Privacy Policy

Information We Collect

We collect information you provide directly, information entered into the Service by our customers and their authorized users, and limited technical information collected automatically.

Information may include:

• Account information, such as name, email address, phone number, organization, role, and Google profile information if you sign in with Google.

• CRM and business records, such as contacts, companies, provider communities, tasks, notes, uploaded files, and communications.

• Client intake and case information, which may include contact details, family information, care preferences, health and medical information, financial or insurance information, legal-document information, signatures, and related uploads.

• Communications data, including transactional emails, client access links, newsletter subscription information, and, if enabled by a customer, Gmail message content and metadata used for CRM email features.

• Voice, image, or document content when a user chooses to use features such as transcription, business-card scanning, document upload, or AI-assisted summarization.

• Technical and security data, such as IP address, browser type, device information, log data, authentication cookies, audit logs, error reports, and usage information needed to operate and secure the Service.

The Service is not intended to collect account registrations from children under 13.

How We Use Information

We use information to:

• Provide, maintain, secure, and improve the Service.

• Authenticate users and manage customer organizations, roles, permissions, and client portal access.

• Store, search, display, and process CRM, intake, provider, task, note, document, and communication records.

• Send transactional emails, access links, notifications, and newsletters.

• Provide optional integrations and features, including Google sign-in, Gmail email features, maps, address lookup, file upload, transcription, OCR, and AI-assisted extraction or summarization.

• Monitor performance, debug errors, prevent abuse, enforce agreements, and comply with legal obligations.

We do not sell personal information. We do not use Google user data obtained through Gmail APIs to develop, improve, or train generalized AI or machine learning models.

Sensitive and Health-Related Information

Customers may use the Service to store health-related, financial, legal, and other sensitive information about clients and families. We protect designated sensitive fields with encryption at rest, organization-scoped access controls, audit logging, and automatic session logoff for roles that access electronic health information.

These safeguards support customer compliance efforts, but they do not by themselves determine whether AdvisorCompass is a HIPAA covered entity or business associate. Separate agreements, such as a Business Associate Agreement, may be required in some cases.

How We Share Information

We share information only as needed to provide the Service, at a customer’s direction, or as otherwise described in this Policy.

We may share information with:

• Authorized users within the same customer organization, according to their roles and permissions.

• Service providers that help us host, store, secure, monitor, and operate the Service, including providers for hosting, databases, file storage, email delivery, authentication, maps, OCR, AI processing, transcription, error monitoring, caching, and cloud infrastructure.

• Third parties when a customer or user directs us to share information, such as sending case information, provider communications, print materials, or newsletters.

• Law enforcement, courts, regulators, or others when required by law or necessary to protect rights, safety, security, or the integrity of the Service.

• A successor or acquirer in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

We do not share Google user data with advertisers or data brokers.

Google User Data

Advisor Compass may use Google sign-in and optional Gmail integrations.

For Google sign-in, we receive basic profile information, such as name, email address, and profile image, to authenticate and manage your account.

For Gmail integrations, customers may enable outbound CRM email and inbound reply capture. We use Gmail data only to provide user-facing email features that the customer or authorized user has enabled, such as sending CRM email, storing sent-message history, matching replies to client cases, and displaying relevant email activity in the Service.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. You may revoke Google access through your Google Account permissions page or by contacting us at info@advisorcompass.ai.

AI and Automated Processing

Some optional features use third-party AI or machine-learning services to perform requested tasks, such as summarizing a voice note, extracting information from documents, parsing business-card text, or helping structure CRM content. AI outputs are suggestions and should be reviewed by customers and authorized users before use.

Cookies

We use cookies and similar technologies to keep users signed in, secure sessions, remember limited organization or branding context, and operate the Service. You can control cookies through your browser settings, but disabling cookies may prevent parts of the Service from working.

We do not currently use a separate third-party advertising cookie program in the Service.

Data Retention

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and follow customer instructions. Customers may delete or request deletion of certain records through the Service or by contacting us. Backup or archival copies may remain for a limited period.

Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit, encryption at rest for designated sensitive fields, role-based and organization-scoped access controls, audit logging, and vendor controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information.

If you are an authorized user, visitor, or person who provided information directly to AdvisorCompass, contact us at info@advisorcompass.ai. If your information was entered into Advisor Compass by one of our customers, please contact that customer first. We will assist our customers with privacy requests when required.

You may opt out of AdvisorCompass marketing emails by contacting us at info@advisorcompass.ai. Customer-sent newsletters and communications are controlled by the customer that sends them and may include their own unsubscribe instructions.

International Users

AdvisorCompass is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States and other locations where we or our service providers operate.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new “Last updated” date. Continued use of the Service after an update means you accept the updated Policy, unless applicable law requires otherwise.

Contact Us

AdvisorCompass LLC
info@advisorcompass.ai