Privacy Policy - Nemtech Solutions

Introduction

This Privacy Policy applies to all information collected through the NTS CRM web application and any related services (collectively, the "Service"). By using the Service, you consent to the data practices described in this policy.

Information We Collect

We collect information that you provide directly to us, including:

Personal Information: Name, email address, phone number, and other contact details
Account Information: Username, hashed password, subscription tier, and preferences
Payment Information: Billing address and payment details, processed securely through Stripe — we do not store full card numbers on our servers
Content You Create: Time entries, invoices, client and contact records, flip-book media (images and videos), voice recordings, companion interactions, and other information you enter into the Service
Usage Data: Information about how you use the Service, including access times, pages viewed, and features used
Device Information: IP address, browser type, operating system, and device identifiers

How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process transactions and send related information
Send promotional communications (with your consent)
Respond to your comments and questions
Analyze usage patterns to improve user experience
Detect and prevent fraud and abuse

Information Sharing

We do not sell your personal information. We share information only with trusted service providers who help us operate the Service, and only as necessary to deliver the features you use:

Payment Processing: Stripe — processes billing and subscription payments
Cloud Infrastructure: Microsoft Azure — hosting, database, and Azure Blob Storage for media files
AI Providers: OpenAI (companion chat, voice transcription, image generation, video generation), Google Gemini (multi-model chat tier), and Anthropic (companion chat) — power AI-assisted features. See "AI Features & Data Processing" below for details on what data is sent and how it's handled.
Email Delivery: Transactional and marketing email providers used to send account notifications and opt-in communications
Legal Requirements: When required by law, court order, or to protect our rights
Business Transfers: In connection with a merger, acquisition, or sale of assets

International Data Transfers

NTS CRM is hosted on Microsoft Azure infrastructure located in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. By using the Service, you acknowledge and consent to this transfer.

Where required by law — including for users in the European Economic Area, United Kingdom, and Switzerland — we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to safeguard cross-border transfers of personal information.

Data Security

We implement multiple layers of security to protect your information:

Encryption in Transit: All traffic to the Service uses HTTPS / TLS
Password Hashing: Passwords are stored using ASP.NET Identity's cryptographic hashing — we never store or log your password in plain text
Access Controls: Application endpoints require authentication by default, with role-based access for administrative functions
Rate Limiting: Authentication endpoints are rate-limited to deter brute-force and credential-stuffing attempts
Payment Card Isolation: Full card numbers are handled exclusively by Stripe (a PCI-DSS compliant processor) — they never touch our servers
Webhook Verification: Incoming webhooks from third parties are cryptographically verified before processing

No method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security — but we continuously improve our security posture and respond to emerging threats.

Cookies & Tracking

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Email Communications

Our emails may contain tracking pixels that tell us whether you have opened the email and which links you clicked. This helps us measure the effectiveness of our communications and improve our services. You can disable image loading in your email client to prevent this tracking.

AI Features & Data Processing

NTS CRM offers AI-powered features, including your AI Companion, voice time-entry transcription, AI-assisted writing and workflow tools, and an in-app assistant. When you use these features, the content you provide for that request — such as text prompts, voice recordings, or document excerpts — is sent to third-party AI providers to generate a response.

What we do:

We send only the content needed to fulfill your specific request — not your entire account or database.
We use our AI providers through their enterprise / API tiers, which by default do not use your inputs to train their foundation models.
Voice recordings used for transcription are processed to produce text and are not retained by us longer than needed for that feature.

Your control:

AI features only run when you invoke them (for example, by starting a chat or recording a voice entry) — they are not invoked in the background.
If you would like additional data-handling controls for regulated-industry compliance, please contact us.

Persistent companion memory:

Your AI Companion maintains a structured memory layer about you across sessions, so it can pick up where you left off. The memory is composed of four files — PERSONALITY, GOALS, PATTERNS, and ACHIEVEMENTS — that the companion writes to as it learns from your interactions and reads from when generating responses.

What's stored: Topics you've told the companion about, goals you've set, patterns the companion has noticed in your behavior, milestones you've reached, and your stated preferences. The memory is structured text — not a recording of every conversation.
How it's used: The relevant subset of your memory is included in the prompt sent to the AI provider on each request, so the companion's response is grounded in your context. Memory is not shared with other users, sold, or used to train external AI models.
Your control: You can review your companion memory at any time in Settings → Companion → Memory. You can edit individual entries, wipe specific files (for example, clear PATTERNS but keep ACHIEVEMENTS), or wipe all memory in one action. Wiping is immediate and irreversible — what's gone is gone.

Email Integration (Gmail & Outlook)

If you choose to connect a Gmail or Microsoft Outlook account to NTS CRM, we use OAuth 2.0 to do so — your provider authenticates you, and you grant NTS CRM scoped permissions. We never see or store your email password.

What we access:

Read: Your inbox, sent folder, and message metadata so we can surface email threads alongside the contacts and accounts they relate to in NTS CRM.
Write: When you send an email from within NTS CRM (for example, a follow-up to a contact or an invoice notification), we send it through your connected account so the message lands in your sent folder and reaches the recipient from your address.
Sync state: We store a small amount of metadata (message IDs, sync cursors, OAuth refresh tokens) needed to keep the integration working without repeatedly asking you to sign in.

What we don't do:

Read messages unrelated to your active work in NTS CRM. We don't scan your full inbox for advertising, training data, or any purpose other than the surfaces you opted into.
Share email content with third parties beyond the AI providers you explicitly invoke (for example, when you ask the companion to draft a reply).
Retain message bodies longer than needed to render them in the app. The authoritative copy of every message stays in your Gmail or Outlook account.

You can disconnect a connected email account at any time from Settings → Integrations. Disconnection revokes our OAuth tokens immediately; we delete the cached metadata within 30 days.

Data Retention

We retain your information for as long as needed to provide the Service. Our approach:

Active Accounts: While your account is active, we retain the data you create — client records, time entries, media, companion history, and so on — without an automatic expiration window. We don't quietly purge your work out from under you.
Recycling Bin: When you delete items such as media files from within the Service, they move to a recycling state where you can restore them. We currently retain recycling-bin items indefinitely. This policy may change in the future; if we introduce an automatic-purge window, we will update this policy and notify you in advance.
Account Deletion Requests: When you request deletion of your account (see "Account Deletion" below), we permanently remove your personal data within 30 days of verifying the request, except as noted.
Financial & Legal Records: Billing, invoicing, and tax-relevant records may be retained for up to 7 years to comply with accounting and tax-reporting obligations.
Backups: Routine encrypted backups may retain copies of data for up to 90 days after deletion from production systems, after which they are overwritten.
De-Identified Data: Information that has been aggregated or de-identified such that it can no longer be linked to you may be retained indefinitely for analytics and product improvement.

Your Privacy Rights

You have the following rights regarding your personal information. Some rights apply broadly; others may vary by jurisdiction (for example, GDPR for EU/UK residents, CCPA for California residents — see the California Privacy Rights section below).

Access: Request a copy of the personal information we hold about you.
Correction: Request that we correct inaccurate or incomplete information.
Deletion: Request that we delete your personal information, subject to legal retention requirements.
Portability: Request your data in a structured, machine-readable format so you can move it elsewhere.
Restriction: Request that we limit how we process your information in specific circumstances.
Objection: Object to certain types of processing, including for direct marketing.
Withdraw Consent: Withdraw any consent you previously provided, at any time.
Marketing Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link or by contacting us.

To exercise any of these rights, email us at privacy@nemtechsolutions.com. We will respond within 30 days. We will not discriminate against you for exercising your rights.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights over your personal information.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. This is a core part of how we operate — not a disclaimer.

As a California resident, you have the right to:

Right to Know: Request what personal information we collect, use, disclose, and retain about you.
Right to Delete: Request deletion of your personal information.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: Not applicable in our case, since we do not sell or share your information — but the right is available to you should our practices ever change.
Right to Limit Use of Sensitive Personal Information: Request limits on how we use any sensitive personal information.
Right to Non-Discrimination: You will not be denied service, charged different prices, or otherwise penalized for exercising any CCPA right.

To exercise your California privacy rights, contact us at privacy@nemtechsolutions.com. We will verify your identity before processing your request.

Account Deletion

You can request deletion of your account and associated personal data at any time.

How to request: Email privacy@nemtechsolutions.com from the email address on your account, with the subject line "Account Deletion Request."

What happens:

We verify the request and confirm by email before proceeding.
Within 30 days of verification, we permanently remove your personal information, account credentials, and the content you created — including media in the recycling bin.
Financial and tax records may be retained for up to 7 years as required by law (see Data Retention above).
Encrypted backups containing your data are cycled out within 90 days.
De-identified or aggregated data that cannot be linked back to you may be retained indefinitely for analytics and product improvement.

Account deletion is permanent and cannot be undone. If you only want to stop receiving marketing communications, use the unsubscribe link in any marketing email instead of deleting your account.

Age Requirement

NTS CRM is intended for business and professional use by adults. You must be at least 18 years of age to create an account or use the Service. We do not knowingly collect personal information from anyone under 18. If you believe we may have collected information from a minor, please contact us and we will promptly delete it.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@nemtechsolutions.com.

🔒 Privacy Policy

Quick Navigation