๐ AttorneyCRM Privacy Policy
Effective Date: April 13, 2026 ยท Version 1.0
AttorneyCRM is a professional legal relationship management tool designed exclusively for attorneys and legal professionals. Your client data is privileged information. This policy explains exactly what we collect, why, and how โ so you can use AttorneyCRM with full transparency and confidence.
1. Overview & Scope
This Privacy Policy applies to the AttorneyCRM iOS application (the "App") developed and published by BassTech Consulting Group. It governs all personal information and professional data processed by the App, its associated backend services (Microsoft Azure), and any optional premium add-in features you purchase.
By using AttorneyCRM, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us to request deletion of your account data.
2. Data Controller
Developer & Publisher of AttorneyCRM
Support: support@support.basstechdev.com
Website: basstechconsulting.com
3. Data We Collect
AttorneyCRM collects only the data necessary to deliver its legal CRM functionality. We collect data in three categories:
3.1 Account & Authentication Data
| Data Element | Source | Purpose | Linked to You |
|---|---|---|---|
| Apple ID (anonymized token) | Sign in with Apple | Authentication; creates your account | Yes |
| Email address | Sign in with Apple (if shared) | Account recovery; support communications | Yes |
| User ID (Azure AD B2C) | Generated on first sign-in | Scopes your data in our multi-tenant backend; never visible to other users | Yes |
| Display name | You enter it during onboarding | Personalization within the App | Yes |
3.2 Professional & Client Data (You Enter This)
All data in this category is information you actively create and manage within the App. It is stored in your private, tenant-isolated Azure SQL database and your iCloud/CloudKit private container. It is never shared with other users or used for any purpose other than providing the App's functionality.
| Data Element | Feature | Where Stored | Linked to You |
|---|---|---|---|
| Client name, email, phone, address, company | Client Management | Azure SQL (private tenant) + CloudKit | Yes |
| Client status, tags, notes | Client Management | Azure SQL (private tenant) + CloudKit | Yes |
| Interaction log entries (call & meeting notes) | Client Management | Azure SQL (private tenant) | Yes |
| Client heat scores (engagement metrics) | Relationship Intelligence | Azure SQL (private tenant) | Yes |
| Matter titles, descriptions, status, practice area | Matter Management | Azure SQL (private tenant) + CloudKit | Yes |
| Legal deadlines, due dates, urgency levels | DeadlineIQ (IAP) | Azure SQL (private tenant) + CloudKit | Yes |
| Time entries (date, duration, description, billable) | BillingLedger (IAP) | Azure SQL (private tenant) + CloudKit | Yes |
| Invoice records and billing totals | BillingLedger (IAP) | Azure SQL (private tenant) | Yes |
| Documents and file attachments | DocumentVault (IAP) | Azure Blob Storage (private tenant) | Yes |
| Legal contact names, titles, firm, email, phone | Contacts | Azure SQL (private tenant) + CloudKit | Yes |
| Conflict check notes and intake status | Conflict Checking | Azure SQL (private tenant) | Yes |
3.3 App Usage & Device Data
| Data Element | Purpose | Linked to You |
|---|---|---|
| Push notification token (APNs) | Deliver deadline reminders and smart nudge alerts | Yes |
| App preferences and settings | Persist quiet hours, nudge preferences, and UI settings on-device | On-device only |
| In-app purchase receipt data | Validate and restore add-in purchases via StoreKit 2 | Yes (Apple) |
| Crash reports and diagnostic logs | Identify and fix app stability issues | Anonymized |
3.4 Location Data (Optional โ Nudge Feature)
The smart nudge feature can optionally use your device's precise location to alert you when you are physically near a client's office or location.
- Location access requires your explicit permission via the iOS location prompt.
- Location is processed entirely on-device by Core Location. Your GPS coordinates are never transmitted to our servers.
- Only the fact that a nudge was triggered (not the coordinates) is logged for nudge-event analytics.
- You can disable location access at any time in Settings โ Privacy & Security โ Location Services โ AttorneyCRM.
4. How We Use Your Data
We use collected data solely to operate and improve AttorneyCRM. Specifically:
- Authenticate your account and scope your data to your private tenant.
- Store and sync your clients, matters, deadlines, time entries, documents, and contacts across your devices via iCloud/CloudKit and Azure SQL.
- Deliver push notifications for legal deadlines, overdue alerts, and smart relationship nudges.
- Calculate heat scores based on your logged interactions to surface cold or at-risk client relationships.
- Process in-app purchases for DeadlineIQ, BillingLedger, and DocumentVault via Apple's StoreKit 2.
- Perform conflict checks against names and entities you enter, within your own private data only.
- Diagnose and fix app crashes and technical issues using anonymized diagnostic data.
We do not use your data to train AI or machine learning models, to serve advertisements, or for any purpose not listed above.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal or professional data. We share data only with the service providers necessary to operate the App:
| Service Provider | Purpose | Data Shared | Jurisdiction |
|---|---|---|---|
| Microsoft Azure (SQL, AD B2C, Blob Storage, Notification Hubs) | Backend database, authentication, document storage, push delivery | Account data, professional/client data, documents, notification tokens | United States |
| Apple (iCloud/CloudKit) | On-device sync across your devices | Client, matter, deadline, contact records | Global (Apple) |
| Apple (StoreKit 2 / App Store) | In-app purchase validation and restoration | Purchase receipts and product identifiers | Global (Apple) |
| Apple (APNs) | Push notification delivery | Device push token, notification payload | Global (Apple) |
We may disclose your information if required by law, court order, or to protect the rights and safety of our users โ and only to the extent required.
6. Data Storage & Security
Multi-Tenant Isolation
Every AttorneyCRM account is provisioned in a logically isolated tenant in Azure SQL and Azure AD B2C. Your client data, matters, time entries, and documents are scoped to your User ID and are never accessible by other AttorneyCRM users.
Encryption
- All data transmitted between the App and Azure is encrypted in transit using TLS 1.2 or higher.
- Azure SQL databases use Transparent Data Encryption (TDE) at rest.
- Documents in Azure Blob Storage are encrypted at rest using AES-256.
- iCloud/CloudKit private container data is encrypted by Apple in transit and at rest.
- Sensitive on-device preferences reside in an App Group container protected by iOS data protection.
Authentication
AttorneyCRM uses Sign in with Apple exclusively for initial authentication, providing privacy-by-default account creation. Azure AD B2C manages session tokens; no passwords are stored by BassTech Consulting Group.
7. Data Retention
Your data is retained for as long as your AttorneyCRM account is active. If you delete your account:
- All client, matter, deadline, billing, document, and contact data is permanently deleted from Azure SQL and Azure Blob Storage within 30 days.
- CloudKit data in your private iCloud container is deleted when you sign out of iCloud or delete the App.
- Push notification tokens are deregistered immediately upon account deletion.
- Anonymized crash/diagnostic logs may be retained for up to 12 months for reliability purposes.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request permanent deletion of your account and all associated data.
- Portability: Request an export of your data in a machine-readable format.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent for location access at any time via iOS Settings.
To exercise any of these rights, contact us at privacy@support.basstechdev.com. We will respond within 30 days. For account deletion, you may also use the Delete Account option within the App under Settings.
9. Attorney-Client Privilege & Confidentiality Notice
AttorneyCRM is designed for use by licensed legal professionals. You may store confidential client communications, privileged matter notes, and sensitive legal documents within the App. BassTech Consulting Group acknowledges that:
- We act as a data processor on your behalf for all professional data you enter.
- We do not review, analyze, or access the content of your client data or legal documents except as required to resolve a reported technical issue (and only with your explicit permission).
- The App's architecture is designed to minimize our access to privileged content โ all sensitive matter notes and documents are stored in your private iCloud container, to which we have no access.
- Attorneys remain responsible for their own professional obligations regarding data security, client confidentiality, and bar compliance. We recommend consulting your state bar's ethics guidance on the use of cloud-based legal technology.
10. Children's Privacy
AttorneyCRM is intended exclusively for use by licensed legal professionals and is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us at privacy@support.basstechdev.com and we will promptly delete the account.
11. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out: We do not sell your personal information. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To submit a CCPA request, contact privacy@support.basstechdev.com. We will respond within 45 days.
12. International Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the rights described in Section 8 above.
Legal Basis for Processing: We process your personal data under the following legal bases: (a) Contract โ to provide the App services you have requested; (b) Legitimate Interests โ to maintain app security and diagnose technical issues; (c) Consent โ for optional features such as location-based nudges.
Data Transfers: Your data is stored on Microsoft Azure infrastructure in the United States. Transfers from the EEA are covered by Standard Contractual Clauses (SCCs) as provided by Microsoft.
To exercise your GDPR rights or lodge a complaint, contact privacy@support.basstechdev.com. You also have the right to lodge a complaint with your local supervisory authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the Effective Date and Version at the top of this page.
- Display an in-app notice for material changes.
- For significant changes affecting how we handle privileged legal data, we will send an email notification to your registered address.
Continued use of AttorneyCRM after a policy update constitutes acceptance of the revised policy.
14. Contact Us
Privacy inquiries: privacy@support.basstechdev.com
General support: support@support.basstechdev.com
Website: basstechconsulting.com
We will respond to all privacy-related inquiries within 30 days.