Privacy Policy
Last updated: 16 March 2026
1. Who We Are
Fulcrum CRM (fulcrumcrm.app) is operated by RG Consulting, an Australian company. In this policy, "we", "us", and "our" refer to RG Consulting and its Fulcrum CRM product.
2. Information We Collect
We collect the following categories of personal information:
- Account information — name, email address, phone number, company name, and role/title provided during signup or onboarding.
- Contact and lead data — information you or your team enter into your CRM instance, including names, emails, phone numbers, company details, and any custom fields.
- Billing information — payment details are collected and processed by Stripe. We do not store credit card numbers on our servers.
- Usage data — AI credit consumption, feature usage metrics, and session logs to improve the service.
- Files and attachments — documents and files you upload to your CRM instance.
3. How We Use Your Information
We use personal information to:
- Provision and operate your isolated CRM instance.
- Process payments and manage your subscription via Stripe.
- Send transactional emails (account verification, invite links, billing receipts) via MailerSend.
- Power AI features including lead scoring, data enrichment, property extraction, and autonomous agent workflows.
- Improve and develop our platform, fix bugs, and analyse aggregate usage patterns.
- Comply with legal obligations under the Australian Privacy Act 1988 and other applicable laws.
4. AI Agents and Automated Contact
Important — Consent to AI-Initiated Contact
By submitting contact information to Fulcrum CRM or using our services, you acknowledge and consent to being contacted by our AI voice agents via phone, as well as via email and SMS. These automated communications may include outbound calls from AI-powered agents for purposes such as lead qualification, appointment scheduling, follow-ups, and other sales or service-related interactions.
Fulcrum CRM uses AI agents to process and enrich data stored in your CRM. This includes:
- Lead scoring and qualification based on available data.
- Property and data extraction from uploaded documents and web sources.
- Outbound voice calls, emails, and SMS messages initiated by AI agents on behalf of your organisation.
- Automated workflow execution configured by your team.
AI credit usage is tracked per tenant to manage resource allocation. No personal data is shared with third-party AI model providers beyond the minimum required to execute the specific feature or task.
5. Data Storage and Isolation
Each organisation on Fulcrum CRM receives a fully isolated, single-tenant PostgreSQL database hosted on Neon. Your data is never co-mingled with other tenants.
- Database — Neon PostgreSQL (isolated per tenant).
- File storage — Amazon Web Services (AWS) S3.
- DNS and edge — Cloudflare.
- Hosting — Vercel (serverless compute).
During onboarding, you choose a hosting region for your data. Available regions include the United States, European Union, Australia, Singapore, and Brazil. Data residency is determined by your selection and is not moved without your consent.
6. Third-Party Services
We share data with the following third-party providers only as necessary to operate the service:
- Stripe — payment processing and subscription management.
- MailerSend — transactional email delivery (account invites, verification, billing notifications).
- AWS S3 — file and attachment storage.
- Cloudflare — DNS, DDoS protection, and CDN.
- Neon — managed PostgreSQL database hosting.
- Vercel — application hosting and deployment.
- AI model providers — only the minimum data necessary for executing AI features (e.g., lead scoring prompts) is sent to model providers. We do not send bulk data exports.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. When you cancel your subscription, your isolated database and associated files are retained for 30 days to allow for reactivation, after which they are permanently deleted. Billing records may be retained longer as required by law.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your personal data.
- Object to or restrict certain processing activities.
- Data portability (receive your data in a structured, machine-readable format).
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at support@fulcrumcrm.app.
9. Australian Privacy Act Compliance
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This includes obligations around the collection, use, disclosure, storage, and security of personal information. If you believe we have breached an APP, you may lodge a complaint with us at support@fulcrumcrm.app or with the Office of the Australian Information Commissioner (OAIC).
10. GDPR — European Users
If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. Our lawful bases for processing include:
- Contract — processing necessary to provide the service you have subscribed to.
- Consent — where you have given explicit consent, such as for AI-initiated contact via phone, email, or SMS.
- Legitimate interest — improving the platform, preventing fraud, and ensuring security.
- Legal obligation — where required by applicable law.
Data transferred outside the EEA is protected by appropriate safeguards, including standard contractual clauses where applicable. You may choose an EU hosting region during onboarding to keep your primary data within the EEA.
11. Security
We implement industry-standard security measures including encrypted connections (TLS), isolated tenant databases, access controls, and regular security reviews. While no system is completely immune to risk, we take reasonable steps to protect your data against unauthorised access, disclosure, or loss.
12. Cookies
We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics, where used, rely on aggregate, anonymised data.
13. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this privacy policy or our data practices, contact us at: