1. Introduction
KamoCRM Inc. ("we," "our," or "us") operates the kamocrm.com website and the KamoCRM business operating system platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
This policy applies to all users of our Service, including individual users, team members within organizations, and administrators who manage organizational accounts. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
Account Information: When you create an account, we collect your name, email address, company name, job title, and other information you provide during registration. For organizational accounts, administrators may provide information about team members who are invited to the platform.
Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, and session duration. This data helps us understand how the platform is used and where we can improve the experience.
Device and Browser Information: We collect technical information such as your IP address, browser type and version, operating system, device type, screen resolution, and language preferences. This information is used for security, analytics, and ensuring compatibility across devices.
Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain session state, remember preferences, and collect analytics data. See our Cookie Policy for detailed information about the cookies we use and how to manage them.
Communication Data: When you use communication features within the platform (messaging, video conferencing, third-party email integration, or RingCentral phone integration), metadata about those communications is stored as part of the Service's functionality. If you subscribe to KamoCRM Email Hosting, email content is stored on our infrastructure. The content of all communications is stored securely and is accessible only to authorized users within your organization.
3. How We Use Your Information
Providing and Maintaining the Service: We use your information to operate the platform, authenticate users, manage organizational accounts, deliver features, and provide customer support. This includes processing transactions, sending system notifications, and maintaining the security of your account.
Improving the Platform: We analyze aggregated and anonymized usage data to identify trends, diagnose technical issues, and improve the functionality and performance of the Service. Individual user data is never used for this purpose without appropriate anonymization.
Communication: We may send you service-related emails, including account verification, security alerts, billing notifications, and product updates. You can opt out of non-essential communications at any time through your account settings.
Security and Fraud Prevention: We use device information, IP addresses, and behavioral patterns to detect and prevent unauthorized access, fraud, and abuse of the Service. This includes rate limiting, anomaly detection, and automated security monitoring.
4. Data Storage and Security
All data stored within the KamoCRM platform is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Business and Enterprise plan users additionally benefit from end-to-end encryption for messaging and video conferencing. Our distributed infrastructure is built on CockroachDB with multi-node replication, ensuring data durability and availability even in the event of hardware failures.
We maintain strict access controls, audit logging, and separation of tenant data. Our infrastructure runs on Kubernetes with network policies that enforce isolation between organizational tenants. Regular security assessments and code reviews are conducted to identify and address vulnerabilities.
We implement industry-standard security practices including multi-factor authentication, session management, password hashing with modern algorithms, and automated threat detection. Our security program is designed to align with SOC 2 standards and we maintain GDPR compliance.
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties. Period.
We may share limited information with trusted service providers who assist us in operating the Service, such as cloud infrastructure providers, email delivery services, and payment processors. These providers are contractually bound to use your data only for the purposes we specify and in accordance with this Privacy Policy.
We may disclose information if required to do so by law, in response to a valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of KamoCRM Inc., our users, or the public. We will notify affected users of such disclosures to the extent permitted by law.
In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify users of any such transfer and any changes to this Privacy Policy that result from it.
6. Your Rights
Access: You have the right to request a copy of the personal information we hold about you. You can access most of this information directly through your account settings.
Correction: You have the right to request correction of any inaccurate or incomplete personal information. You can update most account information directly through the platform.
Deletion: You have the right to request deletion of your personal information. Upon account cancellation, your data enters a 30-day read-only retention period during which you may export it in standard formats. You will receive reminder notifications 7 days and 1 day before permanent deletion. After 30 days, all data is permanently and irreversibly deleted from our systems, including backups, except where we are required to retain it for legal or regulatory purposes. Enterprise customers may negotiate extended retention periods.
Data Portability: You have the right to request your data in a structured, machine-readable format. We provide data export tools within the platform that allow you to download your information at any time.
Opt-Out: You can opt out of non-essential communications at any time. You can also manage cookie preferences through your browser settings. Note that opting out of essential cookies may affect the functionality of the Service.
7. Cookies
Essential Cookies: These cookies are necessary for the Service to function properly. They include authentication tokens, session identifiers, and security-related cookies. These cannot be disabled without affecting core functionality.
Analytics Cookies: We use analytics cookies to understand how users interact with the platform. This data is aggregated and anonymized. You can opt out of analytics cookies through your browser settings or our cookie preference center.
Preference Cookies: These cookies remember your settings and preferences, such as language, theme, and layout choices. Disabling these cookies will not affect core functionality but may require you to reconfigure preferences on each visit.
For comprehensive information about our cookie practices, please refer to our Cookie Policy.
8. International Data Transfers
The KamoCRM platform operates on distributed infrastructure that may process data in multiple geographic locations. When your data is transferred across borders, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms, to ensure that your data receives an adequate level of protection when transferred outside the EEA.
9. Children's Privacy
The KamoCRM platform is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete that information.
If you believe that a child under 16 has provided personal information to us, please contact us through our contact form so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting a prominent notice on the Service, sending an email to the address associated with your account, or through other appropriate communication channels.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the Service.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Contact Legal