๐Ÿ”’ AttorneyCRM Privacy Policy

Effective Date: April 13, 2026 ยท Version 1.0

AttorneyCRM is a professional legal relationship management tool designed exclusively for attorneys and legal professionals. Your client data is privileged information. This policy explains exactly what we collect, why, and how โ€” so you can use AttorneyCRM with full transparency and confidence.

1. Overview & Scope

This Privacy Policy applies to the AttorneyCRM iOS application (the "App") developed and published by BassTech Consulting Group. It governs all personal information and professional data processed by the App, its associated backend services (Microsoft Azure), and any optional premium add-in features you purchase.

By using AttorneyCRM, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us to request deletion of your account data.

2. Data Controller

BassTech Consulting Group
Developer & Publisher of AttorneyCRM
Support: support@support.basstechdev.com
Website: basstechconsulting.com

3. Data We Collect

AttorneyCRM collects only the data necessary to deliver its legal CRM functionality. We collect data in three categories:

3.1 Account & Authentication Data

Data ElementSourcePurposeLinked to You
Apple ID (anonymized token)Sign in with AppleAuthentication; creates your accountYes
Email addressSign in with Apple (if shared)Account recovery; support communicationsYes
User ID (Azure AD B2C)Generated on first sign-inScopes your data in our multi-tenant backend; never visible to other usersYes
Display nameYou enter it during onboardingPersonalization within the AppYes

3.2 Professional & Client Data (You Enter This)

All data in this category is information you actively create and manage within the App. It is stored in your private, tenant-isolated Azure SQL database and your iCloud/CloudKit private container. It is never shared with other users or used for any purpose other than providing the App's functionality.

Data ElementFeatureWhere StoredLinked to You
Client name, email, phone, address, companyClient ManagementAzure SQL (private tenant) + CloudKitYes
Client status, tags, notesClient ManagementAzure SQL (private tenant) + CloudKitYes
Interaction log entries (call & meeting notes)Client ManagementAzure SQL (private tenant)Yes
Client heat scores (engagement metrics)Relationship IntelligenceAzure SQL (private tenant)Yes
Matter titles, descriptions, status, practice areaMatter ManagementAzure SQL (private tenant) + CloudKitYes
Legal deadlines, due dates, urgency levelsDeadlineIQ (IAP)Azure SQL (private tenant) + CloudKitYes
Time entries (date, duration, description, billable)BillingLedger (IAP)Azure SQL (private tenant) + CloudKitYes
Invoice records and billing totalsBillingLedger (IAP)Azure SQL (private tenant)Yes
Documents and file attachmentsDocumentVault (IAP)Azure Blob Storage (private tenant)Yes
Legal contact names, titles, firm, email, phoneContactsAzure SQL (private tenant) + CloudKitYes
Conflict check notes and intake statusConflict CheckingAzure SQL (private tenant)Yes

3.3 App Usage & Device Data

Data ElementPurposeLinked to You
Push notification token (APNs)Deliver deadline reminders and smart nudge alertsYes
App preferences and settingsPersist quiet hours, nudge preferences, and UI settings on-deviceOn-device only
In-app purchase receipt dataValidate and restore add-in purchases via StoreKit 2Yes (Apple)
Crash reports and diagnostic logsIdentify and fix app stability issuesAnonymized

3.4 Location Data (Optional โ€” Nudge Feature)

The smart nudge feature can optionally use your device's precise location to alert you when you are physically near a client's office or location.

  • Location access requires your explicit permission via the iOS location prompt.
  • Location is processed entirely on-device by Core Location. Your GPS coordinates are never transmitted to our servers.
  • Only the fact that a nudge was triggered (not the coordinates) is logged for nudge-event analytics.
  • You can disable location access at any time in Settings โ†’ Privacy & Security โ†’ Location Services โ†’ AttorneyCRM.

4. How We Use Your Data

We use collected data solely to operate and improve AttorneyCRM. Specifically:

  • Authenticate your account and scope your data to your private tenant.
  • Store and sync your clients, matters, deadlines, time entries, documents, and contacts across your devices via iCloud/CloudKit and Azure SQL.
  • Deliver push notifications for legal deadlines, overdue alerts, and smart relationship nudges.
  • Calculate heat scores based on your logged interactions to surface cold or at-risk client relationships.
  • Process in-app purchases for DeadlineIQ, BillingLedger, and DocumentVault via Apple's StoreKit 2.
  • Perform conflict checks against names and entities you enter, within your own private data only.
  • Diagnose and fix app crashes and technical issues using anonymized diagnostic data.

We do not use your data to train AI or machine learning models, to serve advertisements, or for any purpose not listed above.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal or professional data. We share data only with the service providers necessary to operate the App:

Service ProviderPurposeData SharedJurisdiction
Microsoft Azure (SQL, AD B2C, Blob Storage, Notification Hubs)Backend database, authentication, document storage, push deliveryAccount data, professional/client data, documents, notification tokensUnited States
Apple (iCloud/CloudKit)On-device sync across your devicesClient, matter, deadline, contact recordsGlobal (Apple)
Apple (StoreKit 2 / App Store)In-app purchase validation and restorationPurchase receipts and product identifiersGlobal (Apple)
Apple (APNs)Push notification deliveryDevice push token, notification payloadGlobal (Apple)

We may disclose your information if required by law, court order, or to protect the rights and safety of our users โ€” and only to the extent required.

6. Data Storage & Security

Multi-Tenant Isolation

Every AttorneyCRM account is provisioned in a logically isolated tenant in Azure SQL and Azure AD B2C. Your client data, matters, time entries, and documents are scoped to your User ID and are never accessible by other AttorneyCRM users.

Encryption

  • All data transmitted between the App and Azure is encrypted in transit using TLS 1.2 or higher.
  • Azure SQL databases use Transparent Data Encryption (TDE) at rest.
  • Documents in Azure Blob Storage are encrypted at rest using AES-256.
  • iCloud/CloudKit private container data is encrypted by Apple in transit and at rest.
  • Sensitive on-device preferences reside in an App Group container protected by iOS data protection.

Authentication

AttorneyCRM uses Sign in with Apple exclusively for initial authentication, providing privacy-by-default account creation. Azure AD B2C manages session tokens; no passwords are stored by BassTech Consulting Group.

7. Data Retention

Your data is retained for as long as your AttorneyCRM account is active. If you delete your account:

  • All client, matter, deadline, billing, document, and contact data is permanently deleted from Azure SQL and Azure Blob Storage within 30 days.
  • CloudKit data in your private iCloud container is deleted when you sign out of iCloud or delete the App.
  • Push notification tokens are deregistered immediately upon account deletion.
  • Anonymized crash/diagnostic logs may be retained for up to 12 months for reliability purposes.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request permanent deletion of your account and all associated data.
  • Portability: Request an export of your data in a machine-readable format.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent for location access at any time via iOS Settings.

To exercise any of these rights, contact us at privacy@support.basstechdev.com. We will respond within 30 days. For account deletion, you may also use the Delete Account option within the App under Settings.

9. Attorney-Client Privilege & Confidentiality Notice

AttorneyCRM is designed for use by licensed legal professionals. You may store confidential client communications, privileged matter notes, and sensitive legal documents within the App. BassTech Consulting Group acknowledges that:

  • We act as a data processor on your behalf for all professional data you enter.
  • We do not review, analyze, or access the content of your client data or legal documents except as required to resolve a reported technical issue (and only with your explicit permission).
  • The App's architecture is designed to minimize our access to privileged content โ€” all sensitive matter notes and documents are stored in your private iCloud container, to which we have no access.
  • Attorneys remain responsible for their own professional obligations regarding data security, client confidentiality, and bar compliance. We recommend consulting your state bar's ethics guidance on the use of cloud-based legal technology.

10. Children's Privacy

AttorneyCRM is intended exclusively for use by licensed legal professionals and is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us at privacy@support.basstechdev.com and we will promptly delete the account.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell your personal information. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact privacy@support.basstechdev.com. We will respond within 45 days.

12. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the rights described in Section 8 above.

Legal Basis for Processing: We process your personal data under the following legal bases: (a) Contract โ€” to provide the App services you have requested; (b) Legitimate Interests โ€” to maintain app security and diagnose technical issues; (c) Consent โ€” for optional features such as location-based nudges.

Data Transfers: Your data is stored on Microsoft Azure infrastructure in the United States. Transfers from the EEA are covered by Standard Contractual Clauses (SCCs) as provided by Microsoft.

To exercise your GDPR rights or lodge a complaint, contact privacy@support.basstechdev.com. You also have the right to lodge a complaint with your local supervisory authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the Effective Date and Version at the top of this page.
  • Display an in-app notice for material changes.
  • For significant changes affecting how we handle privileged legal data, we will send an email notification to your registered address.

Continued use of AttorneyCRM after a policy update constitutes acceptance of the revised policy.

14. Contact Us

BassTech Consulting Group
Privacy inquiries: privacy@support.basstechdev.com
General support: support@support.basstechdev.com
Website: basstechconsulting.com

We will respond to all privacy-related inquiries within 30 days.

โ† Back to AttorneyCRM โ† BassTech Home