WARMACHINECRM
CostProductDeploymentPricingFAQ
Ops · LiveDeploy →
LEGAL

Privacy Policy

Effective: April 26, 2026

This Privacy Policy describes how ChainBreaker Consulting (“we”, “us”) collects, uses, and shares information when you use WarMachineCRM (the “Service”), our website, and related communications. We do not sell personal information.

1. Information We Collect

a. Account Information

Name, email address, workspace name, and password hash. Billing identity is collected and processed by Whop, our payment processor.

b. CRM & Workspace Data

Contacts, leads, opportunities, tags, sequences, replies, call records, and any other data you import into or generate within the Service.

c. Campaign Content

Offer descriptions, target ICP descriptions, sequence copy, uploaded CSVs, and instructions you provide when configuring campaigns.

d. Usage & Telemetry

Pages viewed, features used, errors encountered, IP address, browser type, device identifiers, timestamps. We use this for product analytics, security monitoring, and support.

e. Communications

Email correspondence, support requests, calendar bookings, and notes from sales calls.

We do not knowingly collect data from individuals under 18, nor do we collect special-category personal data (health, biometric, government identifiers, etc.) through the Service.

2. How We Use Information

  • Provide, operate, and maintain the Service
  • Execute the campaigns, sequences, and dialer activity you configure
  • Bill you for the Service via Whop
  • Provide customer support
  • Improve the Service through analytics and feature development
  • Send operational communications (e.g., warmup completion, billing receipts, security notices)
  • With consent, send marketing communications you can opt out of at any time
  • Detect, prevent, and respond to fraud, abuse, security incidents, and legal violations
  • Comply with legal obligations

3. Subprocessors & Service Providers

The Service depends on the following processors, each of whom is contractually bound to confidentiality and security obligations no less protective than ours:

  • Supabase — managed Postgres database, authentication, and file storage (United States)
  • GoHighLevel / LeadConnector — CRM backend, sending infrastructure, calendar, dialer (United States)
  • Whop — payment processing and subscription billing (United States)
  • Vercel — application hosting, edge network (United States)
  • Anthropic and/or other large language model providers — sequence copy generation (United States)
  • FindyLead and similar enrichment providers — lead data fulfillment
  • Email/Calendar providers we use for transactional and support correspondence

A current list is maintained in our Data Processing Agreement and updated as subprocessors change.

4. How We Share Information

We share information only:

  • With the subprocessors listed above
  • With your explicit consent
  • To comply with legal process (subpoena, court order, etc.) or applicable law
  • To enforce our Terms or protect the rights, property, or safety of you, us, or others
  • In connection with a merger, acquisition, or sale of assets, subject to confidentiality and continuing obligations

We do not sell personal information. We do not share data with advertising networks.

5. Your Rights

Depending on your jurisdiction (e.g., GDPR for EU/UK residents, CCPA/CPRA for California residents), you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete information
  • Delete personal data, subject to legal retention requirements
  • Object to or restrict certain processing
  • Receive a portable copy of your data in a machine-readable format
  • Withdraw consent previously given
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights, email alex@warmachinecrm.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

6. Cookies & Tracking

We use only essential cookies — for authentication, session management, and a small number of preferences (theme, etc.). We do not use advertising cookies, retargeting pixels, or third-party analytics trackers on this site.

7. Data Retention

We retain account data for the duration of your subscription plus 90 days, after which it is deleted, unless we have a legal obligation to retain it longer (e.g., for tax records). Aggregate, de-identified usage data may be retained indefinitely. Backups follow our standard retention schedule and are overwritten on rotation.

8. Security

We use industry-standard practices: TLS 1.2+ encryption in transit, encryption at rest for databases and file storage, role-based access controls, least-privilege service accounts, authenticated and rate-limited APIs, security logging, and regular review of subprocessor practices. No system is 100% secure; you remain responsible for safeguarding your account credentials.

9. International Transfers

We are based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. For transfers from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses (SCCs) with appropriate supplementary measures, as detailed in the DPA.

10. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with at least 30 days' advance notice on this page. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

Privacy questions, data subject requests, or to designate a GDPR/UK GDPR representative point of contact: alex@warmachinecrm.com.