Privacy Policy

1. Information We Collect

When you create an account, we collect your name, email address, and company name. When you upload lead lists for scrubbing, we process the phone numbers and email addresses contained in those files.

When you connect a CRM (GoHighLevel, Close.com, HubSpot, Zoho CRM, and others), we store an encrypted OAuth token to access your account. We collect your CRM location ID and connection status. During weekly scrubs, we temporarily access your contact names and phone numbers to check against our databases — this data is not permanently stored outside your CRM.

2. How We Use Your Data

We use your account information to provide and manage our services. Lead list data uploaded via CSV is processed in real time for DNC and litigator matching and is permanently deleted immediately after your clean list is ready for download. We never store, sell, or share your lead data.

CRM contact data is accessed only during the weekly Saturday scrub. Contacts matching our suppression databases are removed or tagged directly in your CRM. We do not copy your full contact list to our servers.

3. Data Retention

Uploaded lead files are processed in memory and deleted immediately upon completion. We retain your account information (name, email, company) for as long as your account is active. Scrub job metadata (file name, counts, timestamps) is retained for your compliance records.

OAuth tokens are stored encrypted for as long as your CRM is connected. Scrub run results (counts, dates, status) are retained for your compliance records. Contact-level data from CRM scrubs is not retained.

4. Security

All data is transmitted over 256-bit SSL/TLS encryption. We use industry-standard security practices to protect your account information.

OAuth tokens are encrypted using AES-256-GCM. All API communications use HTTPS. Row Level Security ensures users can only access their own data. Webhook communications are protected against replay attacks.

5. Third-Party Services

We use Supabase for database and authentication, Railway for backend processing, Vercel for frontend hosting, Resend for email delivery, and CRM APIs (GoHighLevel, Close.com, HubSpot, Zoho CRM, Salesforce) for integration. We access public court record databases (CourtListener, Justia, PACER) to build our litigator suppression database.

We do not share your personal or business data with any of these services beyond what is necessary to provide our service.

6. Your Rights

You can request deletion of your account and all associated data by emailing support@ventracompliance.com. You can disconnect your CRM at any time from your dashboard, which immediately revokes our access.

California residents have additional rights under the CCPA. EU residents have additional rights under GDPR.

7. Cookies

We use cookies only for authentication and session management. We do not use tracking cookies or share cookie data with third parties.

8. Contact

For privacy-related questions, contact us at support@ventracompliance.com.