Privacy Policy

Last updated: March 2026

Who we are

TomCRM ("we", "us") provides CRM and automation services for UK small businesses. Our website is tomcrm.co.uk. For any questions about this policy, contact us at hello@tomcrm.co.uk.

What data we collect

We may collect the following personal data:

• Name, email address, phone number, and company name (via contact forms)
• Assessment responses (via scorecards and assessments)
• Website usage data (via Google Analytics 4, only with your consent)
• Cookie preferences

Why we collect it

• To respond to your enquiries and provide our services
• To understand how visitors use our website and improve it
• To generate assessment reports and recommendations

Lawful basis

We process your data under legitimate interest (responding to enquiries, improving our services) and consent (analytics cookies, marketing communications).

Third-party services

We use the following third-party services that may process your data:

• Sanity.io (content management system)
• GoHighLevel (CRM, contact form submissions)
• Google Analytics 4 (website analytics, consent-gated, IP anonymisation enabled)
• Supabase (database for assessment responses)
• Vercel (website hosting)
• Resend (email delivery for assessment reports)

How long we keep your data

Contact form submissions are retained for up to 24 months. Assessment responses are retained for up to 12 months. Analytics data is retained for 14 months (Google Analytics default).

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing
• Withdraw consent at any time
• Lodge a complaint with the ICO (ico.org.uk)

Cookies

We use a single analytics cookie (Google Analytics 4) which is only set after you give consent via our cookie banner. No tracking cookies are set by default.

Contact

For any data protection enquiries, contact us at hello@tomcrm.co.uk.