1. Scope and Applicability

This Privacy Policy applies to all information collected through the Stronghold CRM platform, including our website (strongholdbusiness.com), web application (app.strongholdbusiness.com), mobile applications, APIs, and any other services we provide.

This policy covers two distinct categories of individuals:

  • Coaches (Account Holders): Professional coaches, counselors, and consultants who register for and use the Service. We act as the data controller for Coach account information.
  • Clients (End Users): Individuals whose personal information is entered into the Service by Coaches. For Client data, the Coach is the data controller and Stronghold acts as the data processor.

If you are a Client whose information has been entered into Stronghold by your coach, please contact your coach directly regarding how your personal information is handled. Your coach is responsible for obtaining your consent and informing you about their data practices.

2. Key Definitions

  • "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual.
  • "Coach Data" means information provided by or collected from Coaches in connection with their accounts and use of the Service.
  • "Client Data" means personal information about Clients that Coaches enter, upload, or process through the Service.
  • "Usage Data" means information automatically collected about how the Service is accessed and used.
  • "Aggregated Data" means data that has been de-identified and aggregated so that it does not identify any individual.

3. Information We Collect

3.1 Coach Account Information

When you create an account, we collect your full name and professional credentials, email address, phone number, business name and address, payment and billing information (processed by our payment processor; we do not store full credit card numbers), professional licensing information (if provided), and profile photo (if uploaded).

3.2 Client Data (Entered by Coaches)

Coaches may enter the following types of Client information into the Service: name and contact information (email, phone number, mailing address), demographic information, session notes and coaching records, assessment responses and results, communication history (emails, SMS messages, call logs), scheduling and appointment data, payment and billing records, uploaded documents and files, progress notes and goal tracking data, and any other information the Coach chooses to enter.

Important: Coaches are solely responsible for determining what Client data to enter into the Service and for obtaining appropriate consent from their Clients. Stronghold processes Client Data only at the direction of and on behalf of the Coach.

3.3 Usage Data

We automatically collect information when you use the Service, including: device information (browser type, operating system, device type), IP address and approximate geographic location, pages visited and features used within the Service, date, time, and duration of sessions, referring URLs, clickstream data and user interactions, and error logs and performance data.

3.4 Communication Data

When you use our communication features, we collect and store: SMS/text message content, sender and recipient information, and delivery status; email content, sender and recipient information, open rates, and click rates; phone call logs including date, time, duration, and caller/recipient numbers; voicemail recordings and transcriptions; and video session connection data and metadata (session recordings are stored only if the recording feature is enabled by the Coach).

3.5 Information from Third-Party Integrations

If you connect third-party services to your Stronghold account (such as Google Calendar, payment processors, or other tools), we may receive information from those services as authorized by you during the integration setup.

4. How We Use Information

4.1 Coach Data

We use Coach account information to: provide, operate, and maintain the Service; process payments and manage subscriptions; send account-related communications (billing notifications, security alerts, service updates); provide customer support; enforce our Terms of Service; comply with legal obligations; improve and develop the Service; and send marketing communications (with your consent, and with the ability to opt out at any time).

4.2 Client Data

We process Client Data solely to: provide the Service to Coaches (storing, displaying, and processing Client information as directed by the Coach); facilitate communications between Coaches and their Clients through the platform; generate AI-powered insights and reports as requested by the Coach; administer and score assessments; and maintain data integrity and security.

We do not use Client Data for our own marketing purposes, sell Client Data to third parties, or access Client Data except as necessary to provide the Service, respond to support requests, or comply with legal obligations.

4.3 Usage Data

We use Usage Data to: monitor and analyze usage trends and preferences; detect and prevent fraud, abuse, and security incidents; improve the Service's performance, reliability, and user experience; and generate Aggregated Data for analytics and benchmarking.

5. Communication-Specific Privacy Policies

5.1 SMS/Text Messaging Data

When SMS features are used, we collect and store the phone numbers of senders and recipients, message content, date and time of each message, delivery status and carrier information, and consent records and opt-out status. SMS data is stored to provide message history and delivery reporting, maintain compliance records, enable the Coach to manage client communications, and troubleshoot delivery issues. We retain SMS consent records for a minimum of five (5) years. Message content is retained for the duration of the Coach's active account and for thirty (30) days after termination to allow for data export.

5.2 Email Communication Data

When email features are used, we collect and store sender and recipient email addresses, email content (subject line and body), delivery status, bounce information, open tracking data (if enabled), click tracking data (if enabled), and unsubscribe records. Email tracking (open and click tracking) can be enabled or disabled by the Coach. When enabled, recipients are not individually notified of tracking, but Coaches are responsible for disclosing tracking practices in their own privacy policies.

5.3 Phone System Data

When the business phone system is used, we collect and store caller and recipient phone numbers, call date, time, and duration, call direction (inbound/outbound), voicemail audio and transcriptions, call forwarding records, and missed call notifications sent. Call recordings are only stored if the Coach explicitly enables the recording feature. Stronghold does not record calls by default.

5.4 Video Session Data

When video sessions are used, we collect and store session connection data (participant information, connection time, duration), technical data (bandwidth, quality metrics), session recordings (only if the recording feature is enabled by the Coach), and any notes or transcriptions generated during the session.

6. AI and Assessment Data Processing

6.1 AI-Powered Features

Our AI features analyze Client Data to generate insights and recommendations for Coaches. Regarding AI data processing: AI analysis is performed using Client Data provided by the Coach, AI-generated outputs are derived from and stored alongside Client Data, we do not use identifiable Client Data to train general-purpose AI models, we may use Aggregated Data (which cannot identify any individual) to improve our AI systems, and Coaches can opt out of Aggregated Data usage for AI training through their account settings.

6.2 Assessment Data

Assessment responses and results are treated as Client Data and subject to the same protections. Assessment data is: stored securely and accessible only to the Coach who administered the assessment; used to generate scores, reports, and progress tracking as directed by the Coach; and not shared with third parties except as described in Section 7.

7. Information Sharing and Disclosure

We do not sell Personal Information or Client Data to third parties. We may share information in the following limited circumstances:

7.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, including: cloud hosting providers (data storage and infrastructure), payment processors (subscription billing), SMS and telephony providers (message and call delivery), email delivery services (transactional and marketing email sending), video conferencing infrastructure providers, analytics providers (usage analysis), and customer support tools. All service providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

7.2 Legal Requirements

We may disclose information when we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; enforce our Terms of Service or other agreements; protect the rights, property, or safety of Stronghold, our users, or the public; or detect, prevent, or address fraud, security, or technical issues.

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

7.4 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

8. Cookies and Tracking Technologies

8.1 What We Use

We use cookies and similar tracking technologies on our website and within the Service:

Type Purpose Duration
Essential Cookies Authentication, security, and core functionality Session / up to 1 year
Functional Cookies User preferences, settings, and personalization Up to 1 year
Analytics Cookies Usage patterns, performance monitoring, feature adoption Up to 2 years
Marketing Cookies Ad effectiveness, retargeting (website only, not within the app) Up to 1 year

8.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. Most browsers allow you to refuse all cookies, accept all cookies, or be notified when a cookie is set.

8.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry-wide standard for compliance. However, you can manage your tracking preferences as described above.

9. Data Security

We implement and maintain industry-standard technical, administrative, and physical security measures to protect your information, including:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: All stored data, including Client Data, communications, and backups, is encrypted using AES-256 encryption.
  • Access Controls: Role-based access controls, multi-factor authentication for administrative access, and principle of least privilege for employee access to systems.
  • Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance, regular security patching, and network monitoring.
  • Regular Audits: We conduct regular security assessments and vulnerability testing.
  • Incident Response: We maintain an incident response plan and will notify affected users of any data breach as required by applicable law, generally within seventy-two (72) hours of discovery.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

10. Data Retention

10.1 Active Accounts

We retain Coach Data and Client Data for the duration of the Coach's active account.

10.2 After Account Termination

Upon account termination or cancellation: Coaches have thirty (30) days to export their data, Client Data and Coach content is deleted from active systems within sixty (60) days after the export period, and backup copies are deleted through normal backup rotation (typically within ninety (90) additional days).

10.3 Extended Retention

Certain data may be retained beyond the standard periods to comply with legal, tax, or regulatory requirements; resolve disputes or enforce agreements; maintain records required by applicable law (including SMS consent records, which are retained for five years); and support fraud prevention and security operations.

10.4 Aggregated Data

Aggregated Data that cannot identify any individual may be retained indefinitely for analytics, benchmarking, and product improvement purposes.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

  • Access: Request a copy of the Personal Information we hold about you.
  • Correction: Request correction of inaccurate or incomplete Personal Information.
  • Deletion: Request deletion of your Personal Information, subject to certain exceptions (legal obligations, legitimate business interests).
  • Data Portability: Export your data in a commonly used, machine-readable format.
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting us.
  • Opt-Out of SMS: Reply STOP to any text message or contact us to opt out.
  • Restrict Processing: Request that we limit how we process your Personal Information in certain circumstances.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@strongholdbusiness.com. We will respond to verified requests within thirty (30) days (or as required by applicable law). We may need to verify your identity before processing your request.

For Clients: If you are a Client whose data is stored in Stronghold by your coach, please direct any access, correction, or deletion requests to your coach. If your coach is unable to fulfill your request, you may contact us at privacy@strongholdbusiness.com and we will work with your coach to address your request.

12. State-Specific Privacy Rights

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom it is shared.
  • Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate Personal Information.
  • Right to Opt-Out of Sale/Sharing: We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive Personal Information, you may request that we limit its use to what is necessary to provide the Service.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, contact us at privacy@strongholdbusiness.com or call us at the number listed in Section 17. We will verify your identity before processing requests. You may also designate an authorized agent to submit requests on your behalf.

12.2 Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act, including the right to access, correct, delete, obtain a copy of, and opt out of targeted advertising and sale of Personal Information. To exercise these rights or to appeal a decision regarding your request, contact privacy@strongholdbusiness.com.

12.3 Colorado Residents (CPA)

Colorado residents have similar rights under the Colorado Privacy Act, including the right to access, correct, delete, and opt out of targeted advertising, sale of personal data, and profiling. Contact privacy@strongholdbusiness.com to exercise these rights.

12.4 Connecticut Residents (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act that are similar to those described above. Contact privacy@strongholdbusiness.com to exercise these rights.

12.5 Other States

Additional states may enact consumer privacy laws over time. We are committed to complying with all applicable state privacy laws and will update this policy as needed. If you believe you have privacy rights under your state's laws that are not addressed here, please contact us at privacy@strongholdbusiness.com.

13. Children's Privacy

The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect Personal Information from children under 18. Coaches must not enter information about minors into the Service unless they have obtained all required parental or guardian consent as required by applicable law, including the Children's Online Privacy Protection Act (COPPA) for children under 13.

If we learn that we have collected Personal Information from a child under 13 without verified parental consent, we will take steps to delete that information promptly. If you believe a child's information has been entered into the Service without proper consent, please contact us at privacy@strongholdbusiness.com.

14. International Data Considerations

The Service is operated from and data is stored in the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to the transfer of your information to the United States.

We are not currently subject to the European Union General Data Protection Regulation (GDPR). If we expand services to EU/EEA residents, we will update this policy to address GDPR requirements, including lawful bases for processing, data transfer mechanisms, and EU-specific rights.

15. Third-Party Services and Links

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you connect to or access through the Service. Third-party service providers we use include but are not limited to: cloud infrastructure providers, payment processors (such as Stripe), SMS and telephony providers, email delivery services, calendar integration services, and analytics platforms.

Each third-party provider has its own privacy policy governing how it processes data. We select providers that maintain appropriate security and privacy standards, but we are not responsible for the privacy practices of third-party services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will notify you by email to the address associated with your account at least thirty (30) days before the changes take effect, post a prominent notice within the Service, and update the "Effective Date" at the top of this page.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and close your account.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Stronghold Business LLC
Privacy Inquiries: privacy@strongholdbusiness.com
General Support: support@strongholdbusiness.com
Legal: legal@strongholdbusiness.com
Website: strongholdbusiness.com

We aim to respond to all privacy inquiries within thirty (30) days of receipt. If you are not satisfied with our response, you may have the right to lodge a complaint with your state's attorney general or other relevant regulatory authority.