Legal
Privacy Policy
Last updated: June 29, 2026
This Privacy Policy describes how TerraTender Services LLC, operator of Optic CRM (“Optic CRM,” “we,” “us,” or “our”), handles information in connection with the Optic CRM platform (the “Service”). Optic CRM is a multi-tenant communications and customer-relationship platform for home-services businesses.
1. Our role: service provider / processor
Optic CRM processes customer information on behalf of the home-services businesses that use the Service (each, a “Connected Business”). With respect to the customer data in a Connected Business’s workspace, the Connected Business is the controller and Optic CRM acts as its service provider/processor. This policy also covers the limited information we collect directly from the people who administer a Connected Business’s account.
2. Information we process
- Account & administrator data. Names, email addresses, phone numbers, and login credentials of the staff who use Optic CRM.
- Customer & conversation data. The contact details and message content of a Connected Business’s customers and prospects — across phone, SMS, iMessage, email, web chat, and connected lead marketplaces — together with related records (quotes, jobs, invoices, notes).
- Connected-platform data. Data we receive through third-party platform APIs and webhooks that a Connected Business authorizes — for example lead, message, and review data from lead marketplaces such as Thumbtack, Angi, and Networx. This may include a customer’s name, phone number, service request details, and message content.
- Usage & device data. IP address, browser/device metadata, and log data generated when staff use the Service.
3. How we use information
- To operate the unified inbox: ingest, route, de-duplicate, and thread each Connected Business’s conversations and leads.
- To draft AI-assisted replies for a human at the Connected Business to review and send.
- To provide quoting, scheduling, invoicing, and payment features the Connected Business enables.
- To secure the Service, prevent abuse, and meet legal obligations.
We use data received from a connected platform solely to provide the Service to the Connected Business that authorized the connection. We do not sell it, and we do not use it for advertising or to build independent profiles.
4. Connected platforms & their API data
When a Connected Business links a third-party platform (such as Thumbtack, Angi, Networx, Google, Stripe, or Twilio), we receive and process data from that platform’s API only as needed to deliver the feature the business enabled (for example, showing a marketplace lead in the inbox and sending the business’s reply back through the platform’s messaging API). Our use of that data complies with the connected platform’s applicable API terms and developer policies in addition to this policy.
5. Data retention & deletion
We retain customer and conversation data for as long as the Connected Business maintains its workspace, and as needed for legal, tax, and dispute-resolution purposes. A Connected Business may request export or deletion of its data at any time.
Connected-platform API data. If a Connected Business disconnects a platform, or ceases using the Service, or if the platform requests it, we promptly destroy the data received through that platform’s API — in any case within five (5) business days, except where retention is required by law.
6. Sub-processors
We rely on the following categories of sub-processors, each bound by its own data-protection terms, solely to operate the Service:
| Sub-processor | Purpose |
|---|---|
| Supabase / Amazon Web Services | Primary database & infrastructure |
| Heroku (Salesforce) | Application backend hosting |
| Cloudflare | DNS, CDN, network security |
| Anthropic, PBC | AI drafting of suggested replies |
| Twilio, Inc. | Voice & messaging transport |
| Stripe, Inc. | Payment processing |
| Google LLC | Maps, email, and conversion measurement |
7. Security
We use industry-standard safeguards including TLS encryption in transit, encryption at rest for sensitive fields, secrets management, and role-based access controls limiting access on a need-to-know basis. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.
8. Your rights
Individuals whose data we process on behalf of a Connected Business should contact that business to exercise privacy rights; we will assist the business in responding. You may also contact us directly at the address below and we will route the request appropriately.
9. Changes
We may update this policy; the “Last updated” date reflects the most recent revision. Material changes will be communicated to Connected Businesses.
10. Contact
TerraTender Services LLC
201 Regester Avenue, Baltimore, MD 21212
privacy@opticcleaning.com