Privacy Policy

Last Updated: 8th Feb 2025

Sellframe Ltd. (trading as “CRM Inputs”) (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://crminputs.com), use our Chrome extensions, or otherwise interact with our services (collectively, the “Services”).

We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation 2016/679 (“GDPR”), and the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”). We also strive to comply with other relevant privacy laws, such as Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”).

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with any terms herein, you should not access or use the Services.

1. Who We Are

  • Legal Entity Name: Sellframe Ltd. (trading as “CRM Inputs”)
  • Registered Office Address: 14 Avonside Grove, Hamilton, UK, ML3 7DL
  • Jurisdiction: Scotland (UK)
  • Contact Email: [email protected]

We do not currently have a Data Protection Officer (DPO) or EU/EEA Representative appointed.

2. Personal Data We Collect

2.1 Information You Provide Directly

  • Account Information: When you sign up for an account, we may collect your name, email address, and login credentials.
  • CRM Setup Details: If you integrate a CRM system (e.g., Pipedrive, Agile CRM, etc.) via our Services, we may collect and store your CRM user ID, domain, or other necessary configuration details.
  • Payment Information: If you purchase a subscription, our payment processor (Stripe) will collect your payment details. We do not store your credit or debit card numbers directly, but may receive minimal billing information (e.g., subscription status, partial billing address).
  • Support or Communication: When you contact us (e.g., via email or contact forms), we collect the information you provide (e.g., your name, contact details, and the content of your message).

2.2 Information Collected Through Our Extensions

  • Usage Data: Our Chrome extensions capture certain usage data, such as when you click to fetch contact information from third-party data sources (e.g., Apollo.io). We also track which contacts you choose to “add” to your CRM in order to facilitate synchronization.
  • LinkedIn Profile URL: If you use our extension on LinkedIn, we collect the URL (and possibly profile identifiers) you are viewing to enable the “View Contact Info”/“Add to CRM” functionality. This URL is then sent to Apollo.io or other integrated data enrichment services to retrieve additional contact details at your request.

2.3 Automatically Collected Data

  • Analytics: We use Fathom Analytics for website and product analytics. Fathom Analytics does not use cookies by default (it’s a privacy-friendly solution).
  • Cookies: We use our own cookies primarily for authentication and session management. For more details, see Section 7: Cookies & Tracking.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

  1. Account Creation & Management: To register and maintain your user account, authenticate logins, and provide customer support.
  2. Providing Our Services: To enable the functionality of our Chrome extensions and website, including CRM integration and data enrichment via Apollo.io.
  3. Payment Processing: To facilitate subscription billing through Stripe (though your payment details are handled by Stripe directly).
  4. Marketing & Communication: To send you marketing emails, product updates, or special offers where we rely on our legitimate interests or as permitted by law (with an option to unsubscribe at any time).
  5. Analytics & Improvements: To analyze usage of our website and extensions, debug issues, and develop new features.
  6. Legal & Regulatory Compliance: To comply with our legal obligations, protect our rights and interests, and address disputes or claims.

4. Legal Bases for Processing (EEA/UK Users)

Under the UK GDPR/GDPR, we process personal data based on the following legal grounds:

  • Performance of a Contract: Most data processing is necessary to provide our Services and fulfill our contractual obligations (e.g., creating your account).
  • Legitimate Interests: We rely on legitimate interests for certain marketing communications to existing users, for usage analytics, and for preventing fraud or misuse. We ensure these interests do not override your privacy rights.
  • Consent (where required): We may rely on consent for optional cookies or certain email marketing in specific jurisdictions. If you wish to withdraw consent, you can do so at any time by contacting us.

5. Disclosure of Your Information

We do not sell or rent your personal data. However, we may share information in the following circumstances:

  1. Service Providers & Sub-Processors:

    • Hosting: DigitalOcean (New York, USA).
    • Analytics: Fathom.
    • Data Enrichment: Apollo.io (used when you explicitly request fetching contact info via LinkedIn profile URL).
    • Email/Marketing: MailerLite, MailerSend.
    • Payment Processing: Stripe.
    • Code Repository: GitHub (we do not store personal data here except potentially in issue tickets if you submit them).

    These providers process data on our behalf under contractual obligations consistent with this Privacy Policy.

  2. Compliance & Protection: If required by law or in response to valid requests by public authorities (e.g., court orders), or to protect our rights, users, or the public.

  3. Business Transfers: If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice if your data becomes subject to a different Privacy Policy.

6. International Data Transfers

We currently store and process data on servers located in the United States (New York) via DigitalOcean. For users located in the UK, EEA, or other regions with data transfer restrictions, this may constitute a cross-border transfer. We are exploring appropriate transfer mechanisms under the UK GDPR/GDPR, including Standard Contractual Clauses (SCCs) with our service providers.

If you would prefer we store your data in the EU or the UK, please contact us to discuss available options. If necessary and feasible, we may migrate our hosting to an EU-based server to further ensure GDPR compliance.

7. Cookies & Tracking

7.1 Cookies We Use

  • Authentication Cookies: We place cookies to keep you logged in as you navigate our website or Services.
  • Analytics Cookies/Tools:
    • Fathom: Typically does not use cookies; it collects aggregated data in a privacy-friendly manner.

7.2 Do Not Track (DNT)

We currently do not respond to “Do Not Track” (DNT) signals. You can still control cookies and trackers via your browser settings or third-party extensions.

8. Data Retention

We retain user account data for as long as the account is active, plus six (6) months. After that period, we will securely delete or anonymize personal data, unless a longer retention is required by law (e.g., for tax or regulatory purposes). Usage logs and backups may persist in our archives for a limited period.

9. Security Measures

We do not hold any formal certifications such as ISO 27001 or SOC 2. However, we take reasonable technical and organizational measures to protect your data, including:

  • Using reputable hosting providers (DigitalOcean).
  • Restricting access to personal data to authorized personnel.
  • Employing safeguards such as SSL/TLS encryption for data in transit.

While we strive to protect your personal data, no method of electronic storage or transmission is 100% secure. If you suspect any unauthorized access or data breach, please contact us immediately at [email protected].

10. Data Breach Notification

In the event of a data breach that impacts personal data, we will notify the relevant supervisory authority (e.g., the UK Information Commissioner’s Office) within 72 hours of becoming aware, where required by applicable law. We will also notify affected individuals if there is a high risk to their rights and freedoms.

11. Children’s Privacy

Our Services are not directed at children under 16. We do not knowingly collect personal information from minors. If you believe we have unintentionally processed a minor’s data, please contact us so we can delete it.

12. Region-Specific Disclosures

12.1 For Users in the EEA and UK

  • Rights under the GDPR/UK GDPR:
    You have the right to request access to, rectification of, or erasure of your personal data. You may also have the right to restrict or object to certain processing, as well as the right to data portability.
    • To exercise these rights, email [email protected]. We will respond within one month (or as required by law).
  • Complaint: If you have concerns about our data practices, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or another relevant supervisory authority.

12.2 For California Residents (CCPA/CPRA)

  • No Sale of Personal Information: We do not sell or share personal information for monetary or other valuable consideration.
  • Your Rights:
    • Right to Know: You can request details about the categories and specific pieces of personal data we have collected about you.
    • Right to Delete: You can request we delete personal data we have about you, subject to certain exceptions.
    • Right to Correct: You can request corrections of inaccurate personal data we hold.
    • Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

To exercise any of these rights, please email [email protected]. If you believe we are “selling” your data despite our statement, contact us so we can address your concerns.

12.3 For Canadian Residents (PIPEDA)

We strive to comply with the principles of PIPEDA. Canadian users have the right to:

  • Access and Correction: Request access to personal data we hold about you, and request corrections if inaccurate.
  • Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
  • Inquiries or Complaints: Please contact us at [email protected]. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated PIPEDA.

13. LinkedIn Usage & User Responsibilities

Our Chrome extensions enable certain features on LinkedIn’s website (e.g., a “View Contact Info” button). We are not affiliated, endorsed, or sponsored by LinkedIn Corporation. Your use of the extension is at your discretion and subject to LinkedIn’s own Terms of Service and policies. We do not assume liability for actions you take that may violate LinkedIn’s Terms (e.g., scraping, automated activity not permitted by LinkedIn). You are responsible for understanding and complying with LinkedIn’s rules when using our Services on that platform.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time by posting a new version on our website. Unless otherwise stated, any modifications take effect as soon as they are posted. We encourage you to review this page periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions or comments about this Privacy Policy, or wish to exercise any data subject rights, please reach out to:

Sellframe Ltd. (trading as “CRM Inputs”)
14 Avonside Grove, Hamilton, UK, ML3 7DL
Email: [email protected]