is necessary to meet legal, accounting, or regulatory obligations (e.g., billing records), and otherwise delete or anonymize data within a reasonable period.

 

 

9) Security of Your Information & Breach Notification

 

We implement appropriate technical and organizational measures (encryption in transit, access controls, secure infrastructure, monitoring). However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

 

Breach Notification. If we become aware of a data breach affecting your personal information, we will notify affected users without undue delay and consistent with applicable law, and provide information on steps you can take to protect yourself.

 

 

10) Your Privacy Rights (US State Rights, GDPR/UK GDPR)

 

Depending on your location, you may have rights to request access, correction, deletion, a copy of your information, or to withdraw consent or object to certain processing. You can submit requests via:

• Email: [email protected]

• Online form (if provided): https://www.griffincrm.com/privacy-request

 

We will verify and respond in accordance with applicable laws. You may appeal a decision by emailing [email protected].

 

SMS Data. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services (e.g., customer service) is permitted. Text message opt‑in data and consent will not be shared with third parties.

 

US State Rights. Residents of states with privacy laws (including CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) may have additional rights to know, access, correct, delete, obtain a copy, opt out of targeted advertising/sale/profiling, or limit use/disclosure of sensitive data, subject to verification and exceptions.

 

 

11) Children’s Privacy

 

The Services are not intended for individuals under 18. We do not knowingly collect or sell personal information from children under 18. If you believe a child has provided personal information, contact us to delete it.

 

 

12) Do Not Track & Global Privacy Control

 

Do Not Track. We do not currently respond to DNT signals due to lack of industry standards.

Global Privacy Control (GPC). GriffinCRM does not currently respond to GPC signals. You may exercise privacy rights via the methods described in this Policy.

 

 

13) International Transfers

 

If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the U.S. and other countries where our providers operate. We take appropriate measures to protect personal information in such transfers, where required by law.

 

 

14) Updates to this Policy

 

We may update this Policy from time to time. If we make material changes, we will notify you by email and/or an in‑app notice at least 30 days before the changes take effect. Continued use after the effective date constitutes acceptance.

 

 

15) Contact Us

 

DutchCrew LLC (d/b/a GriffinCRM)

Email: [email protected]

Phone: (678) 944-7720

Mailing Address: 6219 Windflower Drive, Powder Springs, GA 30127, United States

Your Privacy Rights

You have the right to access, correct, or delete your personal information, and to opt out of marketing at any time. To submit a request, please visit our Privacy Request Page or email us at [email protected]