Privacy Policy

Effective Date: July 11, 2024

1. Introduction

Spaces (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes the types of information we collect, how we use it, and your rights regarding your data. By using Spaces (the “Service”), you agree to the terms outlined below.

2. Information We Collect

(a) Personal Information

• Name, email address, phone number, and business information
• Login credentials (encrypted)
• Payment details for billing purposes

(b) Financial & Client Data (For Financial Advisors)

• Client names, contact details, and financial records input by advisors
• Data from connected financial institutions (only with user consent)

(c) Email & Calendar Integrations

If you connect your Google or Microsoft account, we may access email and calendar data to facilitate CRM functions such as scheduling, client communication tracking, automated workflows, and sending emails on your behalf.

• Read calendar events to display upcoming meetings inside the CRM for better client preparation.
• Create, update, and delete events automatically based on CRM workflows.
• Send emails on behalf of users for follow-ups and client communication via the Gmail API.
• Retrieve relevant client emails to associate them with contact records within the CRM.

We comply with Google and Microsoft security policies, including OAuth authentication and limited scope access.

(d) Usage Data

We collect log data such as IP addresses, browser type, and device information to improve system performance.

(e) Webhooks & API Integrations

We provide webhooks and APIs that allow financial advisors to connect Spaces with third-party applications. Users are responsible for ensuring these connections comply with their regulatory obligations.

(f) Cookies & Tracking Technologies

We use cookies to store user preferences, analyze usage trends, and enhance security.

3. How We Use Your Information

• To provide, maintain, and improve our CRM platform
• To facilitate email, calendar, and API integrations
• To process transactions and manage customer support
• To send emails on behalf of users via the Gmail API
• To ensure compliance with applicable legal and regulatory obligations
• To communicate service updates and security notifications

We do not use Google, Microsoft, or any third-party API data to develop, improve, or train generalized AI or ML models.

4. Sharing Your Information

(a) With Service Providers

• Cloud hosting & storage (AWS, Google Cloud, Microsoft Azure)
• Payment processing (Stripe, PayPal)
• CRM integrations (Google, Microsoft)

(b) Legal & Compliance Obligations

We may disclose data as required by law, regulatory authorities, or to protect legal rights.

(c) Business Transfers

If Spaces undergoes a merger, your data may be transferred as part of the transaction.

5. Security of Your Information

• End-to-End Encryption (E2EE) for secure data transmission
• Role-Based Access Controls (RBAC) to limit unauthorized access
• OAuth Authentication for Google and Microsoft API security compliance

6. Compliance & Regulatory Considerations

Spaces serves financial professionals in the United States. We are actively working toward compliance with:

• SEC & FINRA Guidelines – Ensuring adherence to industry regulations
• Gramm-Leach-Bliley Act (GLBA) – Protecting customer financial information
• California Consumer Privacy Act (CCPA) – Addressing data privacy rights for California residents
• SOC 2 Type II Readiness – Implementing industry-standard security protocols

Until compliance is formally achieved, Spaces operates with industry best practices to safeguard financial advisor and client data.

7. User Rights & Data Control

• Access & Correction – Users can update their information via account settings.
• Request Data Deletion – Users may request account and data deletion, subject to regulatory retention obligations.
• Manage API Permissions – Users can revoke Google/Microsoft access via their respective security settings.

8. Third-Party Links & Integrations

Spaces may link to third-party services and provide APIs for external integrations. Users are responsible for ensuring these connections comply with their legal and regulatory requirements. We are not responsible for the data practices of third-party services.

9. Changes to This Privacy Policy

We may update this policy periodically. Users will be notified of significant changes via email or in-app notifications.

10. Contact Us

For questions regarding this Privacy Policy, please contact: Chase [at] spacesos [dot] com