Skip to main content

Privacy Policy

How we collect, use, and protect your personal information

Last updated: 10 February 2026

1. Introduction

Thrust CRM ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform and related services.

We are a UK-based company and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, phone number, billing address
  • Profile Information: Job title, profile photo, preferences
  • Customer Data: Contact information, communication logs, custom fields you add to your CRM
  • Payment Information: Processed securely by Stripe (we don't store full card details)
  • Communications: Messages you send us, support tickets, feedback

2.2 Information Collected Automatically

  • Usage Data: Pages viewed, features used, time spent, actions taken
  • Device Information: IP address, browser type, operating system, device ID
  • Cookies: See our Cookie Policy for details
  • Log Data: Server logs, error reports, performance metrics

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Operate and maintain Thrust CRM, process transactions, provide customer support
  • Improve the Service: Analyze usage patterns, develop new features, fix bugs, enhance security
  • Communicate: Send service updates, security alerts, promotional emails (with your consent)
  • Personalize: Customize your experience, recommend features, tailor content
  • Ensure Security: Detect fraud, prevent abuse, protect against security threats
  • Legal Compliance: Comply with legal obligations, respond to legal requests

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

  • Contract Performance: To provide the CRM service you signed up for
  • Legitimate Interests: To improve our service, ensure security, prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For marketing communications (which you can withdraw anytime)

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party providers who help us operate our service:

  • Stripe: Payment processing (PCI-compliant)
  • AWS: Cloud hosting and infrastructure (UK/EU servers)
  • Mailgun: Email delivery
  • HubSpot: Optional CRM sync (if you enable it)
  • Twilio: SMS/WhatsApp messaging (if you enable it)

5.2 Business Transfers

If we merge with or are acquired by another company, your data may be transferred as part of that transaction. We'll notify you before your data is subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.4 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Infrastructure: Secure AWS hosting with regular backups
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security audits and penetration testing

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

7. Data Retention

We retain your data for as long as:

  • Your account is active
  • Needed to provide you services
  • Required to comply with legal obligations (e.g., tax records for 7 years)
  • Necessary to resolve disputes or enforce our agreements

When you close your account, we delete or anonymize your data within 30 days, except where we're legally required to retain it.

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Unsubscribe from marketing emails anytime

To exercise these rights, contact us at privacy@thrustcrm.com. We'll respond within 30 days.

9. International Data Transfers

Our servers are located in the UK and EU. If you access our service from outside these regions, your data may be transferred to and processed in the UK/EU. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Thrust CRM is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar technologies to provide, improve, and secure our service. See our Cookie Policy for detailed information about how we use cookies and your choices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes by email or through a prominent notice in the application. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

14. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Related Legal Documents

Terms of Service → Cookie Policy → GDPR Compliance → Security → Acceptable Use →