The Standard CRMWaitlist

Privacy Policy

Last updated: 2026-05-26

The Standard CRM (“we,” “us,” “our”) respects your privacy. This policy explains what information we collect when you visit our website or join our waitlist, how we use it, how we share it, how long we keep it, and the choices you have. It applies to the website at thestandardcrm.io and any related pages we operate.

1. Information we collect

When you join our waitlist, we collect:

  • Name and work email, the two fields you submit.
  • Role and team size (e.g., solo agent, agency owner; 1, 2-9, 10-49, 50+), so we can tier our early-access outreach.
  • Optional lead-source notes, free-text describing the lead channels you currently use, if you choose to provide them.
  • Technical metadata: a one-way hash of your IP address (we do not store the raw IP), your browser user-agent string, and any UTM or referrer parameters present in the URL when you submit. These are used to deduplicate signups and understand which channels drive interest.

When you visit the website without joining the waitlist, we receive only the standard HTTP request data your browser sends (IP address, user-agent, referrer, request timestamps). We do not run third-party analytics that build a profile of you across other sites.

2. How we use your information

We use the information you provide to:

  • Notify you when access opens, and stage early access in a tiered rollout.
  • Reply to any question you send us at support@thestandardcrm.io.
  • Detect and prevent abuse (bot signups, duplicate submissions, spam) via rate limiting and bot-detection signals.
  • Comply with applicable law, respond to lawful requests, and enforce our terms.

We do not use your information to make automated decisions that have legal or similarly significant effects on you. The role and team-size fields only segment outreach; they do not approve, deny, or rank applicants.

3. How we share your information

We do not sell your personal information. We do not share it for cross-context behavioral advertising. We share it only with the following categories of recipient:

  • Infrastructure providers that host the site and database (currently Supabase for the database, Upstash for rate-limit metadata, and Vercel for hosting). These providers act as our processors, hold your information under contractual confidentiality, and may not use it for their own purposes.
  • Bot-detection providers (Vercel BotID) that fingerprint signup attempts so we can block automated abuse.
  • Legal recipients if disclosure is compelled by law, by court order, or to enforce our terms, defend our rights, or protect public safety.
  • An acquirer in connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. How long we keep it

We keep your waitlist entry until you ask us to delete it, or for up to twenty-four (24) months after our product launches, whichever comes first. We keep IP hashes for ninety (90) days for abuse-prevention purposes. Aggregated, de-identified statistics may be kept indefinitely.

5. Your choices and rights

You can ask us to access, correct, or delete the personal information we hold about you. You can also ask us to stop sending you waitlist communications. To exercise any of these rights, email privacy@thestandardcrm.io from the address you used to sign up. We will verify your identity, then act on the request within thirty (30) days (sixty (60) days for unusually complex requests, in which case we will tell you and explain).

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you additional rights: to know what personal information we have collected about you in the prior twelve (12) months, to receive a copy of it in a portable format, to ask us to correct inaccurate information, to ask us to delete it, to limit our use of sensitive personal information (we do not collect any), and to be free from retaliation for exercising these rights. We do not sell or share personal information as those terms are defined under California law. You may also designate an authorized agent to make requests on your behalf; we will require reasonable proof of the authorization.

If you are in Virginia, Colorado, Connecticut, Utah, or another US state with a comprehensive privacy law, you have similar rights. Email the address above; we will honor them on the same timeline.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local supervisory authority. The lawful basis for processing your waitlist data is your consent (you affirmatively submitted the form) and our legitimate interest in operating a pre-launch waitlist and preventing abuse. We do not currently transfer personal data outside our hosting providers' standard regional infrastructure.

6. Cookies and similar technologies

We use a small number of strictly necessary cookies and similar local-storage values to keep the site working (for example, to remember that you have already submitted the waitlist form in your current session so we can show the confirmation message). We do not run advertising cookies or third-party tracking pixels. We do not currently respond to "Do Not Track" signals; we do honor the Global Privacy Control (GPC) signal as a "do not sell or share" preference, even though we do not sell or share personal information.

7. Security

We hold waitlist data in a managed Postgres database with row-level security and role-based access control. Database backups are encrypted at rest. Transit is encrypted with TLS. We restrict access to the underlying database to personnel who need it to do their jobs. No security measure is perfect; we cannot guarantee absolute security against every threat. If a breach affects your information, we will notify you and any regulator we are required to notify, within the timeframes required by applicable law.

8. Children

The Standard CRM is a business product. The website and the waitlist are not directed to children under the age of sixteen (16), and we do not knowingly collect information from anyone under that age. If you believe a child has submitted information to us, email privacy@thestandardcrm.io and we will delete the information promptly.

9. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date at the top of the page and, if the change is material, notify you by email before it takes effect.

10. Contact

Questions, requests, complaints, or anything else privacy-related, email privacy@thestandardcrm.io. For everything else, see our Terms of Service or email support@thestandardcrm.io.