# Privacy Policy for Launchpad CRM

**Last Updated: [August 11, 2025]**

1. Introduction

Forge Labs Co. ("we," "our," or "us") operates Launchpad CRM, a customer relationship management platform designed for fitness and life coaching businesses. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our CRM platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

**User Account Information:**

- Email address (used for authentication and communication)

- Full name

- Profile image (optional)

- Role and territory assignments within your organization

**Business Contact Information:**

- Lead and customer contact details (names, emails, phone numbers, addresses)

- Communication preferences and notes

- Interaction history and engagement metrics

**Content You Create:**

- Meeting notes and call summaries

- Tasks, deals, and activity records

- Custom field data and tags

### 2.2 Information Collected Automatically

**Usage Data:**

- Login timestamps and session activity

- Feature usage patterns and click data

- IP addresses and browser information

- Device identifiers and technical specifications

**Third-Party Integration Data:**

- Google Calendar events and attendee information (when you connect Calendar)

- Five9 call center data (when integrated)

### 2.3 Information from Third-Party Sources

**Social Enrichment Data:**

- Publicly available social media profiles

- Professional networking information

- Demographic and geographic data for lead scoring

**Marketing Platform Data:**

- Email engagement metrics from Marketing campaigns

- Marketing attribution and conversion tracking

- Segmentation and targeting data

## 3. How We Use Your Information

We use the collected information for the following purposes:

### 3.1 Core CRM Functionality

- Manage customer relationships and sales pipelines

- Track communication history and engagement

- Automate task assignments and follow-ups

- Generate reports and analytics

### 3.2 Platform Operations

- Authenticate users and maintain secure access

- Provide customer support and technical assistance

- Monitor platform performance and uptime

- Detect and prevent fraud or security breaches

### 3.3 Business Intelligence

- Analyze lead behavior and conversion patterns

- Calculate lead scoring and spending power assessments

- Optimize distribution rules and territory assignments

- Provide AI-powered insights and recommendations

### 3.4 Communication

- Send platform notifications and updates

- Deliver marketing campaigns (when consented)

- Provide educational content and best practices

- Share important security or policy updates

## 4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

### 4.1 Third-Party Service Providers

**Google Services:**

- Gmail API for email integration

- Google Calendar API for meeting scheduling

- Google OAuth for secure authentication

- Google Cloud Platform for hosting and infrastructure

**Marketing and Analytics:**

- Braze for email marketing campaigns

- CDP for customer data analysis

- Google Analytics for usage insights

**Communication Services:**

- Five9 for call center integration

- Email delivery services for notifications

### 4.2 Legal Requirements

- To comply with applicable laws, regulations, or legal processes

- To protect the rights, property, or safety of our users or the public

- To enforce our Terms of Service or investigate potential violations

### 4.3 Business Transfers

- In connection with mergers, acquisitions, or asset sales (with advance notice)

## 5. Data Security

We implement industry-standard security measures to protect your information:

### 5.1 Technical Safeguards

- Encryption of data in transit using TLS/SSL

- Secure database storage with access controls

- OAuth 2.0 authentication with refresh token management

- Regular security audits and vulnerability assessments

### 5.2 Administrative Safeguards

- Role-based access controls within the platform

- Employee training on data protection best practices

- Incident response procedures for security breaches

- Regular backups and disaster recovery planning

### 5.3 Physical Safeguards

- Secure data centers with controlled access

- Environmental controls and monitoring systems

- Redundant infrastructure for reliability and availability

## 6. Your Rights and Choices

### 6.1 Access and Control

- View and edit your personal information through your account settings

- Export your data in machine-readable formats

- Delete your account and associated data (with some exceptions for legal compliance)

### 6.2 Communication Preferences

- Opt out of marketing communications while maintaining service-related notifications

- Adjust notification settings for different types of platform activity

- Control sharing settings for team collaboration features

### 6.3 Integration Management

- Connect or disconnect third-party services (Gmail, Calendar, etc.)

- Revoke access permissions for integrated applications

- Review and modify sync settings and data sharing preferences

## 7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

- **Active Account Data:** Retained while your account is active

- **Lead and Customer Data:** Retained according to your business requirements

- **Communication Records:** Retained for 7 years for compliance purposes

- **Usage Analytics:** Aggregated and anonymized data may be retained indefinitely

- **Backup Data:** Retained for 90 days in secure backup systems

## 8. International Data Transfers

Our service is hosted on Google Cloud Platform in the United States. If you are located outside the US, your information will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

## 9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to remove such information.

## 10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

- **Right to Know:** Request disclosure of personal information collected, used, or shared

- **Right to Delete:** Request deletion of personal information

- **Right to Opt-Out:** Opt out of the sale of personal information (we do not sell personal information)

- **Right to Non-Discrimination:** Equal service and pricing regardless of privacy choices

To exercise these rights, contact us at boris@forge-labs.co.

## 11. European Privacy Rights (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation:

- **Right of Access:** Obtain confirmation of processing and access to personal data

- **Right to Rectification:** Correct inaccurate or incomplete personal data

- **Right to Erasure:** Request deletion of personal data under certain circumstances

- **Right to Restrict Processing:** Limit how we process your personal data

- **Right to Data Portability:** Receive personal data in a structured, machine-readable format

- **Right to Object:** Object to processing based on legitimate interests or direct marketing

Our lawful basis for processing includes:

- **Consent:** For marketing communications and optional features

- **Contract Performance:** For providing the CRM service

- **Legitimate Interests:** For analytics, security, and service improvement

## 12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

- Maintain user sessions and authentication state

- Remember user preferences and settings

- Analyze platform usage and performance

- Provide personalized features and recommendations

You can control cookie settings through your browser, though this may limit platform functionality.

## 13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:

- Posting the updated policy on our website

- Sending email notifications to registered users

- Displaying prominent notices within the platform

Continued use of the service after policy updates constitutes acceptance of the changes.

## 14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

**Email:** boris@forge-labs.co

## 15. Dispute Resolution

If you have concerns about our privacy practices that we cannot resolve directly, you may:

- Contact your local data protection authority

- Use binding arbitration procedures (where applicable)

- Seek resolution through applicable consumer protection agencies

---

**Effective Date:** [August 11, 2025]

**Version:** 1.0

This Privacy Policy is part of our Terms of Service and constitutes a legally binding agreement between you and Forge Labs Co.