- Introduction to Our Privacy Policy
- Who We Are and Our Role
- Personal Data We Collect
- How We Use Your Personal Data
- Who We Share Your Data With
- How We Protect Your Data
- Your Data Protection Rights
- International Data Transfers
- Data Retention
- Cookies and Tracking
- Children’s Privacy
- Changes to This Privacy Policy
- Contact Us
Introduction to Our Privacy Policy
At Laywork LLC (“Laywork,” “we,” “us,” or “our”), we value your privacy and are committed to protecting the personal data we process through our customer relationship management (CRM) services (“Service”) and website at https://laywork.com (“Site”). This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you interact with us as a user, visitor, or business client. It applies to all individuals whose data we handle, including account holders, their invited Users, and the contacts they manage within the CRM. By using the Service or Site, you agree to this Privacy Policy, which complements our Terms of Service (ToS) and Abuse Policy, both accessible on the Site. We aim to be transparent about our practices and comply with applicable data protection laws, including the GDPR and other relevant regulations as of March 2, 2025.
Who We Are and Our Role
Laywork LLC is a company registered in [jurisdiction], headquartered at [address]. We provide a cloud-based CRM platform to help businesses manage customer relationships, automate workflows, and enhance productivity. In most cases:
- You (the User) are the “data controller,” responsible for determining why and how personal data (e.g., your clients’ information) is processed within the Service.
- We (Laywork) are the “data processor,” processing this data on your behalf per your instructions and this Privacy Policy.
For data we collect directly from you (e.g., account details), we act as the data controller. Questions? Contact us at privacy@laywork.com.
Personal Data We Collect
We collect and process different types of personal data depending on how you interact with us:
1. Data You Provide Directly
- Account Registration: When you sign up, we collect your full name, email address, company name, billing address, and payment details (e.g., credit card information) if subscribing to a paid plan.
- User Invitations: Super Administrators may provide names and email addresses of additional Users invited to the account.
- User Data in the CRM: You may upload client or contact data (e.g., names, emails, phone numbers, notes) into the Service for CRM purposes.
- Support Requests: Information you share when contacting us (e.g., emails, chat messages) at support@laywork.com or abuse@laywork.com.
2. Data Collected Automatically
- Usage Data: We collect details about how you use the Service and Site, such as IP address, browser type, device information, pages visited, and timestamps, often via cookies (see our Cookie Policy).
- Analytics: Anonymized data on feature usage (e.g., clicks, time spent) to improve the Service.
- Phone and Communication Services: Call logs, SMS records, and durations if you use optional telephony features.
3. Data from Third Parties
- Integrations: Data from third-party tools (e.g., Google Workspace, Zapier) if you enable integrations, subject to their privacy policies.
- Payment Processors: Transaction details from providers (e.g., Stripe) when you pay for the Service.
How We Use Your Personal Data
We process personal data for specific purposes, with lawful bases under GDPR Article 6:
1. To Provide and Maintain the Service
- Purpose: Enable account creation, User management, CRM functionality (e.g., contact storage, task automation), and optional phone/texting services.
- Data Used: Account details, User Data, usage data.
- Lawful Basis: Performance of a contract (ToS) with you (Article 6(1)(b)).
2. To Process Payments
- Purpose: Handle billing, renewals, and additional charges (e.g., telephony fees).
- Data Used: Payment details, billing address.
- Lawful Basis: Performance of a contract (Article 6(1)(b)).
3. To Improve and Analyze the Service
- Purpose: Enhance features, fix bugs, and understand usage trends using anonymized or aggregated data.
- Data Used: Usage data, analytics.
- Lawful Basis: Legitimate interests (Article 6(1)(f)), balanced against your rights.
4. To Communicate with You
- Purpose: Send account updates, support responses, security alerts, or service notices (e.g., fee changes).
- Data Used: Name, email address.
- Lawful Basis: Performance of a contract (Article 6(1)(b)) or legitimate interests (Article 6(1)(f)).
5. To Ensure Security and Compliance
- Purpose: Detect and prevent abuse, fraud, or legal violations (e.g., via audit logs), and comply with legal obligations.
- Data Used: Usage data, account details, User Data (if needed).
- Lawful Basis: Legal obligation (Article 6(1)(c)) or legitimate interests (Article 6(1)(f)).
6. Marketing (Optional)
- Purpose: Send promotional offers or updates about Laywork, only with your consent.
- Data Used: Name, email address.
- Lawful Basis: Consent (Article 6(1)(a)), which you can withdraw anytime.
Who We Share Your Data With
We share personal data only as necessary to deliver the Service or meet legal requirements:
1. Within Laywork
- Our staff access data on a need-to-know basis, under strict confidentiality agreements, to provide support or maintain the Service.
2. Subprocessors
- Third-Party Providers: We use trusted partners for hosting (e.g., AWS), payment processing (e.g., Stripe), analytics (e.g., Google Analytics), and telephony (e.g., Twilio). A full list is in our Data Processing Agreement (DPA), available upon request at privacy@laywork.com.
- Safeguards: All subprocessors sign GDPR-compliant agreements ensuring data security and compliance.
3. Legal and Regulatory Authorities
- We may disclose data if required by law, court order, or to protect our rights (e.g., in response to abuse reports), per ToS Section 8.4.
4. Business Transfers
- If Laywork is involved in a merger, acquisition, or asset sale, your data may be transferred to the new entity, with notice provided where feasible.
5. No Sale of Data
- We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
How We Protect Your Data
We implement robust technical and organizational measures to safeguard your data (GDPR Article 32):
- Encryption: Data is encrypted at rest and in transit using industry-standard protocols (e.g., TLS, AES-256).
- Access Controls: Restricted to authorized personnel only, with two-factor authentication encouraged for users.
- Security Monitoring: Regular audits and monitoring for threats or breaches.
- Backups: Data is backed up securely, retained for up to 50 days post-deletion for recovery purposes.
In case of a data breach, we’ll notify affected users within 72 hours if there’s a risk to your rights, per GDPR Article 33, and assist you in reporting to authorities if needed (ToS Section 8).
Your Data Protection Rights
Depending on your location (e.g., EU/EEA), you may have the following rights under GDPR Articles 15-22:
- Access: Request a copy of your personal data we hold.
- Rectification: Correct inaccurate or incomplete data.
- Erasure (“Right to be Forgotten”): Ask us to delete your data, subject to legal retention obligations.
- Restriction: Limit how we process your data in certain cases.
- Data Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests (e.g., analytics).
- Withdraw Consent: Opt out of marketing emails anytime via the unsubscribe link or by emailing privacy@laywork.com.
How to Exercise Your Rights
- Email privacy@laywork.com with your request, including your name, account email, and desired action.
- We’ll respond within one month (extendable by two months for complex requests), free of charge unless requests are excessive or unfounded (GDPR Article 12).
International Data Transfers
If you’re outside [jurisdiction], your data may be transferred to our servers or subprocessors (e.g., in the US). For EU/EEA users:
- Mechanism: We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR-compliant transfers (Article 46).
- Safeguards: Encryption and strict subprocessor agreements protect your data abroad.
Contact privacy@laywork.com for a copy of our SCCs or DPA.
Data Retention
- Account Data: Retained while your account is active, plus 14 days post-termination for restoration requests (ToS Section 8.2). Deleted data may linger in backups for up to 50 days.
- User Data: Kept as long as you store it in the Service, deleted upon your instruction or account termination.
- Usage Data: Anonymized and retained indefinitely for analytics; identifiable data is deleted after 12 months unless needed for legal purposes.
- Legal Obligations: We retain data as required by law (e.g., tax records for 7 years).
Cookies and Tracking
We use cookies and similar technologies to enhance your experience, analyze usage, and secure the Service. Details are in our Cookie Policy, including how to manage preferences via your browser or our consent tool on the Site.
Children’s Privacy
The Service is not intended for individuals under 16. We do not knowingly collect data from children. If you believe we’ve inadvertently collected such data, contact privacy@laywork.com to have it removed.
Changes to This Privacy Policy
We may update this policy to reflect changes in our practices, legal requirements, or user feedback. Updates will be posted here with an effective date, typically 30 days after posting unless urgent. We’ll notify your Super Administrator via email of significant changes. Continued use after updates signifies acceptance.
Contact Us
For privacy questions, data requests, or concerns:
- Email: privacy@laywork.com
- Postal Address: Laywork LLC, 17224 S. Figueroa Street, Gardena, CA 90248, USA
- Data Protection Officer (if applicable): dpo@laywork.com
If you’re unsatisfied with our response, you may contact your local data protection authority (e.g., ICO in the UK, CNIL in France).
Last Updated: March 2, 2025