Privacy Policy

Last Updated: May 16, 2024

Overview of this Privacy Policy

This Privacy Policy describes how we collect, store, share and use the personal information that our customers store on our CRM platform, that we collect on our websites, and that we otherwise use in the operation of our business.

This policy is organized in four sections:

  • First, we provide an overview of this policy, including a description of what it does (and does not) cover
  • Second, we describe the types of data that we collect and how we keep that data secure
  • Third, we discuss how we use and store your data and share it with persons outside Copper
  • Last, we explain how you can exercise your legal rights over personal information that we store about you or your customers

We may revise this policy to reflect changes in the law, our CRM platform and business operations. We will notify you of these changes through a message on our website or CRM platform, or by some other reasonable means. The date that this policy was last updated can be found at the beginning of this policy.

If you have any questions about this policy or our data privacy practices, please contact us at privacy@copper.com.

What This Privacy Policy Does (and Does Not) Cover

What does this Privacy Policy cover?

This Privacy Policy describes how we process personal data in the operation of our business. In this policy, “Copper”, “we”, “us” and “our” refers to Copper CRM, Inc. and its affiliates. We categorize this personal data as either Customer PII or CRM Data.

  • Customer PII means the personal data that we receive through www.copper.com and our other commercial, community, and employment channels, such as when you fill out a registration form for a webinar, apply for a job with us, or sign up for a Copper account. We use this information to help us run our business and, in the language of the EU’s General Data Protection Regulation (GDPR), we are the “controller” of this information.
  • CRM Data means personal data that is uploaded, stored or transmitted by or on behalf of one of our customers in connection with their use of our CRM platform. CRM Data does not include service data, which we discuss below under “How do we monitor the use of our CRM platform?”

As discussed in our Terms of Service, our customers retain ownership of their CRM Data, and provide us with a limited license to that data so that we can allow them to make use of our CRM platform and related services. We process CRM Data on behalf of our customers and only in accordance with their instructions. In GDPR terms, we are the “processor” of this information.

This policy includes links to materials outside this policy, like Help Center pages, which provide more detail about the topics discussed here. These linked-to materials are for reference only, may be changed at any time, and are not a part of this policy.

Does this policy apply to third-party websites?

Our CRM platform and other websites may contain links to other websites not operated or controlled by Copper, which we refer to as “third-party sites.” Examples of third-party sites include social media features, such as links to our Facebook, Twitter, Instagram, and LinkedIn pages, found on copper.com. This policy does not apply to third-party sites. Your interactions with these third-party sites are governed by the privacy statements of the owners of those websites. You should review those privacy statements to better understand their privacy practices.

An important example of a third-party site is found on our Email Sequences page. Copper’s email sequencing functionality is provided by Outfunnel, a service partner of Copper. By accessing this functionality through our CRM platform, you are agreeing to share the CRM Data in your account with Outfunnel. Before you access the Email Sequences page, you must agree to Outfunnel’s terms of service and privacy policy, and it is Outfunnel’s privacy policy -- and not this policy -- that governs how the email addresses and other relevant CRM Data is collected, used, disclosed and retained by Outfunnel.

How We Collect Data and Keep It Secure

What Customer PII do we collect?

Here is how we collect Customer PII and the types of personal data we collect:

  • When you visit our website or social media pages, we use cookies to collect information about you that may be considered personal information, including your IP address. You have choices over what cookie information we collect about you. Please see our Cookie Policy for more information.
  • When you register for events, offers or marketing materials, we collect your contact information. Contact information may include your name, employer name and size, email address, phone number and location information.
  • When you register for a free trial of our CRM platform, we collect your contact information. If you register for a paid subscription, we also collect your credit card number and billing address. Note that we do not collect or store credit card information directly on our servers, but utilize this information using trusted third-party payment processors. For more information, visit our Copper Subprocessors webpage.
  • We collect other information when you use our CRM platform, including operating system, system model, IP address, browser type, domain names and internet service provider (ISP). If you access our CRM platform via our mobile applications, we may also collect your device model and version and OS version. We may link log files to Customer PII, such as your name and email address. We also collect information about your use of our CRM platform, as described below under “How do we monitor the use of our CRM platform?”
  • If you access our CRM platform through a third-party login service or connect an application to Copper, that service may share information with us, including your user ID associated with that account, an access token necessary to access that service and any information that you have permitted that third party to share publicly or with Copper specifically.
  • Information that you post on our community forum, which is generally made available to the public and may be read, collected and used by others who access our forum.
  • When you apply for a job with us, we may collect your contact information, resume and employment history.
  • When you visit our offices in person, we may collect your name, employer name and other personal information requested by our automated sign-in system.
  • We sometimes obtain information from other sources, such as mergers and acquisitions, data brokers, account administrators and other users in your organization, and commercial lists, and may merge this with information we have previously collected.
  • We use our CRM platform in the operation of our own business, and so process CRM Data about our customers, leads and other contacts.

What CRM Data do we collect?

We process the CRM Data that is stored in our customers’ (and our own) Copper accounts. Our customers control the types of personal data that they store in Copper, and we process CRM Data as directed by them. Typically, CRM Data consists of the following:

  • Contact information about their customers, leads and contacts, in addition to financial and other information related to sales opportunities and project implementation.
  • If a customer’s Copper account is synced to a Google Workspace account, copies of emails and calendar information in Gmail and other applications. For more information, see below under “What information does Copper access from my Google Workspace accounts?”
  • Our CRM platform enables you to import and sync contacts included in your email accounts and on your device. We do not collect the login credentials for such email accounts.
  • When you use our technical support, training or professional services, we collect your contact information and your device and system information.
  • If a customer has enabled Copper’s email tracking functionality, information about whether an email has been opened and the identity of the recipient or recipients. For more information, see below under “Do we collect email tracking information?”
  • If you upload photos, voice records, or videos to our CRM platform, we will collect and store such files.

Your use of our CRM platform and provision of CRM Data is governed by our Terms of Service. It is your responsibility to ensure that you own or have adequate permissions to store and process personal information on our CRM platform.

Prohibited Data

Our Terms of Service prohibit storing certain types of sensitive or regulated information on our CRM platform or otherwise providing us with this information, including, for example, in support requests or other communications. This information includes credit card, bank account, driver’s license or social security information, information that would be considered “protected health information” under HIPAA, and special categories of data under GDPR, including information about someone’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health, sex life or sexual orientation. It is our customers’ responsibility to ensure that they and their users comply with these restrictions.

Children’s Data

Use of our CRM platform is only available to persons who are old enough to enter into a legal contract, and access to our platform is not directed to children under 16 years of age. If our policy changes, we will obtain consent from a parent or guardian before we knowingly collect data from anyone under the age of 16 years.

Enrichment Data

When one of our customers creates a record in our CRM platform, we may populate certain fields with “enrichment data” to validate or supplement the information entered in that record, and may include a person’s name, location, address and employer details. This data is obtained from public and third-party sources. We do not use CRM Data to populate enrichment data.

For more information about how our customers use and share their CRM Data, you should refer to their privacy policies. As noted above, if you provide us with personal data on behalf of someone else, you must have their consent or some other legal basis to do so.

Do we collect email tracking information?

Yes, our CRM platform has email tracking functionality that can be used to notify senders when an email is opened. Certain governmental regulators, including those with jurisdiction over EU member states, have expressed the opinion that the use of email tracking functionality requires that recipients have consented to the use of this technology.

Copper may use its CRM platform’s email tracking technology when it sends emails to current and prospective customers. By submitting your contact information to Copper, for example, when you sign up for a trial account, you are deemed to have agreed to this Privacy Policy and consented to our use of email tracking technology in our communications with you.

We encourage customers who wish to make use of our CRM platform’s email tracking technology to discuss their marketing plans and policies with legal counsel to ensure that they are following all applicable legal requirements. For more information about email tracking technology, see Email Track, Copper Help Center.

What information does Copper access from my Google Workspace accounts?

One of our CRM platform’s most powerful features is its ability to work seamlessly with Gmail and other Google Workspace applications. This section describes how Copper and Google applications share information. For more information about Copper’s Gmail integration, see Working with the Gmail Integration, Copper Help Center.

Google Gmail

If you sign up for Copper with a Gmail address, our CRM platform will automatically sync with your Gmail account. This means that the platform will access your Gmail contacts, emails, calendar, distribution lists, subject lines and URLs of tracked links from your email, if you use the email tracking functionality. In addition, you can use our CRM platform to read, modify, create, and send emails from your Gmail account. Our CRM platform will store replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and email bodies. By default, synced emails are visible to account owners and admins, and you may make them visible to other members of your team. For more information about email visibility settings, see Set Email Visibility Permissions, Copper Help Center.

Google Calendar

Our CRM platform also automatically syncs with the Google Calendar application, accessing your calendar events and tasks in your Google Calendar. It also allows you to create and edit events and tasks and send invitations from your Google Calendar account.

Google Drive

You have the option to connect your Google Drive account to your Copper account. If you choose to do so, you will be able to see your files, upload and download your files, and store file contents and titles on our CRM platform. Our CRM platform uses these permissions to associate files with records stored on our platform and allow users to share them with clients and other users.

For special requirements that apply to information that we obtain from your Gmail account, see below under the heading, “What additional requirements apply to information collected through our Gmail integration and Google APIs?”

What steps do we take to keep your data secure?

The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. For more information about our data security practices, please visit our Security at Copper page.

Under our Terms of Service, we commit to maintain certain administrative, physical and technical controls, and we will not materially reduce the overall effectiveness of these safeguards without our customers’ consent. These controls are detailed at Safeguards, Copper Help Center.

If you have any questions about the security of your personal data, you can contact us at privacy-questions@copper.com.

What additional requirements apply to information collected through our Gmail integration and Google APIs?

Our CRM platform enables you to read, create and modify messages in your Gmail account. In order to provide you with this service, we obtain, process and store a copy of the Google user data contained in or associated with messages in your Gmail account, such as the email addresses of persons to whom you send or from whom you receive messages in your Gmail account, electronic copies of the files attached to those messages, and the contents of those messages.

We refer to the Google user data described in the immediately preceding paragraph as “Google User Data.” Google User Data is subject to the additional limitations on its use, transfer and accessibility set forth below:

  • We will use Google User Data only to provide or improve user-facing features of the Services that are prominent in the Services’ user interface.
  • We will only transfer Google User Data to unaffiliated third parties (a) if necessary to provide or improve user-facing features that are prominent in the Services’ user interface, (b) as necessary to comply with applicable law or (c) as part of a merger, acquisition or sale of assets with notice to you. A list of the third parties with whom we share CRM Data, including in some cases Google User Data, in order to provide you with the use of our CRM platform and related services can be found at our Copper Subprocessors webpage.
  • We will not use or transfer your Google User Data for serving ads, including retargeting, personalized or interest-based advertising.
  • We will not allow humans to read your Google User Data unless we have first obtained your affirmative agreement for specific messages; it is necessary for security purposes (such as investigating a bug or abuse); it is necessary to comply with applicable law; or our use is limited to internal operations and the data (including derivations) have been aggregated and de-identified.

Note that we may obtain personal data that is included in your Google User Data from sources other than the messages in your Gmail account. For example, we may obtain your email address when you register for the Service. Personal data that we obtain from sources other than messages in your Gmail account is not considered Google User Data for the purposes of this Privacy Policy and is not subject to the additional requirements described above.

Our use and transfer to any other application of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How We Use, Store and Share Your Data

How do we use CRM Data?

We process CRM Data in accordance with the instructions of our customers in order to provide them with the services offered through our CRM platform. We also process CRM Data as required by applicable law, including to respond to valid requests by law enforcement authorities, to monitor compliance with our Terms of Service and other policies, and to resolve support requests and maintain our CRM platform.

Our application does not retain user data obtained through Workspace APIs to develop, improve, or train generalized AI and/or ML models.

How do we use Customer PII?

We use Customer PII and other personal data used in the operation of our business for our legitimate interests or when we have a lawful basis to do so. We use Customer PII only as identified in this Privacy Policy or our Terms of Service. Below is a summary of the principal uses we make of Customer PII:

CRM Services

We use Customer PII, including contact information and information about computer systems, to provide the services offered through our CRM platform. For example, we use your name and email address to create and maintain your account and register you on our CRM platform. We also use contact and payment information to process your subscription fees.

Customer Communications

We use your contact information and other Customer PII to communicate and build relationships with our customers. For example, we may contact customers to process, fulfill and follow up on transactions and requests for products, services, support, training and information. We also contact customers to provide them with information about their subscription, such as sending reminders when their subscription (trial or paid) is about to expire.

Product Support

We use Customer PII, including contact information and technical information about computer systems, to provide product support, including troubleshooting and technical support and agreed upon diagnostic, monitoring and management services.

Sales and Marketing

We use Customer PII, including contact information and cookie information, to send sales and marketing communications to customers and potential customers. These communications may include information about new product features, sales promotions, updates to our blogs or new webinars and other information about us and our partners. We also collect information about engagement with our websites and CRM platform to engage in market research, personalize content and advertising and help identify and communicate offers of products, programs and services that may be of interest to you. In some cases, we may send “refer-a-friend” emails on your behalf, subject to your consent.

If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy-questions@copper.com. We may send you push notifications to your mobile device in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.

Improve and Operate Our CRM Platform

We collect and use Customer PII, including contact information, product usage data, and log data to measure, analyze and improve our products and services, the effectiveness of our CRM platform and other services, as well as our advertising and marketing. For more information, see below under “How do we monitor the use of our CRM platform?”

Other Uses

We may use Customer PII for other purposes reasonably related to the operation of our business. For example, we use product usage information to enforce our Terms of Service, prevent fraud and other prohibited or illegal activities. Other reasons include to consider an application for employment and to comply with our legal obligations.

How do we monitor the use of our CRM platform?

We collect, record and analyze data and other information about how our customers use our CRM platform to do things like optimize product design. This data may include tracking and recording visits to individual webpages, including in the CRM platform, and interactions with specific components of those webpages. We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any CRM Data or publicly identify customers or end-users.

We use a variety of third-party tools to measure, monitor and record your usage of our services, including Google Analytics and other event-tracking software. When you visit sites that use Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.

How do we share and disclose personal data?

We may share or disclose personal data as follows:

  • To our service providers and suppliers, who are acting and using your information on our behalf to provide services to our customers and help us with our business activities. For more information, see below under “What personal data do we share with sub-processors?”
  • To corporate subsidiaries we own or control to support their business and marketing processes
  • Based on a good faith belief that such disclosure is necessary to protect the rights or safety of any person or entity
  • Based on a good-faith belief that disclosure is necessary to respond to judicial process, valid government inquiry, or is otherwise required by law such as to comply with a subpoena, bankruptcy proceedings, or similar legal process
  • In the event of an acquisition of our company or our assets, your information may be transferred with the company or the asset
  • To other third-parties for purposes that you have allowed or to which you have consented, such as to our reseller partners
  • When posted to our community webpages, or to our wikis, forums, blogs, message boards, chat rooms and other social networking environments
  • To create aggregated information which does not identify you personally

Except as described above or elsewhere in this Privacy Policy, we do not sell, transfer or otherwise disclose, sell, trade, or otherwise transfer your Personal Data to outside parties.

What personal data do we share with sub-processors?

We share personal data with service providers and suppliers that are acting and using your information on our behalf to provide services to our customers and help us with our business activities. In the language of the GDPR, these service providers and suppliers are our “sub-processors.”

Sub-processors help us process payments, provide customer support, host our CRM platform, analyze data, provide marketing assistance and integrate with third-party services. We also use sub-processors to help us provide components of our CRM platform. For example, certain of our sub-processors provide us with the data warehousing and visualization capabilities that power our Reporting tools, and we may share CRM Data with those sub-processors for the purpose of providing this reporting functionality. We may also share Customer PII, including email addresses and other personally identifying information, with service partners that communicate with, monitor or provision our customers on an individual basis to serve as a unique customer identifier.

Sub-processors are authorized to use your personal data only as necessary to provide these services to us. Transfers of personal data to subsequent third parties are covered by the services agreements between us and our sub-processors.

For more information about our sub-processors, please visit Sub-Processors, Copper Help Center.

Where do we store your data?

Copper uses third-party cloud computing services to host its CRM platform and store and process CRM Data. The servers used to provide these hosting services are located in the United States. Copper is unable to accommodate requests to store data in other locations. For more information about the third parties that provide hosting services, please visit Sub-Processors, Copper Help Center.

CRM Data may be stored or processed on servers located outside your jurisdiction of residence, whose data protection laws may differ from the jurisdiction in which you live. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.

For information about the steps we take to comply with legal requirements related to our transfer of personal data of EU residents to the United States, see below under “Do we participate in the Data Privacy Framework?”

Data Transfers to the United States

On July 17, 2023, the European Commission issued an adequacy decision on the EU-U.S. Data Privacy Framework (DPF). This new voluntary Framework, which replaces the Privacy Shield program, provides a mechanism for companies to transfer personal data from the EU to the United States in a privacy-protective way consistent with EU law.

Do we participate in the Data Privacy Framework?

On July 16, 2020, the Court of Justice of the European Union, or the CJEU, issued a judgment in the Schrems II case (case C-311/18), which invalidated the EU-U.S. Privacy Shield framework as a valid basis for transferring data from the EU to the United States. The CJEU further concluded that the Standard Contractual Clause, or the SCCs, issued by the European Commission for the transfer of personal data to data processors established outside of the EU continue to serve as a valid transfer basis. Copper’s Terms of Service automatically applies the protections of SCCs to all Copper’s EU-based customers. Customers wishing for a signed copy of the SCCs can obtain one by contacting privacy@copper.com. Copper continues to monitor the impact of the Schrems II decision and related legal developments, and intends to update its practices and customer terms as appropriate. In the meantime, Copper participates in and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Copper has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Copper has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework website.

In the context of an onward transfer, Copper has responsibility for the processing of personal data it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Copper remains liable under the Data Privacy Framework Principles if its agent processes such personal information in a manner inconsistent with the Data Privacy Framework Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Copper is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Copper may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Copper commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

How long do we store CRM Data?

After an account expires, Copper will store CRM Data in accordance with its Terms of Service and this Privacy Policy. In general, we keep a copy of this data for at least 30 days post-termination. After that, CRM Data is purged in accordance with Copper's data deletion policies, generally within 180 days after a customer's subscription expires.

Your Rights Over Your Data

What are your choices regarding your personal data?

You may request to review, correct, delete or otherwise modify any of your personal data. These choices apply to all personal data collected by Copper, and not only to cookie and marketing data as described in Copper's Cookie Policy. If you have registered for an account for our CRM platform, you may generally update your user settings and profile by logging into our platform with your username and password and editing your settings or profile. You can also update the contact details of your leads, contacts, and prospects stored in the CRM platform at any time. Otherwise, to access, correct, delete your personal information, please visit the webpage Submit a Request, Copper Help Center. After we verify your request, we will respond to you in accordance with our legal obligations and this policy. If your request relates to your personal data stored on our CRM platform, this generally means we will direct your request to the licensed account administrator for review.

If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy-questions@copper.com.

We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.

Special data management rights belonging to California residents are described below under “California Rights and Choices.”

California Privacy Statement

The following supplemental privacy policy (Supplemental Policy) describes how we process information about residents of California.

Summary of Personal Information That We Collect About You

For individuals who are California residents, the California Consumer Privacy Act requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it. While we have set out the categories below as required by the California Consumer Privacy Act, you can review the other sections of our Privacy Policy set out above, and other information that describes our data collection and use, which provide additional information about our collection and use of personal data.

Depending on how you interact with us, we may collect the categories of information as summarized in the table below. This Supplemental Policy also does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services.

All of the categories of personal information we collect about you (as detailed below) come from the following categories of sources:

  • You, including through your use of our Services;
  • Automatically collected from you;
  • Our affiliate companies;
  • Our customers, who may store and process personal information about you in the Platform; and
  • Other third parties.

Categories of Personal Information We Collect

Categories of Third Parties with Which We Share that Information

Identifiers (such as name, address, email address, employer information)

Third parties (such as our service providers and integration partners) or your organization (through its purchase of an account with us)

Our affiliate companies

Aggregators (such as analytics services)

Commercial Information (such as transaction data)

Third parties (such as our service providers)

Our affiliate companies

Aggregators (such as analytics services)

Financial Data (such as billing information)

Third parties (such as our service providers and integration partners)

Our affiliate companies

Internet or Other Network or Device Activity (such as browsing history or app usage)

Third parties (such as our service providers and integration partners)

Our affiliate companies

Aggregators (such as analytics services)

Location Information (for example, inferred from your IP address)

Third parties (such as our service providers and integration partners)

Our affiliate companies

Aggregators (such as analytics services)

Professional or Employment-Related Data (such as the name of your employer)

Third parties (such as our service providers and integration partners)

Our affiliate companies

Aggregators (such as analytics services)

Legally Protected Classifications (such as gender and marital status)

Third parties (such as our service providers and integration partners)

Our affiliate companies

Other Information that Identifies or Can Be Reasonably Associated with You

Third parties (such as our service providers and integration partners)

Our affiliate companies

Aggregators (such as analytics services)

Categories of Business/Commercial Purposes for Our Use of Your Information

All of the categories of personal information we collect about you (as detailed above) are used for the following purposes:

  • Providing our Service (for example, operating our CRM platform, account servicing and maintenance, customer service and support, advertising and marketing, analytics, and communication about our services);
  • For our operational purposes, and the operational purposes of our service providers and integration partners;
  • Improving our existing services and developing new services (for example, by conducting research to develop new products or features);
  • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
  • Bug detection, error reporting, and activities to maintain the quality or safety of our services;
  • Auditing consumer interactions on our site (for example, measuring ad impressions);
  • Short-term, transient use, such as customizing content that we or our service providers display on the services;
  • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners; and
  • Other uses that we notify you about.

California Rights and Choices

Subject to certain restrictions, if you are a California resident, you have the right to request that we disclose the personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please visit the webpage Submit a Request, Copper Help Center. While completing this form is the best way to reach us, you may also email us at privacy-questions@copper.com or by calling us toll-free at (800) 941-0550.

Accessing and Deleting Your Personal Information

Right to request access to your personal information

If you are a California resident, you have the right to request that we disclose the categories of personal information that we collect, use, or sell about you. You may also request the specific pieces of personal information that we have collected about you. However, we may withhold some information where the risk to you, your personal information, or our business is too great to disclose the information.

Right to request deletion of your personal information

If you are a California resident, you may also request that we delete any personal information that we have collected from/about you. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. We need certain types of information so that we can provide our services. If you ask us to delete it, you may no longer be able to access or use our services.

How to exercise your access and deletion rights

California residents may exercise their California privacy rights by visiting our Customer Support center and submit the form located there. While completing this form is the best way to reach us, you may also email us at privacy-questions@copper.com or by calling us toll-free at (800) 941-0550.

For security purposes, we may request additional information from you to verify your identity when you request to exercise your California privacy rights.

Sales of Personal Information

California residents may opt out of the “sale” of their personal information. We do not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations.

Non-Discrimination Rights

California residents have the right to not be discriminated against for exercising their rights as described in this Supplemental Policy. We will not discriminate against you for exercising your CCPA rights.

Contact Information

Copper CRM, Inc.

2021 Fillmore St PMB2118

San Francisco, CA 94115

United States

Tel. No.: (800) 941-0550

privacy-questions@copper.com