Last Updated: 3/31/2026
Effective Date: 3/31/2026
Introduction
Core365 ERP ("Core365," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our software-as-a-service platform and related services (collectively, the "Service").
Core365 provides business management software to business customers ("Clients"). This Privacy Policy applies to:
Important: If you are an end user or customer of one of our Clients' businesses, please contact that business directly for information about how they handle your personal information.
Core365 processes such information as a service provider on behalf of our Clients.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
Client Data:
Communications:
1.2 Information Collected Automatically
Usage Data:
Cookies and Tracking Technologies:
For more information about cookies, see Section 8 below.
1.3 Information from Third-Party Integrations
If you connect third-party services to Core365 (such as Google Workspace, Facebook Business, payment processors, or marketing platforms), we may receive information from those services as necessary to provide the integration. The information received depends on the specific integration and your settings with that third-party service.
Third-party services we may integrate with include:
2. How We Use Information
We use the information we collect for the following purposes:
To Provide the Service:
To Improve and Protect the Service:
To Communicate with You:
To Comply with Legal Obligations:
3. How We Share Information
We do not sell your personal information. We share information only in the following circumstances:
3.1 Service Providers
We share information with third-party vendors who perform services on our behalf, including:
| Category | Providers | Purpose |
| Cloud Infrastructure | Google Cloud, AWS | Hosting and data storage |
| Analytics | Google Analytics | Service usage analysis |
| Email Services | ActiveCampaign, Drip | Marketing and transactional emails |
| Payment Processing | Stripe, [others] | Billing and payments |
| Customer Support | [Provider] | Support ticket management |
All service providers are contractually obligated to use your information only for the services they provide to us and to maintain appropriate security measures.
3.2 Third-Party Integrations
When you enable integrations with third-party services (Facebook, Google, etc.), information may be shared with those services according to the permissions you grant. Those services' privacy policies govern their use of your information.
3.3 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
3.5 With Your Consent
We may share information with third parties when you give us explicit consent to do so.
4. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
| Account Information | Duration of account plus 3 years |
| Transaction Records | 7 years (tax/legal requirements) |
| Usage Logs | 24months |
| Support Communications | 5 years from resolution |
| Marketing Preferences | Until opt-out, then deleted within 30 days |
Client Data: We retain Client Data according to our agreements with Clients. Upon termination of a Client account, we will delete or return Client Data within 90 days, unless legally required to retain it.
5. Data Security
We implement industry-standard security measures to protect your information, including:
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights and Choices
6.1 Account Information
You may update or correct your account information at any time by logging into the Service or contacting us at privacy@core365.io.
6.2 Marketing Communications
You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Note that you may still receive transactional or administrative communications.
6.3 Cookies
Most web browsers accept cookies by default. You can usually modify your browser settings to decline cookies, although this may affect your ability to use certain features of the Service.
6.4 Data Export
Clients may export their data from the Service in standard formats. Contact support@core365.io for assistance.
7. California Privacy Rights (CCPA/CPRA)
7.1 Core365 as a Service Provider
Core365 operates as a "Service Provider" under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) with respect to personal information we process on behalf of our Clients. We process personal information solely to provide our Service as described in our agreements with Clients.
For End Users of Our Clients: If you are a California resident and a customer of a business that uses Core365, please contact that business directly to exercise your privacy rights. They are responsible for responding to your requests under California law. We will cooperate with our Clients to fulfill verified consumer requests.
7.2 Our Direct Collection
For personal information we collect directly from California residents (such as Client contacts and website visitors), you have the following rights:
Categories of Personal Information Collected (preceding 12 months):
| Category | Examples | Collected | Sold | Shared for Advertising |
| Identifiers | Name, email, IP address | Yes | No | No |
| Commercial Information | Transaction history, account details | Yes | No | No |
| Internet Activity | Usage logs, browsing history | Yes | No | No |
| Geolocation | City, state (approximate) | Yes | No | No |
| Professional Information | Job title, company | Yes | No | No |
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
7.3 Exercising Your Rights
To exercise your California privacy rights, contact us at:
We will respond to verified requests within 45 days. We may request additional information to verify your identity.
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
| Essential | Authentication, security, core functionality | Session |
| Analytics | Understanding how the Service is used | Upto2years |
| Preferences | Remembering your settings and choices | Upto1 year |
8.2 Analytics Services
We use Google Analytics to analyze Service usage. Google Analytics uses cookies to collect information about your use of the Service, which is transmitted to and stored by Google. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
8.3 Your Cookie Choices
You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
9. International Data Transfers
Core365 is based in the United States. The Service is intended for use within the United States. If you access the Service from outside the United States, you do so at your own risk and are responsible for compliance with local laws. Your information will be transferred to, stored, and processed in the United States.
10. Children's Privacy
The Service is intended for business use and is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information.
11. Data Processing Agreement
If you are a Client that processes personal information of individuals protected by U.S. privacy laws (such as CCPA or other state privacy laws), we offer a Data Processing Agreement (DPA) that governs our role as a service provider. Our standard DPA includes:
To request a DPA, contact: legal@core365.io
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
For material changes that affect how we use personal information previously collected, we will provide notice via email or through the Service before the changes take effect.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
Core365 ERP 1064 SN County Blvd, Suite #260 Pleasant Grove, UT 84062 United States
Email: privacy@core365.io General Inquiries: hello@core365.io Legal Matters: legal@core365.io
14. Additional Information for Specific Integrations
14.1 Google Workspace Integration
If you connect Google Workspace to Core365, we access your Google data only as necessary to provide the integration features you enable. We do not use Google Workspace data to train AI models or for advertising purposes. Core365 affirms that Google Workspace APis are not used to develop, improve, or train generalized AI and/or ML models.
14.2 Facebook/Meta Integration
If you connect Facebook Business tools to Core365, we may access your Facebook account data according to the permissions you grant. We use this data solely to provide the features you enable (such as lead management, messaging, or advertising integration). We do not sell or share your Facebook data with third parties except as necessary to provide the Service.
14.3 SMS and Communications
If you use Core365 to send SMS messages or other communications, you are responsible for obtaining all necessary consents from your recipients under applicable law (including the Telephone Consumer Protection Act). Core365 acts as a conduit for communications you initiate and does not independently send communications to your contacts.
.svg)
