Template — not legal advice. This document is a starting template. Review it with qualified counsel before relying on it.
Super Sweet CRM

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Super Sweet CRM (the “Service”) collects, uses, and shares information when you use the Service. Super Sweet CRM is a multi-tenant CRM that integrates with GoHighLevel to process your organization's contact and communication data on your behalf.

1. Information we collect

  • Account information — your email, workspace name, subdomain, role, and authentication details.
  • Customer Data — the CRM data you sync or create through the Service (contacts, conversations, messages, appointments, opportunities, notes, and tasks). This is processed on your behalf.
  • Billing information — handled by our payment processor (Stripe); we do not store full card numbers.
  • Usage and log data — request metadata, correlation ids, and error reports used to operate and secure the Service.

2. How we use information

  • to provide, maintain, and improve the Service;
  • to authenticate users and secure workspaces;
  • to process payments and manage subscriptions;
  • to detect, prevent, and respond to abuse, fraud, and security issues;
  • to communicate with you about your account and the Service.

3. Processors and sub-processors

We use the following processors to operate the Service. Each processes data only as needed to provide its function:

  • Supabase — database, authentication, and storage.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • GoHighLevel — the upstream CRM system of record.
  • Ollama — AI features (where enabled).

4. Cookies

We use essential cookies required to run the Service (for example, to keep you signed in). We only use non-essential cookies with your consent, which you can manage through the cookie banner. Today the Service does not load third-party advertising or tracking cookies.

5. Data retention

We retain account and Customer Data for as long as your workspace is active. When you delete your workspace, we soft-delete it (blocking access) and purge the cached Customer Data; because GoHighLevel is the system of record, your underlying CRM data remains under your control there.

6. Your rights

  • Access & portability — a workspace owner can export the workspace's data as a file from Settings.
  • Deletion — a workspace owner can delete the workspace and purge its cached data from Settings.
  • Depending on your jurisdiction, you may have additional rights such as rectification or objection. Contact us to exercise them.

7. Security

We use industry-standard safeguards including encryption in transit, row-level tenant isolation, scoped access controls, rate limiting, and error monitoring. No method of transmission or storage is perfectly secure.

8. International transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate transfer mechanisms. Confirm specifics with counsel.

9. Changes to this Policy

We may update this Policy from time to time and will provide notice of material changes.

10. Contact

Privacy questions or requests? Email support@sweetcrm.app.