Privacy Policy
What data EZ-CRM processes, why, how it is protected, sub-processors, retention, and your data-subject rights (GDPR/CCPA).
DRAFT — pending counsel review. This document is provided to operate the service and is not final legal advice.
EZ-CRM Privacy Policy
DRAFT — pending counsel review. This document is provided to operate the service and is not final legal advice.
Effective date: June 11, 2026
Version: 2026-06-11
Publisher / Service Provider: Wise Digital Inc.
Contact: info@wisedigitalinc.com
1. Who we are and our role
EZ-CRM is a multi-tenant legal case-management service operated by Wise Digital Inc. ("we", "us"). Each subscribing law firm ("Firm") is the data controller for the personal data it and its staff enter about their clients and matters. We act as a data processor / service provider that stores and processes that data on the Firm's behalf and under its instructions. This Policy describes how we handle personal data in that role. Where we determine the purposes of processing for our own account data (for example, the Firm's user accounts and billing), we act as a controller for that limited data.
2. Data we process
- Account data: name, work email, role, law-firm association, authentication and one-time-password records, session and login metadata (IP address, user agent, timestamps).
- Client and matter data entered by Firm staff: client names and contact details, dates of birth, government identifiers including Social Security numbers, medical information, case facts, parties, documents and files, calendar events, notes, and chat messages.
- Usage and security data: audit logs of significant actions, rate-limiting counters, error and performance diagnostics.
- Optional integrations: when a user connects Google Drive, we store an encrypted refresh token to upload and retrieve that user's files; when geocoding is used, addresses are sent to the mapping provider.
3. How we use data
We process data to provide, secure, and support the service: authentication and two-factor verification, storing and retrieving case and client records, sending transactional email (login alerts, one-time passwords, invitations), generating documents and reports, enforcing tenant isolation between Firms, detecting and preventing abuse, and meeting legal obligations. We do not sell personal data, and we do not use client or matter data to train machine-learning models.
4. Legal bases (GDPR)
For Firm account data we rely on contract performance and our legitimate interests in operating and securing the service. For client and matter data we act on the Firm's documented instructions; the Firm is responsible for establishing the lawful basis for its processing of its clients' data.
5. Security
Data is encrypted in transit using TLS. Highly sensitive fields — Social Security numbers and free-text medical information — are encrypted at rest using authenticated AES-256-GCM with keys held outside the database, and are masked to non-privileged roles in the interface. Access is controlled by role-based permissions and database row-level security that isolate each Firm's data. Files are served through access-checked, expiring links. We apply rate limiting, bot protection, secret scanning, and audit logging. No method of transmission or storage is perfectly secure; we maintain an incident-response process and will notify affected parties as required by law (see our breach-notification procedures). Suspected security vulnerabilities can be reported confidentially to security@wisedigitalinc.com.
6. Sub-processors
We rely on the following sub-processors to deliver the service, each bound by data-processing terms:
- Supabase — database, authentication, and file storage (data hosting).
- SendGrid (Twilio) — transactional email delivery.
- Vercel — application hosting and content delivery.
- Google Drive — optional, per-user file storage when a user connects it.
- Mapbox — address geocoding when mapping features are used.
- Cloudflare Turnstile — bot / abuse protection on authentication.
A current list is available on request to info@wisedigitalinc.com.
7. International transfers
Our sub-processors may process data in the United States and other countries. Where required, transfers are covered by appropriate safeguards such as Standard Contractual Clauses.
8. Retention
We retain data for as long as the Firm's account is active and as needed to provide the service. Authentication, audit, and diagnostic logs are retained on rolling windows and then purged. On Firm instruction or account termination, client and matter data is deleted or returned in accordance with the Firm's retention obligations and our data-processing terms. Our retention schedule is documented in our internal compliance materials.
9. Your rights
Depending on your location, you (or, for client data, the relevant Firm and its clients) may have rights to access, correct, export, restrict, object to, or delete personal data, and to lodge a complaint with a supervisory authority. Account holders can export their associated data and request deletion from within the application. Requests concerning a Firm's clients should be directed to the relevant Firm as controller; we will assist the Firm in responding. To exercise rights or ask questions, contact info@wisedigitalinc.com.
10. California (CCPA/CPRA)
We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information beyond providing the service. California residents have rights to know, delete, correct, and limit the use of sensitive personal information, exercised through the Firm as the business, with our support.
11. Children
The service is intended for use by law firms and their staff and is not directed to children. We do not knowingly collect data directly from children; client data about minors may be entered by a Firm in the course of its representation and is treated as confidential client data.
12. Changes
We may update this Policy. Material changes will be reflected by a new version identifier and effective date, and acceptance may be requested at next sign-in. Continued use after an update constitutes acceptance of the updated Policy.
Contact: info@wisedigitalinc.com