Privacy Policy

Golden Hour CRM ("we", "our", or "us") operates goldenhourcrm.com and provides a client relationship management platform for photography professionals. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.

By using Golden Hour CRM you agree to the collection and use of information as described in this policy.

Information you provide directly:

• Account information — name, email address, and password when you create an account
• Studio and business details — studio name, logo, website, and branding settings
• Client data — names, email addresses, phone numbers, and other contact information you add for your clients
• Financial data — invoice details, contract information, and payment records you create in the platform
• Communications — emails, questionnaires, and messages you send through the platform
• Media — images and files you upload for use in email templates or client communications

Information collected automatically:

• Usage data — pages visited, features used, and actions taken within the platform
• Device information — browser type, operating system, and IP address
• Authentication logs — login times and session data

Information from third parties:

• Payment data — when clients pay invoices through Stripe, Stripe processes the payment directly. We receive confirmation of payment status but never store full card numbers or sensitive payment details
• Email delivery data — Resend and Mailgun provide delivery status and reply data for emails sent through the platform
• Calendar data — if you connect Google Calendar or Outlook we access only the events and calendars you authorize

We use the information we collect to:

• Provide, operate, and maintain the Golden Hour CRM platform
• Process transactions and manage your account
• Send emails and communications on your behalf to your clients
• Enable workflow automations you configure
• Provide customer support and respond to your requests
• Improve and develop new features for the platform
• Comply with legal obligations
• Detect and prevent fraud or abuse

We do not sell your data or your clients' data to third parties. We do not use your clients' information for any purpose other than providing the services you have requested.

Your data is stored securely using Supabase, a managed database platform with enterprise-grade security. All data is encrypted at rest and in transit using industry-standard TLS encryption.

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

• Row-level security policies ensuring users can only access their own data
• Encrypted storage for sensitive credentials such as payment processor keys
• Secure authentication via OAuth and industry-standard session management
• Regular security monitoring and updates

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data we cannot guarantee absolute security.

When you add clients to Golden Hour CRM you act as the data controller for their information. We act as a data processor on your behalf. This means:

• You are responsible for ensuring you have appropriate consent or legal basis to store your clients' information
• You are responsible for informing your clients about how their data is used
• We process client data only as directed by you through the platform
• We do not contact your clients independently or use their data for our own marketing

Golden Hour CRM integrates with the following third-party services. Each has its own privacy policy:

• Stripe — payment processing (stripe.com/privacy)
• Resend — outbound email delivery (resend.com/privacy)
• Mailgun — inbound email handling (mailgun.com/privacy)
• Supabase — database and authentication (supabase.com/privacy)
• Vercel — hosting and deployment (vercel.com/legal/privacy-policy)
• Anthropic — AI assistant features (anthropic.com/privacy)
• Google — optional Google Calendar integration and sign-in (policies.google.com/privacy)
• Twilio — optional SMS messaging when connected by user (twilio.com/legal/privacy)

We retain your account data for as long as your account is active. If you delete your account:

• Your account and studio data will be permanently deleted within 30 days
• Client data you have stored will be permanently deleted within 30 days
• Financial records may be retained for up to 7 years to comply with legal and tax obligations
• Anonymized usage statistics may be retained indefinitely

Depending on your location you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data
• Portability — request an export of your data in a machine-readable format
• Objection — object to certain types of processing

To exercise any of these rights please contact us at contact@zyncaisolutions.com.

We use essential cookies and local storage to maintain your login session and platform preferences. We do not use advertising or tracking cookies. We do not use third-party analytics services that track you across websites.

Golden Hour CRM is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data please contact us:

Golden Hour CRM
Email: contact@zyncaisolutions.com
Website: goldenhourcrm.com