Coastline
Get started

Privacy Policy

Last updated: April 20, 2026

1. Introduction

This Privacy Policy describes how Coastline CRM, Inc. (“Coastline,” “we,” “us”) collects, uses, and shares information when you use our CRM at coastlinecrm.com and related subdomains (the “Service”). The Service is a customer relationship management application for sales teams.

This policy covers information we collect through the Service. It does not cover information you separately share with third-party tools you connect to Coastline; those tools have their own privacy policies.

2. Information we collect

Account information

When you create an account, we collect your name, email address, phone number, a hash of your password, and the workspace you create or join. If you pay for a subscription, our payments provider collects and stores your payment details; we receive only a billing summary and a customer identifier.

Customer data

The Service exists to let you manage your own records. Anything you enter or import (contacts, deals, notes, files, calendar events, emails synced from a connected inbox, messages sent through the Service) we treat as your data. We process it on your behalf to operate the Service. You decide what to put in, and you are responsible for having the right to use it under the Terms of Service.

Usage and device data

When you use the Service we log information that browsers and servers normally exchange: IP address, browser type and version, operating system, pages viewed, referrer, and timestamps. We use this to run the Service, diagnose errors, and detect abuse.

We do not use third-party advertising or product-analytics trackers at this time. If we add one, we will update this policy.

3. Cookies

We use one cookie: a session cookie set by our authentication provider to keep you signed in. We do not set advertising cookies, analytics cookies, or cross-site tracking cookies.

Most browsers let you block or delete cookies. Blocking the session cookie will prevent the Service from signing you in.

4. How we use information

We use the information described above to:

  • Provide, operate, and maintain the Service.
  • Authenticate you and secure your account.
  • Process payments and send billing notices.
  • Send transactional email: confirmations, password resets, receipts, support replies, service notices.
  • Respond to your support requests.
  • Detect, investigate, and prevent security incidents, fraud, and abuse.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your Customer Data to train machine-learning models.

5. Text messages we send you

When you create a Coastline account and provide a phone number, you may opt in to receive text messages from us at that number. We send three categories of texts:

  • Account notifications: such as security alerts about your account.
  • Billing notifications: such as failed payments, upcoming renewals, and receipts.
  • Service reminders: such as trial-ending notices and onboarding nudges.

We do not send marketing or promotional texts as part of this program. Consent to receive texts is not required to use Coastline; you may continue with email-only notifications.

Opting in is explicit: at signup or in your account settings, you check a box indicating you agree to receive texts at the number you provided. We also send a one-time code to confirm the number is yours; the verification code itself is sent regardless of whether you opted in to ongoing texts.

You may opt out at any time by replying STOP to any message, or by turning off SMS notifications in your account settings under Notifications. Message and data rates may apply. Message frequency varies.

We retain the timestamp, the phone number, and the exact wording you agreed to as the durable record of your consent, and we retain the timestamp and reason of any opt-out.

6. How we share information

We share information with service providers who help us run the Service. Each provider is bound by a contract that restricts them to processing information on our behalf. The current list:

  • Supabase: authentication, database, and file storage. United States.
  • Vercel: application hosting and request logging. United States.
  • Stripe: payment processing and billing. United States.
  • Resend: transactional email delivery. United States.
  • Nylas: email and calendar synchronization, used only when a workspace connects an inbox. United States.
  • Twilio: SMS and voice messaging, used to deliver account notifications you've opted into and, when a workspace enables messaging, to send and receive messages with that workspace's contacts. United States.
  • Google Maps Platform: address autocomplete and geocoding for addresses you enter. Global.

We also share information:

  • When you direct us to (for example, when you invite a teammate to your workspace).
  • With our auditors, accountants, and legal counsel, under duties of confidence.
  • To comply with law, a court order, or a valid government request.
  • To investigate or respond to a security incident or violation of our Terms of Service.
  • In connection with a merger, acquisition, or sale of assets; we will notify you if your information becomes subject to a different policy.

7. Data retention

We keep account information and Customer Data for as long as your account and workspace are active.

Account deletion. When you delete your account, we remove your profile and personal data from production systems after a 30-day grace period. This lets us reverse accidental deletions and respond to legal requests.

Workspace cancellation. If a workspace subscription is canceled, Customer Data remains available for reactivation for 90 days, then is purged from production systems.

Backups are encrypted and cycled within 30 days of the corresponding deletion.

Billing records are kept for up to seven years to meet tax and accounting obligations.

8. Security

We use industry-standard measures to protect your information, including TLS encryption in transit, encryption of data at rest, access controls and logging, and least-privilege administration. No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay in line with applicable law.

You are responsible for using a strong password, enabling two-factor authentication where available, and keeping your credentials confidential.

9. Your rights

You can:

  • Access and update most account information directly in Settings → Account.
  • Export your Customer Data at any time; workspace owners can generate a full export under Settings → Data.
  • Delete your account from Settings → Account.

You can also email support@coastlinecrm.com to make any of these requests. We verify the email on file before acting on a request.

California residents (CCPA/CPRA)

You have the right to know what personal information we have collected about you, to request deletion, to request correction, and to opt out of the “sale” or “sharing” of personal information as those terms are defined by California law. We do not sell or share personal information for cross-context behavioral advertising. You may designate an authorized agent to make a request on your behalf.

European Economic Area, United Kingdom, and Switzerland residents (GDPR and UK GDPR)

You have the rights of access, rectification, erasure, restriction, portability, and objection. Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, you may object. You can lodge a complaint with your local supervisory authority.

Our legal bases for processing are:

  • Performance of a contract with you (to provide the Service).
  • Our legitimate interests in securing, improving, and operating the Service.
  • Compliance with a legal obligation.
  • Your consent, where the law requires it.

10. International transfers

We operate from the United States, and our service providers are primarily based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent Swiss mechanisms to lawfully transfer personal data.

11. Children

The Service is not directed to, and we do not knowingly collect information from, anyone under sixteen. If you believe a child has given us information, contact support@coastlinecrm.com and we will delete it.

12. Changes

We may update this policy from time to time. If a change is material, we will provide notice (for example, by email to account owners or a notice inside the Service) at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions about this policy or requests about your data:

Coastline CRM, Inc.
support@coastlinecrm.com