Last updated: April 20, 2026

Welcome to Gordon CRM. This Privacy Policy describes how Gordon CRM ("we", "us", or "our") collects, uses, and discloses information about you when you use our website, application, and related services (collectively, the "Service").

1. Our Role: Controller vs. Processor

Because Gordon CRM is a Customer Relationship Management (CRM) platform, we handle personal data in two distinct ways:

As a Data Controller: We act as a data controller when we collect information directly from you when you create a Gordon CRM account, visit our website, or request customer support. We determine the purposes and means of processing this data.
As a Data Processor (Service Provider): We act as a data processor when our customers (Workspace Owners) use our Service to collect, store, and process personal data about their own leads, contacts, and clients ("Contact Data"). We only process Contact Data on behalf of our customers and strictly according to their instructions. If you are a contact or client of a Gordon CRM customer and wish to exercise your privacy rights regarding your data, please contact that Gordon CRM customer directly.

2. Information We Collect

A. Information You Provide to Us (Account Data)

When you sign up for an Account, communicate with us, or pay for the Service, we collect:

Identifiers: First and last name, email address, phone number, and physical address.
Professional Information: Company name and job title.
Billing Information: Payment details processed securely via our third-party provider, Stripe. We do not store full credit card numbers on our servers.

B. Information We Process on Your Behalf (Contact Data)

When you use Gordon CRM, you may import or collect data regarding your customers, including names, emails, phone numbers, and other data fields. You retain all ownership of this Contact Data. We only access or use this data to provide the Service to you, resolve technical issues, or as required by law.

C. Information We Collect Automatically

When you access the Service, we automatically collect:

Usage Data: Diagnostic data, features accessed, session duration, and how you navigate the platform.
Device Information: Internet Protocol (IP) address, browser type, operating system, and device identifiers.
Cookies: We use only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.
Consent Records: When you submit a form or register for an event through Gordon CRM, we may record your IP address at the time of submission to maintain a verifiable record of consent, as required by applicable anti-spam legislation.
Email Engagement Data: When marketing or transactional emails are sent through Gordon CRM, we may embed tracking technologies (such as tracking pixels and wrapped links) to measure delivery, open rates, and click-through rates. These features can be disabled on a per-campaign or per-broadcast basis within the platform.

3. How We Use Your Information

We use the Account Data and Usage Data we collect as a Data Controller for the following purposes:

To Provide and Maintain the Service: Creating your account, authenticating your login, and ensuring platform stability.
To Process Payments: Facilitating subscription billing through our payment processors.
To Communicate with You: Sending administrative emails, technical alerts, security notices, and customer support responses.
To Improve the Service: Analyzing usage trends to develop new features and optimize the user experience.
For Marketing: Sending promotional communications about Gordon CRM (you may opt out of these at any time).
To Ensure Security: Detecting, preventing, and addressing fraud, unauthorized access, or illegal activity.

4. How We Disclose Your Information

We do not sell your personal data. We only share your information in the following circumstances:

With Service Providers (Sub-processors): We share data with trusted third-party vendors who assist us in operating our Service (e.g., cloud hosting providers like Supabase/AWS, payment processors like Stripe, and email delivery services). These providers are contractually bound to protect your data.
Third-Party Integrations: If you choose to connect third-party applications (e.g., Eventbrite) to your Gordon CRM workspace, data will be shared with those services according to the permissions you grant.
Legal Compliance: We may disclose your information if required to do so by law, court order, or to protect the rights, property, or safety of Gordon CRM, our users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

5. Data Retention and Security

We implement commercially reasonable technical, organizational, and physical security measures to protect your data. However, no internet transmission is 100% secure. We retain your Account Data for as long as your account is active or as needed to comply with our legal obligations. If you delete your account, we will delete or anonymize your data in accordance with our retention policies, barring legal requirements to hold it.

6. Your Privacy Rights

Depending on your location (such as California, the UK, or the European Economic Area), you may have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Deletion: Request the deletion of your personal data.
Opt-Out: Unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in our emails.

To exercise these rights regarding your Account Data, please contact us at the email address below. (Note: If you wish to exercise these rights regarding Contact Data stored by a Gordon CRM user, you must contact that user directly).

Regional and State Privacy Rights

Depending on your location, including but not limited to California (under the CCPA), Virginia, Colorado, or the European Economic Area (under the GDPR), you may be granted specific rights regarding your personal data. These may include the right to access, delete, correct, or restrict the processing of your Account Data, as well as the right to opt-out of the sale or sharing of your data.

Gordon CRM does not sell your personal data.

If you are a resident of a jurisdiction that grants these specific rights and you wish to exercise them regarding the Account Data we hold about you as a Data Controller, please submit a verifiable request to [email protected]. We will process your request in accordance with applicable local laws and timelines.

Please Note: If your request relates to Contact Data stored within a Gordon CRM workspace, we act only as a Data Processor. We cannot delete or modify Contact Data directly. You must submit your request directly to the Gordon CRM customer (the Workspace Owner) who controls your data, and we will assist them in fulfilling your request as required by our agreements with them.

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Address: Gordon CRM, Prior Lake, MN, United States
Website: https://gordoncrm.com/