CorkCRM Privacy Policy

Last updated: June 15, 2026

Cork CRM, LLC ("CorkCRM," "we," "us," or "our") provides cloud-based software and related services (our "Services") that help painting contractors and other service businesses manage their business, such as leads, appointments, proposals, contracts, jobs, timecards, invoices, and payments. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have.

This Policy applies to:

  • Visitors to our websites and apps, and anyone who contacts us, requests a demo, or otherwise interacts with us.
  • Subscribers — the businesses, such as painting contractors, and their staff who hold a CorkCRM account, including those using a free trial.
  • End clients and personnel — the prospective and actual customers, and the workers (including employees and subcontractors), whose information our Subscribers enter into the Services.
  • Applicants, personnel, and business contacts — individuals who apply to work at or work for CorkCRM, and the representatives of our business partners, vendors, and prospects with whom we interact.

Important — two different roles. For information that we decide how to use (website visitors, demo requests, and the account data of our Subscribers), CorkCRM acts as a business (sometimes called a "controller"). For the information that a Subscriber's account contains about their customers, leads, and personnel, CorkCRM acts only as a service provider (sometimes called a "processor") — we process that data on the Subscriber's behalf and under their instructions. If you are a customer or worker of a CorkCRM Subscriber, please direct privacy requests to that business; see "Information We Process on Behalf of Subscribers" below.

1. Information We Collect

a. Information you provide directly

  • Account and profile information: such as name, business name, email address, phone number, mailing address, job title or role, and login credentials when a Subscriber creates an account or a team member is added, along with any other details you choose to add to your profile or account settings.
  • Demo, contact, and feedback submissions: such as name, email, subject, and message — and any other information you choose to include — when you fill out a form on our website, request a demo, contact support, respond to a survey, or otherwise provide feedback.
  • Communications and call recordings: records of your communications with us, including support and sales correspondence. When you contact us by phone, or we contact you, we may record or monitor the call for quality, training, and recordkeeping, where permitted by law and with any notice or consent required.
  • Billing information: the plan you select and billing contact details. Your CorkCRM subscription payments, and the card and ACH/e-check payments that Subscribers' own customers make through the Services, are handled by PCI-compliant third-party payment processors. We do not store full payment card numbers; see Section 3.
  • Content you enter into the Services: any information, records, files, images, or other content that Subscribers and their users create, upload, or store while using the Services. This may include details about a Subscriber's business operations, customers, leads, jobs, personnel, and finances, and may expand as we add or change features.
  • Electronic signature records: when proposals or contracts are signed electronically through the Services, we capture and retain signing metadata — such as the date and time of signature, IP address, and device information — together with the signed document. We keep these records to establish the validity of the electronic signature and to help resolve any disputes about it.

b. Information collected automatically

  • Usage and device data: IP address, browser type, device and operating system, unique device identifiers, referring and exit pages, pages viewed, features used, timestamps and other log data, and approximate location derived from your IP address.
  • Cookies and similar technologies: we use cookies to keep you logged in, remember preferences, secure the Services, and understand how our sites and apps are used. See Section 7.

c. Information from third parties

  • Integrations you connect — when you enable a third-party integration (for example, calendar, accounting, property-data, mapping, or email/SMS providers, such as Google Calendar, QuickBooks Online, and Zillow), we receive data from that service as needed to provide the feature you enable. The specific integrations we offer may change over time.
  • Service providers that help us operate, such as payment processing, hosting, and security/anti-abuse tools (for example, reCAPTCHA on our contact form). The specific providers may change over time, and they are bound to use information only to provide services to us.

The categories above describe the types of information we collect. The specific features, integrations, and service providers we use may be added to, removed, or changed over time; regardless of those changes, our collection and use of personal information continues to be governed by this Policy.

2. How We Use Personal Information

We use personal information to:

  • Provide, maintain, improve, and develop the Services and their features, including analyzing how they are used.
  • Create and manage accounts and authenticate users.
  • Process payments and send invoices and receipts.
  • Send appointment confirmations, job notifications, reminders, and transactional emails and texts on behalf of Subscribers.
  • Respond to demo requests, support inquiries, and other communications, and monitor or record calls for quality, training, and recordkeeping.
  • Send service announcements and, where permitted, product updates and marketing (you can opt out of marketing at any time).
  • Monitor, secure, and troubleshoot the Services, and detect and prevent fraud and abuse.
  • Comply with legal obligations and enforce our agreements.
  • Carry out other purposes that are compatible with those described above, or for which we obtain your consent or are otherwise permitted by law.

Text messages (SMS). The Services let Subscribers send text messages — such as appointment reminders and job notifications — to their own customers, and let us send service-related texts to Subscribers. Where the Services send texts to a Subscriber's customers, the Subscriber is the sender of those messages and is responsible for obtaining any consent required by law (including the Telephone Consumer Protection Act) and for honoring opt-out requests. Recipients can opt out of texts at any time by replying STOP, and can reply HELP for assistance. Message and data rates may apply.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

3. How We Share Personal Information

We share personal information only as described here:

  • With service providers and subprocessors who perform functions on our behalf under contract — such as subscription billing, card and ACH/e-check payment processing, hosting and infrastructure, email and SMS delivery, inbound lead parsing, analytics, and security and anti-abuse tools. These providers may use the information only to perform services for us.
  • With integrations you choose to enable — such as calendar, accounting, and property-data services (for example, Google Calendar, QuickBooks Online, and Zillow) — to provide the connected functionality you request.
  • With our affiliates — companies under common ownership or control with us — to help operate, support, and provide the Services, consistent with this Policy.
  • With professional advisors — such as lawyers, accountants, auditors, insurers, and bankers — as needed to operate our business.
  • At a Subscriber's direction — for data within a Subscriber's account, we share and disclose it as directed by that Subscriber.
  • For legal reasons — to comply with applicable law, legal process, or enforceable governmental requests, and to protect the rights, property, and safety of CorkCRM, our users, and others.
  • In a business transfer — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, subject to this Policy.
  • With your consent or at your direction — for any other sharing you authorize.

We do not sell personal information or share it for cross-context behavioral advertising. Disclosing personal information to our service providers and payment processors so they can perform services on our behalf is not a "sale" or "share" under applicable privacy law — these vendors are bound by contract to use the information only to provide their services to us.

4. Information We Process on Behalf of Subscribers

When a CorkCRM Subscriber enters information into the Services about their own business contacts — such as their leads, customers, jobs, and personnel — that Subscriber controls that information. CorkCRM processes it only to provide the Services, as permitted by our agreement with the Subscriber and following the Subscriber's instructions. The Subscriber is responsible for ensuring it has the rights, notices, and consents needed to provide this information to us and to use the Services.

If you are a customer or worker of a business that uses CorkCRM and you want to access, correct, delete, or otherwise exercise rights regarding your information, please contact that business directly. We will assist our Subscribers in responding to such requests as required by law.

5. Data Retention

We retain personal information for as long as needed to provide the Services, maintain your account, comply with legal and tax obligations, resolve disputes, and enforce our agreements. To decide how long to keep information, we consider its amount, nature, and sensitivity, the purposes for which we process it, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

Subscribers can delete records within the Services. Account data is retained for a reasonable period after account closure and then deleted or de-identified, though some information may remain in routine backups or archives for a limited time before it is overwritten. We may retain de-identified or aggregated information, which can no longer reasonably be linked to you, for as long as we wish.

6. Security

We use administrative, technical, and physical safeguards designed to protect personal information, such as encryption in transit, access controls, and secure hosting. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Subscribers are responsible for safeguarding their login credentials, managing access for their team, securing their own systems and devices, and promptly notifying us of any suspected unauthorized access to their account.

7. Cookies and Tracking

We use cookies and similar technologies to operate our websites and apps, keep you signed in, remember preferences, maintain security, and analyze usage. Most browsers and devices let you refuse or delete cookies, or otherwise control these technologies; doing so may affect how the Services work. We do not use cookies for cross-context behavioral advertising or targeted advertising.

Opt-out preference signals. Some browsers and extensions can send an opt-out preference signal, such as the Global Privacy Control (GPC), that tells websites you wish to opt out of the sale or sharing of your personal information. We recognize and honor these signals. Because we do not sell personal information or share it for cross-context behavioral advertising, no further action is required to give effect to such a signal, but we treat it as a valid opt-out request.

8. Your U.S. State Privacy Rights

Depending on where you live, U.S. state privacy laws may give you rights over the personal information for which CorkCRM acts as a business (sometimes called a "controller"). These rights apply to information we handle in that role; for information in a Subscriber's account, please contact that Subscriber.

California residents. The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), gives you the rights described below.

Categories of personal information we have collected in the past 12 months: identifiers (name, email, phone, address, IP address); commercial information (subscription and billing details); internet/network activity (usage and device data); geolocation (approximate, from IP); audio or electronic information (such as recordings of calls with us); and professional/business information. We collect this from the sources described in Section 1 and use it for the purposes described in Section 2.

Sensitive personal information: we do not use sensitive personal information for purposes that would give rise to the right to limit. We collect account log-in credentials, which California treats as sensitive personal information, solely to provide and secure the Services; we do not use them to infer characteristics about you. Payment information — such as a payment card number together with a security code, or a bank account and routing number — is also treated as sensitive personal information when it is collected. This information is provided to and processed by our PCI-compliant third-party payment processors solely to process payments; we do not store full payment card numbers and do not use this information for any purpose other than processing the payment.

Your rights:

  • Right to know / access — request the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it, and to receive a copy in a portable format.
  • Right to delete — request deletion of personal information we collected from you, subject to legal exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, so no action is needed; this right is preserved for you, and we honor opt-out preference signals such as the Global Privacy Control (see Section 7).
  • Right to limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the Services.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

Residents of other U.S. states. Depending on your state of residence — such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws — you may have similar rights to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of targeted advertising, the sale of personal information, and certain profiling. We do not sell personal information, share it for cross-context behavioral advertising, or use it for targeted advertising. Where your state provides a right to appeal our decision on a request, you may appeal by contacting us using the details in Section 11.

How to exercise your rights: submit a request using the contact details in Section 11. We will verify your identity before responding and will respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf.

9. Children's Privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice (such as by email or an in-product notice). Your continued use of the Services after an update means you accept the revised Policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us:

Cork CRM, LLC
Email: support@corkcrm.com
Phone: (877) 222-7488
Website: https://corkcrm.com