๐Ÿ”’ ClientVault Privacy Policy

Effective Date: April 9, 2026 ยท Version 1.2

This document governs the collection, use, and disclosure of data by the ClientVault iOS application.

BassTech Consulting Group
Website: https://basstechconsulting.com
App: ClientVault (App Store)
Bundle ID: com.basstech.soloCRM
Contact: privacy@support.basstechdev.com
Jurisdiction: United States

1. Introduction

BassTech Consulting Group ("we", "us", or "our") operates the ClientVault iOS application (the "App"). This Privacy Policy explains how we collect, use, store, share, and protect your information when you use ClientVault on iPhone, Apple Watch, and CarPlay.

ClientVault is designed with a privacy-first architecture. Personal Identifiable Information (PII) โ€” such as contact names, email addresses, and phone numbers โ€” is stored exclusively in your private iCloud account via Apple CloudKit and is never transmitted to or stored on BassTech servers. Non-PII operational data (client status, heat scores, notes, reminders, and tags) is stored on our secure Azure-hosted backend, associated with your anonymous server-side account.

By using ClientVault, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the App.

2. Who We Are

See the summary block above for our full contact details.

3. Information We Collect

3.1 Information You Provide Directly

When you use ClientVault, you may enter the following information about your clients and contacts. This information is stored exclusively in your personal iCloud / CloudKit account and is never accessible to BassTech:

  • Contact names, company names
  • Email addresses and phone numbers
  • Custom PII fields you define (e.g. LinkedIn URL, job title)
  • Voice notes dictated via the Apple Watch or iPhone
  • Contacts captured via Apple Watch dictation (Contact Capture feature)

3.2 Information Generated by the App

The following non-PII data is generated by the App and stored on our Azure-hosted server under your anonymous account identifier:

  • Client status (Active, Follow Up, Inactive)
  • Free-text notes and reminder records (linked to anonymous client IDs, no PII)
  • Relationship Heat Scores (0โ€“100, calculated server-side from interaction patterns)
  • Tags applied to clients
  • Meeting outcomes and duration (from Apple Watch Meeting Timer feature)
  • App usage metadata (account creation date, subscription status)

3.3 Information Collected Automatically

When you use ContextIQ features (optional, requires purchase), the App accesses the following on-device signals. None of this data leaves your device.

  • Calendar events โ€” for Meeting Prep nudges
  • Device location โ€” for Nearby Contact geofencing nudges (processed on-device; raw coordinates never transmitted)
  • Device motion โ€” for Commute Window detection (processed entirely on-device)
  • Photos metadata โ€” for Photo Memory nudges (accessed read-only; never uploaded)
  • Contacts app data โ€” for Birthday nudges and Import from Contacts

3.4 Authentication Information

ClientVault uses Sign In with Apple exclusively. On first sign-in, Apple provides your full name and email address to the App. This data populates your in-app Account section. We store your Apple-issued user identifier on our server for authentication purposes. We do not store your Apple ID password.

3.5 Ask Claude (CarPlay & iPhone)

The Ask Claude feature sends your spoken queries to the Anthropic Claude API for processing. Conversation history is held in device memory only for the duration of the session and is cleared when the session ends. Your Anthropic API key is stored securely in the iOS Keychain on your device and is never transmitted to BassTech servers.

  • Query text is sent to Anthropic for processing โ€” Anthropic's Privacy Policy applies.
  • Ideas you choose to "Save to ClientVault" are stored in your private iCloud CloudKit database.
  • No conversation history is retained after a session ends.

3.6 Brainstorm (Apple Intelligence)

Brainstorm is powered by Apple Intelligence and runs entirely on-device. No Brainstorm conversation data is transmitted to BassTech servers or to Apple's cloud. Apple's on-device AI privacy guarantees apply.

3.7 Apple Watch

The Apple Watch companion app communicates with the iPhone app via WatchConnectivity (a peer-to-peer local channel). No Watch data is sent directly to any server; all data flows through the iPhone app, which applies the same storage rules described above.

4. How We Use Your Information

UseDescription
AuthenticationYour Apple ID identifier authenticates you to the ClientVault backend.
Core CRM FeaturesClient status, notes, reminders, and heat scores are processed server-side to power the Dashboard, Heat Score calculations, and nudge delivery.
ContextIQ NudgesOn-device signals (calendar, location, motion, contacts, photos) are processed locally to generate personalised nudges. Nudge metadata (type and timestamp) is stored on our server to enforce quiet hours and daily caps.
WidgetsHeat score and nudge data is written to an App Group shared store so Home Screen and Watch widgets can display up-to-date information.
NotificationsApple Push Notification tokens are stored server-side to deliver ContextIQ nudge alerts.
AnalyticsWe collect minimal anonymous usage telemetry (e.g. feature enabled/disabled flags) to improve the App. No PII is included in telemetry.
In-App PurchasesPurchase receipts are validated with Apple's StoreKit; subscription status is stored on our server.

5. How We Store Your Information

ClientVault uses a split-storage architecture designed to maximise your privacy:

Data TypeWhere StoredWho Can Access
PII (names, email, phone, custom fields)iCloud / CloudKit (your private Apple account)You only โ€” linked to your Apple ID
Contact Capture (Watch dictation)iCloud / CloudKit after iPhone syncYou only
To Do itemsiCloud / CloudKitYou only
Ideas saved via Ask ClaudeiCloud / CloudKit (Prospects table)You only
Client status, notes, reminders, heat scores, tagsClientVault Server (Microsoft Azure, US region)Your account only โ€” no PII stored
Authentication identifierClientVault Server (Azure)BassTech โ€” used only for auth
Anthropic API keyiOS Keychain (this device only)Never transmitted to BassTech
Ask Claude conversation historyDevice memory (session only)Cleared on session end โ€” never persisted
On-device nudge signalsOn-device onlyNever leaves your iPhone
Brainstorm AI conversationsOn-device only (Apple Intelligence)Never leaves your iPhone
Watch voice notes (pre-sync)Apple Watch (in-transit)Syncs to iPhone via WatchConnectivity only

Our Azure-hosted server is located in the United States and is protected by industry-standard security controls including encryption at rest and in transit (TLS 1.2+), access control policies, and regular security audits.

iCloud / CloudKit data is governed by Apple's iCloud Terms and Conditions and Privacy Policy. BassTech has no ability to access your CloudKit data.

6. Data Retention

DataRetention
PII (CloudKit)Retained until you delete the client record or delete your iCloud account. BassTech has no control over CloudKit retention.
Server dataRetained for the lifetime of your account. You may delete your account at any time (see Section 9).
Push notification tokenRemoved within 30 days of account deletion or app uninstall.
Ask Claude sessionsCleared from device memory immediately when the session ends. Never stored.
Crash / error logsAnonymised; retained for 90 days for debugging purposes.

7. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share limited data with the following third parties solely to operate the App:

Third PartyPurpose
Apple (Sign In with Apple)Authentication only. Apple provides your name and email on first sign-in. Apple's privacy policy governs that exchange.
Apple (CloudKit / iCloud)Hosts your private PII and To Do data. BassTech cannot access this data.
Apple (Push Notifications)APNs delivers ContextIQ nudge alerts to your device.
Microsoft AzureHosts our backend API and database (US region). Processes only non-PII operational data.
AnthropicReceives your Ask Claude query text for AI processing. Conversation history is not retained by Anthropic after processing. Anthropic's privacy policy applies.
Apple (Speech Recognition)On-device speech-to-text for Watch voice notes and Ask Claude on iPhone. Apple's privacy policy applies.

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of BassTech, its users, or the public.

8. Device Permissions

ClientVault requests the following iOS permissions. All permissions are requested at the point of use. You may grant or revoke them at any time in Settings โ†’ Privacy on your iPhone.

PermissionWhy It's Used
Sign In with AppleRequired. Secure passwordless authentication.
CalendarRequired for Meeting Prep nudges and Calendar Event import for Reminders. Read-only; no events are created or modified.
ContactsRequired for Birthday nudges and 'Import from Contacts' when adding clients. Read-only.
Location (Always On)Required for Nearby Contact geofencing nudges and Geo-Aware Apple Watch Briefings. Raw coordinates processed on-device only.
Motion & FitnessRequired for Commute Window detection. Processed on-device; never transmitted.
Photo LibraryRequired for Photo Memory nudges. Read-only; photos are never uploaded.
NotificationsRequired to receive nudge alerts when the App is in the background.
MicrophoneRequired for Ask Claude voice input (CarPlay & iPhone) and Apple Watch voice note dictation.
Speech RecognitionRequired for on-device transcription in Ask Claude and Apple Watch Voice Logging.
NFC (Apple Watch)Optional. Required only for business card capture via wrist-bump NFC exchange.

You can use ClientVault without granting any optional permissions. Certain ContextIQ, Watch, and CarPlay features will not be available if the relevant permissions are denied.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

Access & Portability

  • You can view all PII stored in CloudKit directly within the App (Clients tab โ†’ client record).
  • Non-PII server data is accessible through the App interface.
  • To request an export of your server-side data, contact us at privacy@support.basstechdev.com.

Correction

  • You may edit or correct any client record at any time within the App.

Deletion

  • Delete individual client records from the Clients tab (swipe left โ†’ Delete).
  • Deleting a client removes server-side non-PII data immediately. CloudKit PII is removed upon confirmation.
  • To delete your entire account and all associated server data, contact privacy@support.basstechdev.com. We will process deletion requests within 30 days.
  • Uninstalling the App removes locally cached data. CloudKit data persists in your iCloud account until you delete it.

Opt-Out of Notifications

  • Disable push notifications in Settings โ†’ Notifications โ†’ ClientVault on your iPhone.
  • Configure quiet hours and daily nudge caps in the App under Settings โ†’ Notifications โ†’ Quiet Hours & Limits.

Opt-Out of On-Device Signals

  • Revoke any device permission in iPhone Settings โ†’ Privacy at any time.
  • Disable individual nudge signal types in Settings โ†’ ContextIQ โ†’ Nudge Preferences within the App.

California Residents (CCPA)

California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@support.basstechdev.com.

EEA / UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the right to access, rectify, erase, restrict processing of, and port your personal data, as well as the right to object to processing. Our lawful basis for processing is the performance of a contract (providing the App services) and, where applicable, your consent. To exercise your rights, contact us at privacy@support.basstechdev.com.

10. Children's Privacy

ClientVault is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@support.basstechdev.com and we will delete it promptly.

11. Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • All communications with our server use TLS 1.2 or higher.
  • Azure SQL databases are encrypted at rest using Transparent Data Encryption (TDE).
  • Your Anthropic API key is stored in the iOS Keychain and never transmitted to BassTech.
  • PII is stored exclusively in your private iCloud / CloudKit account, which BassTech cannot access.
  • Authentication uses industry-standard Sign In with Apple (OAuth 2.0 / OIDC).
  • Server access is controlled by Azure Active Directory (Azure AD B2C) with least-privilege policies.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

12. Third-Party Services

ClientVault integrates with the following third-party services. Their respective privacy policies govern their handling of any data they receive:

ServicePrivacy Policy
Apple iCloud / CloudKithttps://www.apple.com/legal/privacy/
Apple Sign In with Applehttps://www.apple.com/legal/privacy/
Apple Push Notification Service (APNs)https://www.apple.com/legal/privacy/
Apple Speech Recognitionhttps://www.apple.com/legal/privacy/
Apple Intelligence (Brainstorm)https://www.apple.com/legal/privacy/
Microsoft Azurehttps://privacy.microsoft.com/en-us/privacystatement
Anthropic Claude API (Ask Claude)https://www.anthropic.com/privacy

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy within the App (Settings โ†’ About ClientVault) and updating the Effective Date at the top of this document. We encourage you to review this policy periodically.

Continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

BassTech Consulting Group
Email: privacy@support.basstechdev.com
Website: https://basstechconsulting.com
Subject: Please include "ClientVault Privacy" in the subject line.

โ† Back to ClientVault โ† BassTech Home