Privacy Policy

We collect information that you provide directly when using Mortar CRM, including:

• Account information: name, email address, and password when you register
• Workspace data: company records, contacts, projects, opportunities, and activities you create within the platform
• Communication data: messages sent through the contact form or support channels
• Usage data: information about how you interact with the Service, including login times, features used, and pages visited

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your account registration and manage your subscription
• Send transactional communications (e.g., password resets, reminder notifications)
• Respond to your enquiries and provide customer support
• Monitor and analyse usage trends to improve user experience
• Detect, prevent, and address technical issues or security threats

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

• Within your workspace: data you create is visible to other members of the same workspace according to their role permissions
• Service providers: we may share information with third-party providers who help us operate the Service (e.g., hosting, email delivery), subject to confidentiality agreements
• Legal requirements: we may disclose information if required by law or in response to valid legal processes
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

Your data is stored on secure servers. We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Workspace data (companies, projects, activities) is retained for the lifetime of the workspace. Workspace owners can export their data at any time.

Under applicable data protection laws (including GDPR for UK/EU users), you have the right to:

• Access your personal data and request a copy
• Rectify inaccurate or incomplete personal data
• Erase your personal data (“right to be forgotten”)
• Restrict processing of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing of your personal data

To exercise any of these rights, please contact us through our About page.

We use essential cookies to maintain your authentication session and store your preferences (such as theme settings). We do not use tracking or advertising cookies. No third-party analytics cookies are used.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the “Last updated” date above and, where possible, by sending an email notification.

If you have any questions about this Privacy Policy or our data practices, please contact us through the contact form on our About page.