Privacy Policy

Last updated: June 16, 2026

Smart Marketing CRM (“Smart Marketing CRM,” “we,” “us”) is an AI assistant that works on top of the business tools you already use — your CRM, email, and calendar — to help you run your marketing and sales. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. We wrote it to be readable.

We built the product around a simple promise: your business data is yours. We don’t sell it, we don’t use information that identifies you or your contacts to train AI models, and we only access it to do the work you’ve asked us to do.

Information we collect

  • Account information. When you sign up, our authentication provider (currently Clerk) collects your name, email, and login credentials. You can also tell us your role, goals, communication style, and briefing preferences so we can tailor the assistant. We never receive the passwords you use for connected tools.
  • Connections to your tools. When you connect a tool (such as HighLevel, Keap, HubSpot, Gmail, Google Calendar, or Calendly), we store the access keys (OAuth tokens) that let us work with it on your behalf. These keys are encrypted at rest and bound to your account, so a single stolen database record can’t be reused elsewhere.
  • Business data from your connected tools. To do its job, the assistant reads data from the tools you connect — for example, your contacts, deals/opportunities, and calendar events. This can include personal information about your own customers and contacts. We process that information on your behalf and under your direction, solely to provide the service to you. You are the controller of that data and you are responsible for having the right to share it with us; we act as your service provider (processor) for it.
  • Your conversations with the assistant. We store the messages you exchange with the assistant, along with its drafts and suggestions, so your history is available across sessions. This is kept in our own database.
  • Activity and audit logs. When the assistant proposes or takes an action, we keep a record of what was proposed, what you approved, and the result, so there is an honest trail. Access keys and sensitive details are redacted before this record is saved.
  • Preferences the assistant learns. As you use the product, we store preferences and facts you’ve shared (for example, “I prefer a casual tone”) so the assistant improves over time. This stays in our own database, not a third-party memory service.
  • Technical data. Like most online services, our hosting and infrastructure providers automatically process basic technical data such as IP address, device and browser type, and timestamps to keep the service secure and running.

How we use your information

  • Provide, operate, and personalize the service.
  • Carry out the actions you ask the assistant to take.
  • Keep the service secure, debug problems, and prevent abuse.
  • Communicate with you about your account, security, and important changes.
  • Comply with our legal obligations.

We use your data to operate and personalize the service for you — including remembering your preferences so the assistant becomes more useful over time. Your data and conversations stay tied to your account and are used to help you, not to benefit other customers.

We don’t sell your data, and we don’t use information that identifies you or your contacts to train AI models. We may use de-identified and aggregated information — which can’t reasonably be linked back to you — to analyze, operate, improve, and develop the service.

AI processing

The assistant is powered by leading AI models (currently Anthropic’s Claude). When you use AI features, the relevant prompt and context — which may include information from your connected tools — are sent to our AI provider to generate a response. Under our agreements with them, our AI providers do not use your prompts or the responses to train their models; they may retain them for a short period to monitor for abuse and keep the service safe. The output is stored as part of your conversation history and, where relevant, the preferences the assistant learns; it may also pass through the providers we use to operate and monitor the service.

Who we share information with

We don’t sell or rent your information. We share it only with service providers who help us run the product, and only as needed for them to do so. These include providers for:

  • AI processing — generating the assistant’s responses and features (currently Anthropic).
  • Authentication — signing you in and managing your account (currently Clerk).
  • Hosting and data storage — running the app and storing your data (currently Vercel and Neon).
  • Operations, security, and monitoring — keeping the service reliable, secure, and debuggable.

These are reputable providers, contractually bound to protect your information and to use it only to provide their services to us. The specific providers we rely on may change as the product evolves; for changes that materially affect how your data is handled, we’ll give notice. We may also disclose information if required by law, to protect the rights or safety of our users or the public, or in connection with a merger, acquisition, or sale of assets — in which case we will continue to honor this Policy.

Where your data is processed

Your information is primarily stored and processed in the United States. Some of our providers may process limited data in other regions in line with their own terms. If you access the service from outside the U.S., you understand and agree that your information may be processed in the U.S. and elsewhere, where data-protection laws may differ from those where you live. Wherever it is processed, your information stays subject to this Policy and the protections we put in place.

How long we keep it

We keep your information for as long as your account is active and as needed to provide the service. When you disconnect a tool or close your account, we remove data as described in “Your choices and rights” below. We may retain limited records — such as audit logs and information we need for legal, security, or accounting reasons — for a reasonable period afterward.

How we protect your information

We serve the product over encrypted connections (HTTPS). We encrypt connected-tool access keys using strong, industry-standard encryption, bound to your account, so a single stolen record can’t be reused elsewhere. Our database provider encrypts stored data at rest. We isolate each customer’s data to their own account and redact access keys and sensitive values from our audit logs.

No system is perfectly secure, but security is something we design for and take seriously. If a data breach affects your personal information, we will notify you and any regulators as required by applicable law.

Your choices and rights

  • Disconnect a tool. You can disconnect any connected tool at any time from your Profile. When you do, we immediately delete the stored access keys and stop accessing that tool. We keep a minimal connection record (without the keys) for security and audit history.
  • Access, export, or delete your data. You can ask for a copy of your personal information, or ask us to delete it, by emailing evan@nisonco.com. We’ll respond within a reasonable time and as required by law. Some information may be retained where we have a legal obligation or legitimate business need, such as audit or financial records.
  • Control the assistant’s autonomy. You decide how much the assistant can do on its own. By default it works in a plan-first mode — it proposes outbound and account-changing actions rather than performing them itself. When you switch it to act on your behalf, outbound and account-changing actions can still pause in a hold-to-send buffer for your review, even for categories marked “Auto.” You control all of this — “Plan” or “Act,” and per category “Auto,” “Ask,” or “Never” — in your Profile.
  • Regional rights. Depending on where you live, you may have additional rights — for example, under the GDPR or California’s CCPA/CPRA — such as the right to access, correct, delete, port, or object to certain processing, and the right not to be discriminated against for exercising them. Contact us to exercise any of these rights.

Cookies and similar technologies

We use essential cookies to keep you signed in, secure your session, and complete tool connections. We don’t use advertising cookies. You can control cookies through your browser, but disabling essential ones may stop sign-in and core features from working.

Children

The service is built for businesses and is not directed to anyone under 18. We do not knowingly collect information from children.

Changes to this Policy

We may update this Policy as the product evolves. We’ll post the new version here with an updated date, and for material changes we’ll give you notice — for example, by email or in the app.

Contact us

Questions or requests about your privacy? Email evan@nisonco.com and we’ll help.

← Back home