Privacy Policy & Terms of Service

1. Introduction

PathlyCRM ("Company," "we," "us," or "our") operates a cloud-based CRM platform designed for senior living communities. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information collected through:

• Our website
• Our software platform
• Sales and marketing interactions

2. Information We Collect

A. Information You Provide

We collect information such as:

• Name
• Company name
• Job title
• Email address
• Phone number
• Billing information
• Account credentials
• Information entered into the CRM platform

B. Client Data (Customer Data)

Clients may upload data relating to prospects, residents, families, and contacts, which may include:

• Names and contact details
• Communication history
• Move-in preferences
• Limited care-related notes

C. Automatically Collected Information

We collect:

• IP address
• Browser type
• Device information
• Usage data
• Cookies and tracking technologies

3. How We Use Information

We use personal information to:

• Provide and improve our Services
• Manage accounts and billing
• Provide customer support
• Ensure platform security
• Comply with legal obligations
• Communicate product updates

4. SMS & Text Messaging Compliance (TCPA)

PathlyCRM enables Clients to send SMS communications.

Client Responsibilities

Client represents and warrants that it:

• Has obtained proper prior express consent (or prior express written consent where required)
• Complies with the Telephone Consumer Protection Act (TCPA)
• Maintains consent records
• Honors opt-outs immediately
• Includes opt-out instructions ("Reply STOP to unsubscribe")

PathlyCRM does not obtain consent on behalf of Clients. Client agrees to indemnify PathlyCRM against SMS-related claims.

5. Email Marketing (CAN-SPAM)

Clients using the platform for email communications must:

• Provide accurate sender information
• Avoid misleading subject lines
• Include a physical mailing address
• Provide clear opt-out mechanisms
• Honor opt-outs promptly

PathlyCRM provides tools but does not monitor content for legal compliance.

6. HIPAA

If Services involve Protected Health Information (PHI):

• A Business Associate Agreement (BAA) will be executed where required.
• PathlyCRM implements safeguards aligned with HIPAA standards.
• Clients are responsible for determining whether HIPAA applies.

7. SOC 2 Security

PathlyCRM follows security controls aligned with SOC 2 principles but is not currently certified.

8. Data Security

We implement:

• SSL/TLS encryption
• Role-based access control
• Secure cloud infrastructure
• Regular system monitoring
• Daily backups

No system is 100% secure.

9. Data Retention

We retain data:

• For duration of client contract
• As required by law
• As necessary for legitimate business purposes

Upon termination, data export may be available for a limited period.

10. California Privacy Rights (CCPA/CPRA Addendum)

If you are a California resident, you may request:

• Access to collected personal information
• Deletion
• Correction
• Disclosure of categories collected
• Information about data sharing

We do not sell personal information.

Requests: [email protected]

We will not discriminate against individuals exercising rights.

11. International Transfers

If data is transferred internationally, appropriate safeguards such as Standard Contractual Clauses may be used.

12. Children's Privacy

Our Services are not directed to individuals under 18.

13. Changes to This Policy

We may update this Privacy Policy. Updates will be posted with a revised date.

14. Contact Information