Back to CRMandGo

Privacy Policy

Last updated: 6 April 2026

1. Introduction

CRMandGo ("we", "us", "our") is a product of the MyAndGo ecosystem, operated by Fintech Development Pty Ltd (ACN 655 608 969). We are committed to protecting the privacy of our users and their clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

CRMandGo is designed and operated exclusively for the Australian market. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, phone number, and organisation details provided during registration.
  • Client data: Information you enter about your clients, including names, contact details, financial information, and loan details. This data is owned by your organisation.
  • Usage data: How you interact with the platform, including pages visited, features used, and actions taken.
  • Device information: Browser type, IP address, and device identifiers for security and analytics purposes.
  • Documents: Files you upload to the platform, stored securely in Google Cloud Storage.

3. Data Sovereignty

All data is stored exclusively in australia-southeast1 (Sydney). Our infrastructure runs entirely in Australia:

  • Firestore database instances, Sydney region only
  • Cloud Run compute, Sydney region only
  • Cloud Storage buckets, Sydney region only
  • Firebase Authentication, Google's Australian infrastructure

The one exception is AI processing. To power features such as lead scoring, document verification and the AI receptionist, the relevant content is sent to our AI provider, Anthropic, which processes it overseas, currently in the United States, under a data processing agreement. Anthropic does not use that content to train its models, and the results are stored back within your organisation's data in Sydney. This overseas AI processing is disclosed as required under Australian Privacy Principle 8 (cross-border disclosure).

Aside from this AI processing and the third-party services listed below, your data is stored and processed in Australia.

4. How We Use Your Information

  • To provide, maintain, and improve the CRMandGo platform
  • To authenticate your identity and manage access to your organisation
  • To process transactions and manage billing via Stripe
  • To send transactional emails (e.g. deal pack notifications, compliance alerts) via SendGrid
  • To provide AI-powered features such as lead scoring (processed by Anthropic's Claude API)
  • To generate analytics and insights about your pipeline
  • To comply with legal obligations, including NCCP requirements

5. AI and Lead Scoring

CRMandGo uses Anthropic's Claude API for AI-powered features including lead scoring, deal pack analysis, document verification and the AI receptionist. When you use these features, the relevant lead, client or document content is sent to Anthropic for processing overseas, currently in the United States, under a data processing agreement. Anthropic does not use this content to train its models. The AI analysis is returned to CRMandGo and stored within your organisation's data in the Sydney region.

6. Third-Party Services

We use the following third-party services:

  • Google Cloud Platform: Infrastructure hosting (Sydney region)
  • Firebase: Authentication and hosting
  • Stripe: Payment processing, we do not store credit card details
  • SendGrid: Transactional email delivery
  • Twilio: Telephony and SMS for calls and the AI receptionist
  • Anthropic (Claude API): AI features (lead scoring, document verification, receptionist). Content is processed overseas, currently in the United States, under a data processing agreement and is not used for training
  • Google Analytics (GA4): Anonymous usage analytics

Some of these providers (including Stripe, SendGrid, Twilio and Google Analytics) process data overseas. We disclose this under Australian Privacy Principle 8.

7. Data Retention

Your organisation's data is retained for as long as your account is active. Upon account deletion, all organisation data (clients, leads, documents, deal packs, tasks, and deal book entries) is permanently deleted within 30 days. Audit logs are retained for 7 years to comply with NCCP record-keeping requirements.

8. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encryption at rest for all stored data (Google-managed keys)
  • Firebase Authentication with support for multi-factor authentication
  • Org-scoped tenant isolation, each organisation's data is logically separated
  • Comprehensive audit logging of all data access and mutations
  • Rate limiting on all API endpoints
  • Input validation and sanitisation on all user-supplied data

9. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

10. Contact Us

For privacy-related enquiries or to exercise your rights, contact us at:

Email: [email protected]

General: [email protected]