Privacy Policy

Last Updated: January 29, 2026 | Effective Date: January 29, 2026

1. Introduction

Chosen CRM Inc. ("ChosenCRM," "we," "us," or "our") is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our mortgage customer relationship management platform and related services (collectively, the "Service").

ChosenCRM is a software-as-a-service (SaaS) platform designed for mortgage professionals. We understand the sensitivity of financial information and are committed to maintaining the highest standards of data protection in compliance with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), and other applicable federal and state privacy laws.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect several types of information from and about users of our Service, including:

2.1 Personal Information

Information that identifies you as an individual, including:

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Company name and title
  • NMLS number (for licensed mortgage professionals)
  • Profile photo (if provided)
  • Payment and billing information

2.2 Financial Information

Information related to mortgage lending activities that you or your borrowers input into the platform:

  • Loan amounts and terms
  • Property information and valuations
  • Income and employment data
  • Credit score ranges (not actual credit reports)
  • Debt-to-income ratios
  • Asset information
  • Loan application status and history

2.3 Borrower Data

When you use ChosenCRM to manage your mortgage pipeline, you may input information about your borrowers, including:

  • Borrower names and contact information
  • Loan application details
  • Communication history
  • Document uploads
  • Notes and comments

Important: You are the data controller for borrower data you input into ChosenCRM. You are responsible for obtaining appropriate consents and providing privacy notices to your borrowers as required by law.

2.4 Usage Data

Information about how you access and use the Service:

  • Login times and session duration
  • Features accessed and actions taken
  • Search queries within the platform
  • Performance and error data
  • User preferences and settings

2.5 Device and Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Screen resolution
  • Time zone and location (city/region level)
  • Referring website URLs

3. How We Collect Information

3.1 Information You Provide Directly

We collect information when you:

  • Create an account or register for our Service
  • Complete your user profile
  • Subscribe to our Service and provide payment information
  • Input lead and borrower data into the platform
  • Upload documents or files
  • Contact our customer support team
  • Participate in surveys, promotions, or feedback requests
  • Communicate with us via email, phone, or chat

3.2 Information from Your Borrowers

When you use our borrower portal or application features, your borrowers may submit information directly through our platform. This information is collected on your behalf and is subject to your privacy practices and disclosures.

3.3 Automatic Collection

We automatically collect certain information when you access our Service through:

  • Cookies: Small data files stored on your device that help us remember your preferences, authenticate your session, and understand how you use our Service.
  • Analytics Services: We use analytics providers to help us understand usage patterns and improve our Service.
  • Log Files: Our servers automatically record information about your visit, including IP address, browser type, pages visited, and timestamps.

3.4 Information from Third Parties

We may receive information from:

  • LOS Integrations: When you connect to loan origination systems (such as Arive), we receive loan data you authorize for synchronization.
  • OAuth Providers: If you sign in using Google or other authentication providers, we receive basic profile information.
  • Payment Processors: Our payment partners provide transaction confirmations and billing updates.
  • Integration Partners: When you connect third-party services via Zapier or our API, we may receive data from those services as configured by you.

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Maintain the Service

  • Create and manage your account
  • Process your subscription and payments
  • Deliver the features and functionality of ChosenCRM
  • Provide customer support and respond to inquiries
  • Enable integrations with third-party services you authorize

4.2 Process Transactions

  • Process subscription payments
  • Send invoices and billing notifications
  • Manage refunds and credits
  • Prevent fraudulent transactions

4.3 Communicate with You

  • Send service-related announcements and updates
  • Respond to your comments, questions, and requests
  • Send technical notices and security alerts
  • Send marketing communications (with your consent, where required)
  • Notify you about changes to our Service or policies

4.4 Improve Our Service

  • Analyze usage trends and user behavior
  • Identify and fix bugs and technical issues
  • Develop new features and enhancements
  • Conduct research and analysis to improve user experience
  • Train and improve our AI-powered features

4.5 Ensure Security and Compliance

  • Protect against unauthorized access and fraud
  • Monitor for suspicious activity
  • Enforce our Terms of Service
  • Comply with legal obligations

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud hosting and infrastructure (AWS, Vercel)
  • Payment processing (Stripe)
  • Email delivery services
  • SMS/messaging services
  • Analytics providers
  • Customer support tools

These providers are bound by contractual obligations to keep information confidential and use it only for the purposes for which we disclose it to them.

5.2 LOS and Third-Party Integrations

When you connect ChosenCRM to loan origination systems (like Arive), Zapier, or other third-party services, we share data as necessary to enable the integration functionality you have configured. These integrations are initiated and controlled by you.

5.3 Legal Requirements

We may disclose information when required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Enforce our Terms of Service and other agreements
  • Protect our rights, privacy, safety, or property, or that of our users or the public

5.4 Business Transfers

If ChosenCRM is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. GLBA Compliance

Because ChosenCRM is designed for mortgage professionals who handle consumer financial information, we are committed to supporting your compliance with the Gramm-Leach-Bliley Act (GLBA).

6.1 Protection of Nonpublic Personal Information (NPI)

We understand that the borrower data you store in ChosenCRM may constitute Nonpublic Personal Information (NPI) under GLBA. We protect this information through:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response procedures

6.2 Our Security Measures

  • SOC 2 Type II compliant infrastructure
  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication options
  • Role-based access controls
  • Regular penetration testing
  • 24/7 security monitoring

6.3 Your Responsibilities

As a financial institution or mortgage professional, you have your own GLBA obligations. You are responsible for:

  • Providing required privacy notices to your borrowers
  • Implementing appropriate safeguards for the NPI you handle
  • Ensuring your use of ChosenCRM complies with your own privacy policies
  • Training your staff on proper handling of consumer financial information
  • Conducting required risk assessments

7. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Active Accounts

While your account is active, we retain all data necessary to provide the Service, including your profile information, borrower data, communication history, and activity logs.

7.2 Account Termination

When you cancel your subscription or request account deletion:

  • Your personal data and borrower data will be deleted within 30 days
  • Backup copies may persist for up to 90 days before complete deletion
  • We may retain certain information as required by law (e.g., billing records for tax purposes)

7.3 Data Export

Before account termination, you may export your data using our export tools. We recommend exporting your data before cancellation.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

8.1 Access

You have the right to request access to the personal information we hold about you. You can access most of your information directly through your ChosenCRM account dashboard.

8.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly in your account settings.

8.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).

8.4 Data Portability

You have the right to receive a copy of your data in a structured, commonly used, machine-readable format.

8.5 Opt-Out of Marketing

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your communication preferences in your account settings.

8.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at legal@chosencrm.com. We will respond to your request within 30 days (or sooner if required by law).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out of Sale/Sharing

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

9.4 Right to Correct

You have the right to request correction of inaccurate personal information.

9.5 Right to Limit Use of Sensitive Information

You have the right to limit the use and disclosure of your sensitive personal information.

9.6 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. You will not receive different pricing or quality of service for exercising your rights.

9.7 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authorization.

9.8 How to Submit a Request

To submit a CCPA request, email us at legal@chosencrm.com with the subject line "CCPA Request." We will verify your identity before processing your request.

10. Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

10.1 Encryption

  • All data transmitted to and from our Service is encrypted using TLS 1.3
  • Data at rest is encrypted using AES-256 encryption
  • Database backups are encrypted

10.2 Access Controls

  • Role-based access controls limit data access to authorized personnel
  • Multi-factor authentication is available and recommended
  • Session management and automatic timeouts
  • Audit logs track access to sensitive data

10.3 Regular Audits

  • Regular security assessments and vulnerability scans
  • Annual penetration testing by third-party security firms
  • Continuous monitoring for security threats
  • Regular review of security policies and procedures

10.4 Incident Response

In the event of a data breach, we will notify affected users and relevant authorities in accordance with applicable law, typically within 72 hours of discovery.

11. Children's Privacy

ChosenCRM is designed for business use by mortgage professionals. Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 18, please contact us at legal@chosencrm.com.

12. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or integrations that are not operated by us. This includes:

  • Loan origination systems (e.g., Arive)
  • Integration platforms (e.g., Zapier)
  • Payment processors
  • Analytics services

We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

  • Notification: We will notify you of material changes by email and/or by posting a notice on our website at least 30 days before the changes take effect.
  • Effective Date: The "Last Updated" date at the top of this policy indicates when it was last revised.
  • Continued Use: Your continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Chosen CRM Inc.
Peoria, Arizona, USA
Email: legal@chosencrm.com
Website: https://chosencrm.com

For privacy-related requests, please include "Privacy Request" in your subject line. We will respond to your inquiry within 30 days.