Draft — pending legal review
Data-Purchase Transfer & CCPA Disclosure
Version 2026-07-04.1
1. Your Records Are Yours
A rep's field-captured records — companies, contacts, notes, photos, and enriched profiles created in their personal workspace — belong to that rep and stay theirs for as long as they use FlyCRM, regardless of which staffing agency they work for.
2. Data-Purchase Transfer Disclosure
A company (agency) workspace may pay to acquire a rep's data that is tied to that company's own workspace — for example, records the rep created while working an assignment for that agency. Before any such transfer takes effect:
- The rep is shown exactly which records are proposed for transfer;
- The rep must explicitly approve the transfer before it is executed;
- The transfer is atomic and logged — either the full proposed set moves, or none does, with a timestamped audit entry recording who approved what and when;
- Records the rep created outside that company's workspace (their personal CRM) are never included in a purchase transfer.
3. California Consumer Privacy Act (CCPA) Notice
If you are a California resident, you have the following rights with respect to personal information FlyCRM processes about you:
- Right to know — what personal information we collect, use, and disclose, and for what purpose;
- Right to delete — request deletion of personal information we hold about you, subject to legal retention exceptions;
- Right to opt out of sale/sharing — FlyCRM does not sell personal information to third-party advertisers; the data-purchase transfer described above is a rep-approved, workspace-scoped transfer, not a sale to an unrelated third party, and reps may decline any individual transfer request; and
- Right to non-discrimination — we will not deny service or charge a different price for exercising these rights.
To exercise any of these rights, contact us at privacy@flycrm.ai. We will verify your identity before fulfilling a request.
4. Consent Record-Keeping
Acceptance of this disclosure is recorded with a timestamp and the version string shown above (“text_version”). If this disclosure materially changes, the version is bumped and affected users are asked to re-consent.
5. Data Security
All records are partitioned by workspace (Space) and protected by Postgres row-level security; only members of a Space can read that Space's data. Field media (photos, OCR captures) are stored in private buckets, accessed only via time-limited signed URLs.