AdvantaCRM (“AdvantaCRM,” “we,” “us,” or “our”) is committed to protecting the privacy and security of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our Services.
2. Information We Collect
2.1 Information You Provide to Us
We collect information that you voluntarily provide when registering for an account, using our Services, or otherwise communicating with us, including:
• Account Information: Name, email address, phone number, business name, and payment information
• Client and Lead Data: Contact details, Medicare enrollment information, health plan data, and other information you enter into the CRM regarding your clients and leads
• Communications: Records of your communications sent through the platform, including emails, SMS messages, and call logs
• Support Requests: Information you provide when contacting our support team
2.2 Information Collected Automatically
When you access the Site, we may automatically collect certain information, including:
• Device and Browser Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages viewed, features used, time spent on the Site, and other usage statistics
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your experience and collect usage information
2.3 Information from Third-Party Integrations
If you connect third-party services to your AdvantaCRM account (such as telephony providers, health plan enrollment platforms, or email services), we may receive information from those services as necessary to provide the integrated functionality.
3. How We Use Your Information
We use the information we collect for the following purposes:
• To provide, operate, and maintain the Services
• To process your transactions and manage your account
• To communicate with you, including sending transactional emails and service updates
• To improve and personalize your experience with the Services
• To monitor and analyze usage and trends to improve the Site and Services
• To detect, prevent, and address technical issues, fraud, and security concerns
• To comply with legal obligations and enforce our Terms of Use
• To provide customer support
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
• Service Providers: We share information with third-party vendors who perform services on our behalf, such as payment processing, email delivery, telephony, hosting, and analytics. These providers are contractually obligated to use your information only to provide services to us.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, or ensure the safety of our users.
• With Your Consent: We may share your information with third parties when you have given us your explicit consent to do so.
• Agency Hierarchy: If you are part of an agency or sub-agency, certain information may be visible to authorized users within your organizational hierarchy as necessary to provide the Services.
5. HIPAA and Protected Health Information
AdvantaCRM is designed for use by Medicare insurance professionals and may be used to process Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”).
We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI, including:
• Encryption of sensitive data at rest (including AES-256 encryption for Medicare Beneficiary Identifiers)
• Encryption of data in transit using TLS/SSL
• Role-based access controls and row-level security
• Regular security assessments and monitoring
• Activity logging and audit trails
We will enter into a Business Associate Agreement (“BAA”) with Customers upon request where required by HIPAA. You are responsible for ensuring your own compliance with HIPAA and all applicable regulations.
6. Data Security
We implement industry-standard security measures designed to protect your information, including:
• TLS/SSL encryption for all data transmitted between your browser and our servers
• Encryption of sensitive fields at rest
• Secure authentication with password hashing and session management
• Row-level security policies ensuring users can only access authorized data
• Regular security monitoring and vulnerability assessments
Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Services. Upon account cancellation, we retain your data in storage for 90 days, after which it may be permanently deleted.
Certain data, such as activity logs, may be subject to automated retention policies and may be purged after a defined period (typically 6–12 months). Client portal submissions are retained for as long as the associated account remains active.
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to:
• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze Site usage and performance
• Improve our Services
You may configure your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Site may not function properly without cookies.
9. Your Rights and Choices
Depending on your jurisdiction, you may have certain rights regarding your personal information, including:
• Access: The right to request a copy of the personal information we hold about you
• Correction: The right to request correction of inaccurate or incomplete information
• Deletion: The right to request deletion of your personal information, subject to certain legal exceptions
• Data Portability: The right to request a copy of your data in a portable format
• Opt-Out: The right to opt out of certain data processing activities, including marketing communications
To exercise any of these rights, please contact us at support@advantacrm.com. We will respond to your request within 30 days.
10. Children’s Privacy
The Site and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
11. Third-Party Links and Services
The Site may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Site.
12. State-Specific Privacy Rights
California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. As noted above, we do not sell personal information.
Other State Privacy Laws
Residents of other states with applicable privacy legislation (such as Virginia, Colorado, Connecticut, and others) may have additional rights. Please contact us to exercise your rights under applicable state privacy laws.
13. International Users
The Site is operated from the United States. If you access the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on the Site and updating the “Last Updated” date. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.