Last updated: February 22, 2026
Bastion CRM ("Bastion," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we store and protect it, and your rights regarding your data.
By using Bastion CRM ("the Service"), you consent to the data practices described in this policy.
When you use the Service, you may provide the following information:
| Purpose | Data used |
|---|---|
| Providing the Service | Account info, CRM data, business info |
| Cloud sync across your devices | All data you enter into the Service |
| Team collaboration (Business plan) | Shared CRM data within your organization |
| Subscription management | Email, account ID, payment status (from Stripe) |
| Weather alerts for your service area | State/region setting from your Company Info |
| Customer support | Email, account info, relevant CRM data when troubleshooting |
| Product improvement | Aggregated, anonymized usage patterns |
We never sell, rent, or trade your personal information or CRM data to third parties. We never use your data for advertising or ad targeting.
Your data is stored in Google Firebase (Firestore), which provides:
A copy of your data is also cached on your device using your browser's localStorage for offline functionality. This data is accessible only to the Bastion application on your device and is not transmitted to any third party.
Photos you upload (property images, logos) are stored locally on your device as base64 data. They are not uploaded to our cloud servers unless you are using the cloud sync feature, in which case they are stored in your encrypted Firestore document.
All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. We never see, store, or have access to your credit card number, CVV, or banking details. We only receive confirmation of payment status, plan type, and subscription dates from Stripe. See Stripe's Privacy Policy.
The Service uses the following third-party providers who may process your data according to their own privacy policies:
| Service | Purpose | Data shared |
|---|---|---|
| Google Firebase | Authentication, database, cloud sync | Google profile, CRM data |
| Stripe | Payment processing | Email, payment info (entered by you on Stripe's page) |
| Google Maps | Map display, geocoding, route planning | Property addresses |
| National Weather Service | Severe weather alerts | Your state/region setting (no personal data) |
We do not share your personal information with any third parties beyond what is necessary to provide the Service as described above.
If you use the Business plan and create or join an organization:
Data sharing occurs only within organizations you explicitly create or join. We never share data between different organizations or unrelated users.
You have the right to:
Bastion CRM does not use tracking cookies, advertising cookies, or third-party analytics cookies. The Service uses only:
We do not use Google Analytics, Facebook Pixel, or any other tracking tools on the application.
The Service is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
The Service is operated from the United States. If you are accessing the Service from outside the US, please be aware that your data will be transferred to, stored, and processed in the United States where our servers (Google Cloud) are located. By using the Service, you consent to this transfer.
For users in the European Economic Area (EEA), UK, or other regions with data protection laws: we process your data based on your consent (given at sign-in) and our legitimate interest in providing the Service. You may exercise your data rights as described in Section 8.
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, what data was affected, and steps we are taking to address it.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your information is handled, contact us at:
Bastion CRM
Email: [email protected]
Website: bastioncrm.com