BusyBuddy logoBusyBuddy

Privacy Policy

Effective Date: May 18, 2026

1. Introduction

BUSYBUDDY, LLC (“BusyBuddy,” “we,” “us,” or “our”) provides customer relationship management (CRM) software and related services (the “Services”).

This Privacy Policy explains how we collect, use, disclose, and protect personal information when:

  • Businesses use our CRM platform
  • Individuals interact with our website
  • We process data through integrations such as Meta (Facebook) Lead Ads, APIs, and other third-party services

We comply with applicable global privacy laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other applicable state and international laws.

2. Roles & Data Controller Information

A. When You Visit Our Website

BusyBuddy acts as the Data Controller of your personal information.

B. When Our Customers Use BusyBuddy

Our business customers are the Data Controllers of the personal data they collect. BusyBuddy acts as a Data Processor on their behalf.

If you submitted information to one of our customers via Meta Lead Ads or another channel, please contact that business directly regarding your data.

3. Personal Information We Collect

We may collect the following categories of personal information:

A. Information You Provide Directly

  • Name
  • Email address
  • Phone number
  • Company name
  • Account login credentials
  • Billing information

B. Information Collected Automatically

  • IP address
  • Device information
  • Browser type
  • Usage activity within our platform
  • Cookies and tracking identifiers

C. Information Collected Through Integrations

When customers connect third-party platforms (such as Meta/Facebook, Square, or other APIs), we may receive:

  • Lead form data (name, email, phone)
  • Advertising metadata (campaign ID, ad ID, source)
  • Payment or transaction-related customer information
  • Marketing attribution data
  • Hashed identifiers used for matching and measurement

We process this information strictly in accordance with customer instructions.

4. How We Use Personal Information

We use personal information to:

  • Provide and operate our CRM Services
  • Process and store customer lead data
  • Enable integrations with third-party platforms (e.g., Meta Lead Ads)
  • Improve system performance and analytics
  • Communicate with users
  • Prevent fraud and ensure security
  • Comply with legal obligations

We do not sell personal information.

5. Legal Bases for Processing (GDPR/UK Users)

We process personal data based on:

  • Contract performance
  • Legitimate interests
  • Consent (where required)
  • Legal obligations

6. Third-Party Integrations & Advertising Tools

Our Services may integrate with third-party platforms, including:

  • Meta (Facebook) Lead Ads and APIs
  • Google Calendar via Google APIs
  • Advertising measurement tools
  • Payment processors
  • Marketing automation tools

When data is transmitted to Meta or other advertising platforms (for example, via Conversions API or similar tools), it may include hashed identifiers for ad measurement and audience matching.

We encourage users to review the privacy policies of third-party platforms used by our customers.

6a. Google API Services — Limited Use Disclosure

BusyBuddy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you choose to connect a Google account, BusyBuddy requests access to your Google Calendar (read and write events you create through BusyBuddy) for the sole purpose of syncing calendar events between BusyBuddy and your Google Calendar. Specifically:

  • We use Google Calendar data only to provide the user-facing calendar-sync features described in-product.
  • We do not use Google user data to develop, improve, or train generalized or AI/ML models.
  • We do not sell, rent, or transfer Google user data to third parties for advertising, data brokering, credit-worthiness, or any other unrelated purpose.
  • Humans do not read Google user data except (a) with your explicit consent, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations in accordance with the policy.
  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM. You can disconnect at any time under Settings → My integrations, which revokes our tokens at Google and deletes all calendar event mirrors associated with your account.

7. Data Sharing & Disclosure

We may share personal information with:

  • Service providers (hosting, infrastructure, email providers)
  • Payment processors
  • Analytics providers
  • Government authorities when legally required

We do not sell personal information or share it for cross-context behavioral advertising outside of our customers’ instructions.

7a. Sub-processors

BusyBuddy engages the following sub-processors to deliver the Services. Each is bound by a written data processing agreement and processes personal data only on our documented instructions and in line with this Policy. We will provide reasonable prior notice of material additions or replacements where required by applicable law or a customer's data processing agreement.

Sub-processorPurposeData location
Supabase (via Lovable Cloud)Managed Postgres database, authentication, file storageUnited States
Cloudflare, Inc.CDN, edge runtime, DDoS protection, DNSGlobal edge network
LovableApplication hosting, build pipeline, error monitoringUnited States / EU
Google LLCOAuth, Google Calendar integration, Google Ads lead-form integration (customer-enabled)United States
Meta Platforms, Inc.Facebook / Instagram Lead Ads integration (customer-enabled)United States
Stripe, Inc.Subscription billing for BusyBuddy plansUnited States
Square, Inc. (Block)Customer invoicing & payments integration (customer-enabled)United States
PayPal Holdings, Inc.Customer invoicing & payments integration (customer-enabled)United States
Resend, Inc.Transactional email delivery (invites, contracts, notifications)United States
Angi Inc.Lead ingestion webhooks (customer-enabled)United States

An up-to-date list is also available on request at privacy@busybuddycrm.com.

8. International Data Transfers

We may process data in the United States and other jurisdictions.

When transferring data internationally, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions (where applicable)
  • Other legally approved safeguards

9. Data Retention

We retain personal information:

  • As long as required to provide our Services
  • According to customer account settings
  • As required by law
  • Until deletion is requested and legally permissible

Customers may delete records within their CRM account at any time.

10. Your Privacy Rights and Data Deletion

Depending on your jurisdiction (such as the EU/UK under GDPR or California under the CCPA), you may have the right to access, correct, restrict, object to, or permanently delete your personal data.

How to Exercise Your Rights

Automated Self-Service Deletion

The fastest way to remove your data is directly within the BusyBuddyCRM platform:

  • To delete your personal profile: Navigate to Settings > Account and click "Delete My Account." You will be asked to confirm deletion.
  • To delete all organization data: Organization admins can navigate to Settings > Account and click "Delete Organization." You will be asked to confirm deletion.

Please note: Deleting an Organization permanently erases all associated data, customer records, and user seats within that workspace. This action is irreversible.

Alternative Requests & Verification

If you cannot access your account or you are requesting end-customer data deletion, you can submit a deletion request by emailing privacy@busybuddycrm.com. To protect your security, email requests for account deletion require identity verification. We will send a confirmation link to the registered email address on file before purging any records.

Response Timeline

Self-service deletions take effect immediately. Manual requests submitted via email will be acknowledged within 10 days and fully processed within 30 days (GDPR) or 45 days (CCPA).

Service Provider Disclosure

BusyBuddyCRM primarily acts as a data processor on behalf of our business clients. If you are an end-customer whose data was collected by one of our business users, we cannot delete your data directly. We will redirect your request to that specific business customer for processing.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain sessions
  • Improve performance
  • Analyze usage
  • Support integrations

Users may control cookie preferences through browser settings.

12. Security

We implement administrative, technical, and physical safeguards designed to protect personal information.

No system is 100% secure, but we take reasonable measures to protect data from unauthorized access.

13. Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children.

14. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

15. Contact Information

BUSYBUDDY, LLC

PO Box 681103

Franklin, TN 37068

Email: privacy@busybuddycrm.com