LandDrive CRM Privacy Policy

This Privacy Policy applies to LandDrive CRM, the customer relationship management software at app.landdrive.io. If you are looking for the privacy policy that governs visitors to landdrive.io and the future property marketplace, see /privacy/marketplace.

LandDrive respects your privacy. This policy explains what personal information we collect when you use LandDrive CRM, how we use it, who we share it with, how long we keep it, and the rights you have over your data. It is written to satisfy the transparency requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy regulations.

1. Information We Collect

When you register for a LandDrive CRM account, we collect the information you provide directly: your name, email address, phone number, and company name. We also collect billing information (company name, billing address, subscription plan) at checkout, which is processed by our payment provider Stripe.

Once you are using LandDrive CRM, we process the data you enter into the application — property records, contact information, deal and transaction details, communications, documents, and any other content you choose to store. Under GDPR, LandDrive acts as a data processor for this tenant content; you remain the data controller of the contact, property, and deal records you manage in your account.

We also collect usage telemetry — login times, features used, pages viewed, and error events — so we can operate the service, detect abuse, and improve the product. A limited set of essential cookies are used to maintain your login session and security tokens.

LandDrive does not directly collect or store payment card numbers. Card data is handled by Stripe under their own PCI-compliant infrastructure. LandDrive does not collect biometric data and does not knowingly collect data from children (see Section 8).

2. How We Use Your Information

We use your information to provide and maintain LandDrive CRM, process your subscription and payments, send transactional communications (billing receipts, security alerts, service notices), respond to support requests, improve the product through usage analytics, detect and prevent fraud or abuse, and comply with our legal obligations.

We do not use your CRM content — your properties, contacts, deals, or messages — to train machine-learning models or advertising systems, and we do not sell or rent your personal information to third parties.

3. Lawful Basis for Processing (GDPR)

For customers in the European Economic Area, LandDrive processes personal data under the following lawful bases under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)): providing LandDrive CRM to you, processing your subscription, handling support requests, and processing tenant CRM data on your behalf under our Data Processing Addendum.
• Legal obligation (Art. 6(1)(c)): complying with tax, accounting, and other legal requirements.
• Legitimate interest (Art. 6(1)(f)): security monitoring, fraud prevention, product improvement, and business analytics — balanced against your rights and freedoms.
• Consent (Art. 6(1)(a)): optional marketing communications, which you can withdraw at any time.

When LandDrive acts as a data processor for tenant content, you are the data controller and are responsible for establishing a lawful basis for collecting and processing the personal data of your own contacts within LandDrive CRM.

4. How We Share Your Information

We do not sell your personal information or CRM data. We share data only in the following cases:

• Service providers (sub-processors) necessary to operate the platform. This includes Supabase for PostgreSQL database hosting, Render.com for our API server, Cloudflare Pages for frontend hosting and CDN, Redis Cloud for session caching, AWS S3 and Cloudinary for file and image storage, SendGrid for email delivery, Twilio for SMS, Lob for direct mail, Stripe for payment processing, and OpenAI, Anthropic, and Google AI for optional LLM-powered features. Each sub-processor processes only the minimum data necessary for its function.
• Legal disclosure when required by valid legal process, court order, or applicable law, or to protect the rights, property, or safety of LandDrive, our customers, or the public.
• Business transfers in the event of a merger, acquisition, reorganization, or sale of assets. You will be notified before your data is transferred and becomes subject to a different privacy policy.

Sub-processor changes are published at least 30 days before a new sub-processor is added. Most of our sub-processors are U.S.-based companies with EU-U.S. Data Privacy Framework certification or equivalent safeguards. You can read our current sub-processor list at landdrive.io/security/subprocessors once published.

5. Data Retention

We retain your account data for as long as your account is active. If you cancel your LandDrive CRM subscription, your data is retained for 90 days to allow for reactivation and data export. After that period, data is permanently deleted from our production systems. Encrypted database backups are retained for up to 30 days for point-in-time recovery purposes and are subject to the same deletion timeline once the window rolls off.

Some records — invoices, tax documentation, and security audit logs — are retained longer where required by law. You may request early deletion by contacting support, subject to these legal obligations.

6. Your Rights

You have the right to access the personal information we hold about you, correct inaccurate data, request deletion of your data, export your data in a machine-readable format, object to or restrict certain processing, and opt out of marketing communications. Under GDPR these rights are the right of access, rectification, erasure, restriction, data portability, and objection. Under CCPA they include the right to know, the right to delete, the right to opt out of sale (LandDrive does not sell personal data), and the right to non-discrimination for exercising your privacy rights.

You can exercise most of these rights directly from your account settings or by contacting privacy@landdrive.io. We respond within 30 days and may need to verify your identity before processing a request. For personal data that you, as a tenant, have stored about your own contacts inside LandDrive CRM, you are the data controller and we will forward data-subject requests to you for decision.

7. International Transfers

LandDrive CRM is operated from the United States. When personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States or other jurisdictions outside the EEA, we rely on Standard Contractual Clauses (SCCs) with relevant sub-processors and conduct transfer impact assessments for higher-risk transfers. Data storage regions for our primary database are documented and disclosed to enterprise customers on request.

8. Children's Privacy

LandDrive CRM is a business tool intended for real estate professionals and land investors. It is not directed to, and we do not knowingly collect personal information from, children under the age of 16 (GDPR) or 13 (COPPA). If you believe a child has provided us with personal information, contact privacy@landdrive.io and we will delete it promptly.

9. Security

We protect your data with encryption in transit (TLS 1.2 or higher) and at rest (AES-256), strict tenant isolation enforced at the database layer, role-based access control, centralized logging and monitoring, daily encrypted backups, and annual penetration testing. Access controls follow the principle of least privilege. LandDrive is working toward SOC 2 Type I readiness; our current security posture is documented at landdrive.io/security.

No system is perfectly secure. If you believe you have discovered a security vulnerability, please contact security@landdrive.io.

10. Cookies and Tracking

We use essential cookies to maintain your authenticated session, protect against cross-site request forgery, and remember basic preferences like language and theme. These cookies cannot be disabled because they are required for the service to function.

We also use first-party analytics to measure product usage and improve the application. We do not embed third-party advertising or behavioral tracking cookies. Some embedded services (like Google Maps for property mapping) may set their own cookies governed by their own privacy policies. Where required by law, a cookie consent banner is displayed on your first visit and you may adjust preferences at any time. LandDrive honors Do Not Track browser signals where technically feasible.

11. Breach Notification

In the event of a personal data breach affecting your information, LandDrive will notify the relevant regulatory authorities within the timelines required by applicable law (including the 72-hour deadline under GDPR Article 33), and will notify affected customers without undue delay. Breach notifications will describe the nature of the incident, the categories of data affected, the likely consequences, and the steps we are taking in response. Our full incident response procedures are documented internally and tested regularly.

12. Contact and Complaints

Questions, requests, or complaints about this Privacy Policy or your personal data can be directed to:

• Email: privacy@landdrive.io
• Support: support@landdrive.io
• Mail: LandDrive LLC, 508 Pat Booker Rd. #5111, Universal City, TX 78148

If you are in the European Economic Area, United Kingdom, or Switzerland and believe your rights have not been respected, you also have the right to lodge a complaint with your local data protection supervisory authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced through the service or by email to active customers at least 30 days before they take effect. The “Last updated” date at the top of the published version will reflect the most recent revision.