Introduction

PloverCRM (“we,” “our,” or “us”) is a customer relationship management (CRM) solution consisting of a WordPress plugin and mobile application. This Privacy Policy explains how PloverCRM collects, uses, stores, and protects information when you use our services.

PloverCRM is a self-hosted solution. This means that the data you collect through PloverCRM is stored on your own WordPress server, and you are the data controller. We do not have access to the contact data you store in your CRM.

1. Information We Collect

1.1 WordPress Plugin

When you install and use the PloverCRM WordPress plugin, the following information may be collected and stored on your WordPress server:

Contact Information

• Name, email address, phone number
• Custom fields you create for your contacts
• Contact stage/status (e.g., New, Contacted, On Trial, Paid, Lost)
• Lists and tags assigned to contacts
• Notes and activities associated with contacts
• Timeline of interactions and events

Visitor Tracking Data

When visitors submit forms on your website, we may collect:

• UTM Parameters: utm_id, utm_source, utm_medium, utm_campaign, utm_term, utm_content
• IP Address: Visitor’s IP address (stored in IPv4 or IPv6 format)
• Device Information: Device type, brand, operating system, browser name
• Referral Information: Referral domain, landing page URL
• Submission Data: Form submission URL, submission timestamp
• User Agent: Browser and device information from HTTP headers

This tracking data is stored in browser cookies with a 90-day expiration period and is used for attribution and analytics purposes.

Authentication Data

• WordPress user credentials (username and password)
• API keys/passwords for mobile app authentication (stored as hashed values)
• User roles and permissions within PloverCRM

Integration Data

When you connect third-party services:

• Meta (Facebook) Lead Ads: Access tokens, page IDs, form IDs, ad account information
• Meta Conversions API: Pixel IDs, access tokens, event mappings
• Google Ads: OAuth tokens, customer IDs, conversion action IDs
• Form Plugins: Data from Fluent Forms, Elementor Pro Forms, WS Form, and other form integrations

1.2 Mobile Application

The PloverCRM mobile app collects and stores the following information:

Account Information

• WordPress site URL
• Username and API password
• Workspace configurations (stored locally on your device)

Device Information

• Device model and operating system version
• App version information
• Expo push notification tokens (for sending notifications)

Local Storage

The mobile app stores data locally on your device using:

• SQLite database: For caching workspace data, contacts, reminders, and message templates
• Secure storage: For storing authentication credentials
• Local preferences: Theme settings, notification preferences, column visibility settings

Push Notifications

• Expo push tokens are collected to enable push notifications
• Notification preferences and settings
• Reminder notification data (stored locally)

1.3 Cookies and Tracking Technologies

The WordPress plugin uses cookies to track visitor behavior:

• UTM Tracking Cookies: plover_crm_utm_* (90-day expiration)
• Referral Tracking: plover_crm_referral_domain (90-day expiration)
• Landing Page Tracking: plover_crm_landing_page_first_visit (90-day expiration)

These cookies are first-party cookies set by your WordPress site and are used for marketing attribution.

2. How We Use Information

2.1 WordPress Plugin

Information collected by the plugin is used to:

• Manage and organize your customer relationships
• Track lead stages and sales pipeline
• Send email notifications and reminders
• Provide marketing attribution and analytics
• Integrate with advertising platforms (Meta, Google Ads)
• Send conversion data to connected advertising accounts
• Enrich contact profiles with visitor metadata
• Enable role-based access control and permissions

2.2 Mobile Application

Information collected by the mobile app is used to:

• Authenticate users and provide secure access
• Sync contact data between your WordPress site and mobile device
• Display contact information, activities, and reminders
• Send push notifications for reminders and updates
• Enable offline access to cached data
• Provide in-app updates and improvements

3. Data Storage and Security

3.1 Self-Hosted Data

All contact data, form submissions, and CRM information are stored on your own WordPress server. You have full control over this data, including:

• Where it is hosted (your hosting provider)
• Who has access to it
• How long it is retained
• Backup and recovery procedures

We do not have access to your CRM data stored on your WordPress installation.

3.2 Third-Party Services

PloverCRM integrates with third-party services that may store data on their servers:

Push Notification Service

• Expo push tokens are sent to a Cloudflare Worker (fluentcrm-mobile-app.dev-webplover.workers.dev)
• This service manages the delivery of push notifications to mobile devices
• Tokens are associated with your WordPress domain for routing notifications

Advertising Platforms

When you enable integrations:

• Meta (Facebook): Lead data and conversion events are sent to Meta’s servers according to their privacy policy
• Google Ads: Offline conversion data is sent to Google Ads according to their privacy policy

Update Service

• The plugin checks for updates from webplover.com/downloads/wp-webplover-crm/wp-update.json
• Only plugin version information is transmitted during update checks

3.3 Security Measures

PloverCRM implements the following security measures:

• Password Hashing: API passwords are hashed using WordPress’s wp_hash_password() function
• Secure Authentication: Mobile app uses API key authentication separate from WordPress passwords
• Role-Based Access Control: Granular permissions for different user roles
• HTTPS Support: Secure cookie transmission when SSL is enabled
• IP Validation: IP addresses are validated before storage
• Secure Storage: Mobile app uses Expo SecureStore for sensitive credentials

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or your customers’ information to third parties.

4.2 Third-Party Integrations

When you enable integrations, data is shared with third-party services:

• Meta Lead Ads & Conversions API: Contact information and conversion events
• Google Ads: Conversion data for offline conversion tracking
• Form Plugins: Form submission data is processed and stored in your CRM

These integrations are optional and controlled by you. Data sharing only occurs when you explicitly configure and enable these integrations.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or security issues
• Protect the safety of users or the public

5. Data Retention

5.1 WordPress Plugin

Data retention is controlled by you as the site administrator:

• Contact data is retained until you delete it
• Activity logs and timeline events are retained indefinitely unless deleted
• Integration logs may be automatically cleaned up based on your settings
• Cookies expire after 90 days but may be refreshed on subsequent visits

5.2 Mobile Application

• Cached data is stored locally until you log out or clear app data
• Push notification tokens are retained until you disconnect a workspace
• Local preferences persist until you uninstall the app

6. Your Rights and Choices

6.1 As a PloverCRM Administrator

You have full control over your CRM data:

• Access, modify, or delete any contact information
• Export contact data in CSV format
• Configure which tracking data is collected
• Enable or disable integrations
• Manage user roles and permissions
• Delete your PloverCRM installation and all associated data

6.2 As a Contact/End User

If your information is stored in a PloverCRM installation, you have rights under applicable privacy laws (GDPR, CCPA, etc.):

• Right to Access: Request a copy of your personal information
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure: Request deletion of your information
• Right to Restrict Processing: Request limitation of how your data is used
• Right to Data Portability: Request your data in a portable format
• Right to Object: Object to certain types of processing

To exercise these rights, contact the administrator of the website that uses PloverCRM to store your information.

6.3 Cookie Preferences

You can control cookies through your browser settings:

• Block all cookies
• Delete existing cookies
• Set preferences for third-party cookies

Note that blocking cookies may affect the functionality of websites using PloverCRM.

7. Children’s Privacy

PloverCRM is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

PloverCRM is self-hosted, meaning data is stored on your chosen hosting provider’s servers. If you host your WordPress site in a different country than where your contacts are located, data may be transferred internationally. You are responsible for ensuring compliance with applicable data transfer regulations.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Updating the “Last Updated” date at the top of this policy
• Posting a notice in the plugin admin area
• Sending an email notification (if we have your contact information)

Your continued use of PloverCRM after changes are posted constitutes acceptance of the updated policy.

10. Third-Party Services Privacy Policies

PloverCRM integrates with third-party services that have their own privacy policies:

• Meta (Facebook): https://www.facebook.com/privacy/policy/
• Google Ads: https://policies.google.com/privacy
• Expo (Push Notifications): https://expo.dev/privacy

We encourage you to review these policies to understand how these services handle your data.

11. Data Processing Addendum

If you use PloverCRM to process personal data of individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you are the data controller and are responsible for:

• Obtaining necessary consents from contacts
• Providing privacy notices to contacts
• Ensuring lawful basis for processing
• Implementing appropriate security measures
• Responding to data subject requests
• Maintaining records of processing activities

12. Contact Information

PloverCRM is developed by WebPlover.

For questions about this Privacy Policy or PloverCRM’s data practices, please contact:

For data privacy requests related to your information stored in a PloverCRM installation, please contact the administrator of the specific website using PloverCRM.

13. Compliance and Certifications

PloverCRM is designed to help you comply with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Other applicable privacy laws

However, as the data controller, you are responsible for ensuring your use of PloverCRM complies with all applicable laws and regulations.

14. Data Breach Notification

In the event of a security breach affecting PloverCRM software:

• We will notify affected users via email and plugin notifications
• We will provide information about the nature of the breach
• We will recommend steps to protect your data

As a self-hosted solution, you are responsible for monitoring and responding to breaches of your WordPress server.