Introduction
Buell EA, LLC ("we", "us", or "our") operates the BuellEA platform at buellea.com. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website and platform services.
Information We Collect
Account Information
When you register for a BuellEA account, we collect:
- Name and email address
- Phone number (optional)
- Company/organization name
- Job title (optional)
- Password (stored securely using bcrypt hashing)
Business Data
Depending on the platform modules you use, we may store:
- CRM: Contact names, email addresses, phone numbers, company information, communication history, and sales pipeline data
- Time Tracking: Time entries, project details, and client billing information
- Invoicing: Invoice details, payment records, and billing addresses
- Expense Tracking: Expense records, vendor information, and receipt images
- File Manager: Files and documents you upload to the platform
Contact Form Submissions
When you submit our contact form, we collect your name, email, phone number (optional), company name (optional), and message. This information is stored in our CRM system to respond to your inquiry.
Automatically Collected Information
We use Google Analytics (via Google Tag Manager) to collect standard usage data including pages visited, time on site, browser type, and referring pages. This data is anonymized and used to improve our website.
Google API Services
Our platform integrates with Google services via OAuth 2.0 to provide the following features. These integrations are optional and require your explicit authorization.
Gmail Integration
If you connect your Google account with Gmail access, our platform can:
- Read and sync email messages from your inbox and sent folder to display within the CRM
- Send emails on your behalf through the CRM email compose feature
We access Gmail using the https://mail.google.com/ scope. This access is necessary to provide full email sync and send functionality within the CRM module.
Google Calendar Integration
If you connect your Google account with Calendar access, our platform can:
- Read your calendar events to display alongside CRM activities
- Create and update calendar events from CRM activities
- Perform two-way synchronization between CRM activities and Google Calendar
Google API Data Use Compliance
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google data to provide and improve the platform features you have authorized
- We do not transfer Google user data to third parties except as necessary to provide the service (e.g., displaying your emails within the CRM)
- We do not use Google user data for advertising purposes
- We do not allow humans to read your Google data unless you have given affirmative consent for specific messages, it is necessary for security purposes, or it is required by law
- All OAuth tokens are encrypted at rest using AES-256 encryption
How We Use Your Information
We use the information we collect to:
- Provide and maintain the BuellEA platform services you subscribe to
- Process transactions and send billing notifications
- Respond to your inquiries and support requests
- Send service-related communications (e.g., security alerts, feature updates)
- Improve and optimize the platform
- Comply with legal obligations
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
Third-Party Services
We use the following third-party services to operate our platform:
- Google Workspace — OAuth authentication, Gmail integration, Google Calendar sync
- Zoho Books / Zoho Billing — Accounting sync and subscription billing (for tenants that enable this integration)
- Anthropic Claude AI — AI-powered features including email drafting, document parsing, and data extraction. Data sent to AI is limited to the specific content being processed and is not used to train AI models.
- Google Analytics — Anonymous website usage analytics
- Hostinger — Web hosting and infrastructure
Data Storage and Security
- All data is stored on servers located in the United States (Hostinger infrastructure)
- All connections to our platform use TLS/SSL encryption (HTTPS)
- OAuth tokens and sensitive credentials are encrypted at rest using Laravel's AES-256-CBC encryption
- Passwords are hashed using bcrypt and are never stored in plain text
- Our platform is multi-tenant — each tenant's data is logically separated and scoped to prevent cross-tenant access
- We perform regular backups of all platform data
Data Retention
We retain your data for as long as your account is active or as needed to provide you services. If you cancel your subscription, we retain your data for 90 days to allow for reactivation, after which it may be permanently deleted. You may request earlier deletion by contacting us.
Your Rights
You have the right to:
- Access your personal data stored in our platform
- Correct inaccurate data through your account settings
- Delete your account and associated data by contacting us
- Export your data (CSV export is available for applicable modules)
- Revoke third-party integrations (Google, Zoho) at any time through your account settings or through the third-party provider's security settings
- Opt out of non-essential communications
Cookies
We use essential cookies to maintain your login session and CSRF protection. We use Google Analytics cookies for anonymous usage tracking. We do not use advertising or tracking cookies.
Children's Privacy
Our platform is designed for business use and is not intended for children under 13. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: