MEET THE FOUNDER & CEO

Privacy Policy for NordicCRM

Last Updated: January 22, 2026

At NordicCRM (https://nordiccrm.ca/), we are committed to maintaining the "Northern Standard" of data privacy. This policy outlines how we collect, use, and protect the personal information of our Canadian users in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial regulations including Quebec’s Law 25.

1. Accountability

We are responsible for all personal information under our control. Our designated Privacy Officer is responsible for overseeing our compliance with this policy. Any questions regarding data handling can be directed to [Insert Email Address].

2. Information We Collect

We only collect information necessary to provide our CRM services and improve your experience. This includes:

Contact Information: Name, business email, phone number, and mailing address.

Account Data: Billing information (processed securely via CAD-compliant processors), login credentials, and subscription preferences.

Client Data: Information you upload about your own customers (Note: You remain the "Data Controller" for this information; we act as the "Data Processor").

Technical Data: IP addresses, browser types, and usage patterns collected via cookies to optimize platform performance.

3. Purpose of Collection

We collect data for the following purposes:

To provide and maintain the NordicCRM platform.

To process payments in Canadian Dollars (CAD).

To provide Canadian-based customer support.

To comply with legal and regulatory requirements (e.g., A2P 10DLC registration).

To send platform updates or marketing communications (only with your explicit consent).

4. Consent

By signing up for our 14-day free trial or using our services, you consent to the collection and use of your information as described here. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.

5. Data Residency & Storage

NordicCRM utilizes secure infrastructure (Google Cloud Platform). While we use global tools to ensure 99.9% uptime, we prioritize configurations that respect Canadian data residency preferences. We do not sell or trade your personal information to third parties.

6. Safeguards

We protect your personal information with security safeguards appropriate to the sensitivity of the data. This includes:

SSL Encryption for all data transmission.

Two-Factor Authentication (2FA) options for account security.

Internal protocols to restrict data access to authorized personnel only.

7. Individual Access & Portability

Under PIPEDA and Law 25, you have the right to:

Request access to the personal information we hold about you.

Request the correction of inaccurate or incomplete data.

Data Portability: Request that your data be exported in a structured, commonly used format.

Request the deletion of your data (the "Right to be Forgotten"), subject to legal record-keeping requirements.

8. Challenging Compliance

If you believe we are not adhering to this policy or PIPEDA requirements, please contact our Privacy Officer. If we do not resolve your concern, you have the right to contact the Office of the Privacy Commissioner of Canada.