CRM Privacy Policy

Overview

This policy applies to Le Collectif LLC's internal CRM — used by team members (Melody Asbell and Sophie Smith) to manage client relationships, projects, time tracking, expenses, and agreements. It supplements our public Privacy Policy.

Data Stored in the CRM

The CRM stores the following categories of data in Google Firebase Firestore:

• Client data — names, contact details, project descriptions, signed agreements (Exhibit A)
• Financial records — invoices, expenses, receipts, payment status
• Time logs — clock-in/out records, break times, project hours for each team member
• Internal notes — notebook entries, feedback, project todos
• Calendar events — project milestones, meetings, deadlines
• Files — receipt uploads and agreement documents stored in Firebase Storage and/or SharePoint

Who Has Access

Access to the CRM is restricted to authorized Le Collectif LLC team members authenticated with a username and password. Passwords are stored as SHA-256 cryptographic hashes — never in plain text.

No client data is accessible to the public or shared with third parties outside of the service providers listed below.

Third-Party Services Used

• Firebase (Google) — Firestore database and file Storage. Data is stored in Google Cloud infrastructure under Google's security and compliance standards.
• Microsoft 365 — Outlook email and calendar sync, SharePoint file storage, Teams notifications. Governed by your organization's Microsoft agreement.
• Vercel — hosting for the CRM application. No client data is processed by Vercel beyond standard server logs.

Client Data Handling

Client information is collected and stored solely for the purpose of managing the client relationship and delivering services. Specifically:

• Data is not sold, rented, or shared with advertisers or unrelated third parties
• Data is not used for any purpose outside the scope of the active engagement
• Signed agreements (Exhibit A) are stored digitally and treated as confidential business records
• Clients may request a copy or deletion of their data at any time

Team Member Data

Time logs, payroll data, and expense records for Melody Asbell and Sophie Smith are stored in the CRM. This data is used solely for internal business operations — payroll calculation, project billing, and financial reporting.

Security Practices

• All data transmitted over HTTPS (TLS encryption)
• Passwords hashed with SHA-256 before storage
• Firebase Firestore security rules restrict read/write to authenticated sessions
• File uploads stored in Firebase Storage with private access URLs

Data Retention

CRM data is retained for the duration of each client engagement plus a reasonable period for business record-keeping (typically 3 years after project close). Data may be deleted earlier upon written request.

To request data deletion, contact Melody.Asbell@LeCollectifLLC.com.

Changes to This Policy

This policy may be updated as our tools and practices evolve. The "last updated" date reflects the most recent revision.