Prosperia CRM

Privacy Policy

Last Updated: March 2026

1. Introduction

Prosperia CRM ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our contractor business management software and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

Account Information:

  • Name (first and last)
  • Email address
  • Phone number
  • Company name and details
  • Billing address
  • Payment information (processed securely through Stripe)

Business Information:

  • Client names, contact details, and addresses
  • Job descriptions, schedules, and project details
  • Financial records including estimates, invoices, and payments
  • Employee information and work schedules
  • Business communications and correspondence

Technical Information:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Usage patterns and preferences
  • Log files and error reports

2.2 Location Data

We collect location information when you:

  • Use our mapping and measurement tools
  • Enable location services for job site tracking
  • Provide addresses for client locations
  • Use GPS features for route optimization

2.3 Measurement and Calculation Data

When you use our measurement and calculation tools, we collect and process:

  • Satellite imagery measurement data (property boundaries, area calculations, distance estimates)
  • Augmented reality (AR) camera measurement data from mobile devices
  • Chemical calculator inputs and outputs (chemical types, mixture ratios, dilution rates, application volumes)
  • Measurement history and saved calculations

Important: All measurements and calculations generated by these tools are approximate estimates only and are not precise or guaranteed to be accurate. This data is stored for your convenience but should always be independently verified before use. Chemical calculator data does not constitute professional chemical handling advice. Please refer to our EULA and Terms of Service for complete disclaimers regarding measurement and calculation tools.

2.4 File and Media Data

We store and process:

  • Photos and images uploaded for job documentation
  • Receipts and expense documentation
  • Business documents and contracts
  • Audio recordings (if enabled for voice notes)

2.5 Communication Data

We process:

  • Email communications sent through our platform
  • SMS messages sent to clients
  • Internal team communications
  • Customer support interactions

3. How We Collect Information

3.1 Information You Provide

  • Account registration and profile setup
  • Data entry through our application forms
  • File uploads and document submissions
  • Communication through our platform

3.2 Information Collected Automatically

  • Usage analytics and performance metrics
  • System logs and error reports
  • Device and browser information
  • Location data (with your consent)

3.3 Information from Third Parties

  • Payment processors (Stripe)
  • Authentication providers (Supabase)
  • Mapping services (Google Maps)
  • Communication services (Twilio, SendGrid)

4. Data Storage and Retention

4.1 Data Storage

Your data is stored securely using industry-standard practices:

  • Primary Storage: Data is stored in secure, encrypted databases hosted by Supabase (PostgreSQL) with AES-256 encryption at rest
  • File Storage: Documents, images, and media files are stored in encrypted cloud storage with access controls
  • Backup Systems: Regular automated backups are performed to ensure data availability and recovery
  • Geographic Location: Data is primarily stored in United States data centers, with backups in redundant locations
  • Data Replication: Critical data is replicated across multiple data centers for high availability

4.2 Data Retention

We retain your data for the following periods:

  • Active Accounts: Data is retained for as long as your account is active and for 30 days after account closure
  • Financial Records: Payment and transaction data is retained for 7 years as required by tax and accounting regulations
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes
  • Deleted Data: Upon account deletion, data is permanently deleted within 30 days, except where legal retention requirements apply

5. Payment Processing and Fees

5.1 Payment Processing

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store your full credit card information on our servers.

  • Payment Data Collection: When you make a payment, Stripe collects and processes your payment information (credit card number, billing address, etc.)
  • Data Sharing: We share necessary payment information with Stripe to process transactions, including transaction amounts, customer identifiers, and billing information
  • Security: All payment data is encrypted in transit (TLS 1.3) and processed according to PCI-DSS standards
  • Tokenization: Stripe uses tokenization to securely store payment methods without exposing sensitive card details

5.2 Payment Fees

The following fees apply to payment processing:

Stripe Processing Fees:

  • Credit/Debit Cards: 2.9% + $0.30 per transaction (domestic cards)
  • International Cards: 3.9% + $0.30 per transaction
  • ACH Direct Debit: 0.8% per transaction (capped at $5.00)
  • Additional fees may apply for currency conversion, disputes, or chargebacks

Note: Stripe fees are charged directly by Stripe and are separate from our platform fees. These fees are disclosed at the time of payment.

Platform Fees:

  • Free Plan: $0/month - Total payment processing fee of 4.4% + $0.30 per transaction (includes Stripe fees + 1.5% platform fee), passed to client
  • Paid Plan: $39.99/month - Total payment processing fee of 3.9% + $0.30 per transaction (includes Stripe fees + 1.0% platform fee), passed to client
  • Additional Employees: +$9.99/month per employee beyond the included amount (Free: 1 employee, Paid: 2 employees)
  • Overage Pricing: $0.01 per email and $0.02 per SMS beyond your monthly limit
  • All fees are charged in USD
  • Fees are subject to change with 30 days' notice

5.3 Payment Data Privacy

Your payment information is handled according to Stripe's privacy policy and security standards. We only receive:

  • Payment confirmation and transaction status
  • Billing address and contact information
  • Last 4 digits of payment methods (for display purposes)
  • Payment method type (card, ACH, etc.)

We do not have access to your full credit card number, CVV, or other sensitive payment authentication data.

5.4 Apple In-App Purchases

When you subscribe to Prosperia CRM through the Apple App Store, your subscription is processed by Apple. In connection with Apple In-App Purchases, we collect and store:

  • Transaction Identifiers: Apple transaction ID and original transaction ID to verify and track your subscription
  • Product Information: The subscription product purchased (e.g., paid plan, employee seat add-on)
  • Receipt Data: Apple purchase receipts for server-side verification of subscription validity
  • Subscription Status: Whether your subscription is active, expired, in a billing retry period, or in a grace period
  • Renewal Information: Expiration dates, renewal status, and whether auto-renewal is enabled

We do not receive or store your Apple ID credentials, Apple Pay payment details, or credit card information used for App Store purchases. Apple handles all payment processing for in-app subscriptions according to their own privacy policy. For more information, see Apple's Privacy Policy.

Apple may send us server-to-server notifications about subscription lifecycle events (renewals, cancellations, billing issues). These notifications contain only transaction and subscription status data — no personal payment information.

6. How We Use Your Information

6.1 Service Provision

We use your information to:

  • Provide and maintain our CRM services
  • Process payments and manage subscriptions
  • Enable communication with clients and team members
  • Generate reports and business insights
  • Provide customer support

6.2 Business Operations

We use your information to:

  • Improve our services and develop new features
  • Analyze usage patterns and optimize performance
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Communicate important updates and changes

6.3 AI and Automation

We use your data to:

  • Provide AI-powered business insights
  • Enable automated workflows and notifications
  • Improve service recommendations
  • Generate predictive analytics

6.3.1 Data Sent to AI Providers

When you use Prosperia AI features, the following data may be sent to our AI provider:

  • Your messages and questions to the AI assistant
  • Images you upload during AI conversations
  • Business context relevant to your query, including job details, client information, and financial data
  • Conversation history within the current session for contextual understanding

6.3.2 AI Provider and Processing

Prosperia AI is powered by Google Gemini 2.5 Flash. All data is transmitted securely via encrypted TLS connections. For details on how Google processes API data, see:

6.3.3 Data Retention

Data sent to Google via the Gemini API is not used to train Google's AI models. Prosperia stores your AI conversation history so you can review and reference past interactions. You can delete your conversation history at any time from within the AI assistant interface.

6.3.4 User Controls

  • Explicit consent required: You must accept AI data processing consent before using any AI features
  • Stop using AI: You can stop using AI features at any time without affecting other platform functionality
  • Delete history: You can delete your AI conversation history from the AI assistant interface
  • Withdraw consent: You can withdraw your AI data processing consent at any time by emailing privacy@prosperiacrm.com

Important: AI-powered features can and do make mistakes. AI-generated outputs — including business insights, recommendations, estimates, communications, and analytics — may contain errors, inaccuracies, or misleading information. All AI outputs should be independently verified before being relied upon for any purpose. AI features do not constitute professional advice. Please refer to our EULA and Terms of Service for complete AI disclaimers and liability limitations.

7. Consent Management

7.1 Consent Collection

We obtain your explicit consent for data processing activities that require it, including:

  • Account creation and service usage (collected via checkbox during signup)
  • Privacy Policy and Terms of Service acceptance (tracked with timestamps and IP addresses)
  • Marketing communications (opt-in required)
  • Location data collection (permission requested when needed)
  • Non-essential cookies and tracking (managed via cookie consent banner)

7.2 Consent Withdrawal

You can withdraw your consent at any time by:

  • Updating your account preferences in Settings
  • Unsubscribing from marketing emails using the link in any email
  • Disabling location services in your device or browser settings
  • Managing cookie preferences through our cookie consent tool
  • Contacting us at privacy@prosperiacrm.com

Note: Withdrawing consent for essential services may limit your ability to use certain features of our platform.

7.3 Consent Records

We maintain records of your consent, including when it was given, the method of consent, and any withdrawals. These records are kept for compliance purposes and to demonstrate our commitment to privacy regulations.

7.4 AI Data Processing Consent

Before using any AI-powered features (including Prosperia AI assistant and Price Assist), you must explicitly consent to AI data processing through an in-app consent modal. This consent is separate from your general Privacy Policy acceptance and covers the specific data processing described in Section 6.3.

The consent modal will:

  • Appear the first time you attempt to use an AI feature
  • Clearly disclose what data is sent, the AI provider, and data retention practices
  • Require explicit action (clicking "I Understand and Accept") to proceed
  • Not appear again once accepted, unless the consent version is updated

Withdrawing AI consent: You can withdraw your AI data processing consent at any time by emailing privacy@prosperiacrm.com. Withdrawing consent will prevent you from using AI features but will not affect your access to other platform functionality. Previously processed data will be handled according to our standard retention policies.

8. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

Contractual Necessity (Article 6(1)(b)):

  • Providing the services you've requested
  • Processing payments and managing subscriptions
  • Delivering customer support

Legitimate Interests (Article 6(1)(f)):

  • Improving our services and developing new features
  • Ensuring security and preventing fraud
  • Analyzing usage patterns for optimization

Consent (Article 6(1)(a)):

  • Location data collection
  • Marketing communications
  • Non-essential cookies and tracking

Legal Obligation (Article 6(1)(c)):

  • Compliance with applicable laws
  • Tax and financial reporting requirements

9. Information Sharing and Disclosure

9.1 Third-Party Service Providers

We share information with trusted third parties who assist us in operating our service:

Essential Service Providers:

  • Supabase: Database hosting, authentication, and file storage
  • Stripe: Payment processing and subscription management (web)
  • Apple (App Store / StoreKit): In-app purchase processing and subscription management (iOS). Apple receives payment information directly and shares transaction identifiers and subscription status with us. See Apple's Privacy Policy.
  • Vercel: Application hosting and content delivery

Communication Services:

  • Twilio: SMS messaging services
  • SendGrid: Email delivery services

Mapping and AI Services:

  • Google Maps: Location services and mapping features
  • Google Gemini (Gemini 2.5 Flash): AI-powered business assistant, pricing guidance, and automation. When you use AI features, your messages, uploaded images, relevant business context (job details, client information, financial data), and conversation history may be sent to Google's Gemini API for processing. Data is transmitted via encrypted TLS connections and is not used by Google to train their AI models. See Section 6.3 for full details.

9.2 Legal Requirements

We may disclose information when required by:

  • Court orders or legal process
  • Government investigations
  • Law enforcement requests
  • Regulatory compliance requirements

10. Data Security

10.1 Technical Safeguards

We implement comprehensive security measures:

  • Encryption of data in transit (TLS 1.3)
  • Encryption of data at rest (AES-256)
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Network security and intrusion detection

10.2 Organizational Safeguards

  • Employee training on data protection
  • Access controls and role-based permissions
  • Regular security assessments
  • Incident response procedures
  • Data breach notification protocols

11. Your Rights and Choices

11.1 Access and Portability

You have the right to:

  • Access your personal information
  • Receive a copy of your data in a portable format
  • Request correction of inaccurate information
  • Update your account information

11.2 Deletion and Restriction

You may request:

  • Deletion of your personal information
  • Restriction of processing in certain circumstances
  • Objection to processing based on legitimate interests

11.3 Communication Preferences

You can:

  • Unsubscribe from marketing emails
  • Opt out of SMS notifications
  • Control cookie preferences
  • Manage notification settings

11.4 Exercising Your Rights

To exercise your rights, contact us at privacy@prosperiacrm.com with your account information, specific request details, and verification of your identity. You can also submit a request directly through our Privacy Rights Center.

12. Cookies and Tracking

12.1 Types of Cookies

We use several types of cookies:

Essential Cookies:

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality and preferences

Analytics Cookies:

  • Usage statistics and performance metrics
  • Error tracking and debugging
  • Service improvement insights

Functional Cookies:

  • User preferences and settings
  • Language and region selection
  • Customization features

12.2 Cookie Management

You can control cookies through your browser settings and preferences, our cookie consent banner, and third-party opt-out tools.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights regarding your personal information:

Right to Know (CCPA Section 1798.100)

You have the right to request information about:

  • Categories of personal information we have collected about you
  • Categories of sources from which personal information is collected
  • Business or commercial purposes for collecting or selling personal information
  • Categories of third parties with whom we share personal information
  • Specific pieces of personal information we have collected about you

To exercise this right, contact us at privacy@prosperiacrm.com with "CCPA Right to Know" in the subject line.

Right to Delete (CCPA Section 1798.105)

You can request deletion of your personal information, subject to certain exceptions:

  • Complete transaction or provide requested services
  • Detect security incidents or protect against fraud
  • Debug to identify and repair errors
  • Comply with legal obligations
  • Exercise free speech or other legal rights
  • Conduct research in the public interest
  • Enable internal uses aligned with consumer expectations

To request deletion, contact us at privacy@prosperiacrm.com with "CCPA Deletion Request" in the subject line.

Right to Opt-Out of Sale/Sharing (CCPA Section 1798.120)

We do not sell your personal information. However, you have the right to opt-out of:

  • Sale of personal information (we do not engage in this practice)
  • Sharing of personal information for cross-context behavioral advertising
  • Use of sensitive personal information for purposes beyond what is necessary

You can manage these preferences in your account settings or contact us at privacy@prosperiacrm.com.

Right to Correct (CPRA Section 1798.106)

You have the right to request correction of inaccurate personal information. You can update most information directly in your account settings, or contact us for assistance.

Right to Limit Use of Sensitive Information (CPRA Section 1798.121)

You can limit our use of sensitive personal information to:

  • Providing the services you requested
  • Ensuring security and preventing fraud
  • Complying with legal obligations

Non-Discrimination (CCPA Section 1798.125)

We will not discriminate against you for exercising your CCPA/CPRA rights. This means we will not:

  • Deny you goods or services
  • Charge you different prices or rates
  • Provide you a different level or quality of services
  • Suggest that you may receive different treatment

How to Exercise Your CCPA/CPRA Rights

To exercise any of these rights, please contact us:

  • Email: privacy@prosperiacrm.com
  • Subject Line: Include "CCPA Request" and specify which right you're exercising
  • Verification: We may need to verify your identity before processing your request
  • Response Time: We will respond within 45 days (may be extended by 45 additional days with notice)
  • Online: Visit our Privacy Rights Center to submit a request directly

14. GDPR Rights for EU Residents

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how it's processed, stored, and shared. You can access most of your data directly through your account dashboard.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. Most information can be updated directly in your account settings.

Right to Erasure (Article 17) - "Right to be Forgotten"

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate interests
  • The data has been unlawfully processed
  • Deletion is required for legal compliance

Note: Some data may be retained if required by law or for legitimate business purposes.

Right to Restrict Processing (Article 18)

You can request that we limit how we process your data in certain circumstances, such as when you contest data accuracy or object to processing.

Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.

Right to Object (Article 21)

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent (Article 7)

When processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your GDPR rights. For more information, visit your country's data protection authority website.

How to Exercise Your GDPR Rights

To exercise any GDPR rights, contact us at privacy@prosperiacrm.com or visit our Privacy Rights Center. We will:

  • Respond within one month (may be extended by two months for complex requests)
  • Verify your identity before processing requests
  • Provide information free of charge (unless requests are manifestly unfounded or excessive)
  • Explain any refusal to comply with a request

15. Contact Information

For questions about this Privacy Policy or our data practices, please contact us at:

Prosperia CRM

Email: privacy@prosperiacrm.com

Phone: 425-286-0737

16. SMS/Text Messaging Services

16.1 SMS Communications

Our platform enables contractors to send SMS messages to their customers for:

  • Appointment confirmations and reminders
  • Job status updates and arrival notifications
  • Invoice delivery and payment reminders
  • Service-related communications

16.2 Phone Number Collection and Consent

When a contractor's customer receives their first estimate or service request:

  • The customer provides their phone number voluntarily
  • The customer must actively check a box to consent to SMS communications
  • Consent is specific to receiving messages from that contractor via ProsperiaCRM
  • The customer can see examples of message types they'll receive
  • No mobile information will be shared with third parties/affiliates for marketing/promotional purposes

16.3 SMS Opt-In Process

Customers receive an initial opt-in confirmation message stating:

  • Who they're receiving messages from (contractor's business name)
  • What types of messages they'll receive
  • How to get help (reply HELP)
  • How to stop messages (reply STOP)
  • That message and data rates may apply
  • Message frequency varies

16.4 SMS Opt-Out Rights

Customers can opt-out of SMS messages at any time by:

  • Replying STOP to any message
  • Contacting the contractor directly
  • Replying with any standard opt-out keyword (STOP, CANCEL, UNSUBSCRIBE, END, QUIT, STOPALL)

Upon opting out, customers will receive one final confirmation message and will not receive further SMS communications unless they opt-in again.

16.5 SMS Data Processing

  • SMS messages are processed through Twilio, our third-party messaging service provider
  • Message content and delivery logs are stored for service quality and compliance
  • SMS data is retained for 12 months or as required by law
  • No mobile information will be shared with third parties/affiliates for marketing/promotional purposes
  • Customers can request deletion of their SMS data by contacting privacy@prosperiacrm.com

16.6 SMS Compliance

We comply with:

  • Telephone Consumer Protection Act (TCPA)
  • CAN-SPAM Act requirements
  • CTIA Messaging Principles and Best Practices
  • Carrier-specific messaging guidelines
  • Twilio's Acceptable Use Policy

16.7 Customer Rights Regarding SMS Data

Customers whose contractors use our platform have the right to:

  • Access logs of SMS messages sent to their phone number
  • Request deletion of their phone number and message history
  • Opt-out of SMS communications at any time
  • File complaints about SMS practices by contacting privacy@prosperiacrm.com