1. Who We Are
Unavoidable Marketing Ltd (company number 08013355) operates the Unavoidable Marketing CRM platform. Our registered address is 152 Osmondthorpe Lane, Leeds, LS9 9EG. We are the Data Controller for your personal data.
We take privacy seriously. This policy explains what data we collect, why we collect it, how it is used, and your rights under UK GDPR and the Data Protection Act 2018.
2. What Data We Collect
Account data
- Your name, email address and hashed password (never stored in plain text)
- Company name, address and phone number
- Billing information (processed securely by Stripe - we never store card numbers)
Usage data
- Pages visited, features used and actions taken within the CRM
- Login timestamps and IP addresses for security purposes
- Browser type and device information
Client data you store in the CRM
When you import contacts, create jobs or log communications, that data is stored on your behalf. You are the Data Controller for your clients' data. We are the Data Processor. See our Data Processing Agreement for full details.
๐ก We never sell your data or your clients' data to third parties. We never will. Your data is yours.
3. How We Use Your Data
- To provide the service - running the CRM platform you have subscribed to
- Account management - billing, renewals and support communications
- Security - detecting and preventing unauthorised access, fraud and abuse
- Product improvement - anonymised usage analytics to improve features
- Legal obligations - complying with UK law and regulatory requirements
4. Security - Our Number One Priority
๐
Encrypted passwords
All passwords are hashed with bcrypt (cost factor 12). We cannot see your password.
๐
HTTPS everywhere
All data in transit is encrypted using TLS 1.2+. HTTP is automatically redirected to HTTPS.
๐ก๏ธ
Two-factor authentication
2FA via TOTP (Google Authenticator compatible) is available for all accounts.
โฑ๏ธ
Session timeout
Sessions expire after 30 minutes of inactivity to protect unattended devices.
๐ซ
Brute force protection
Login attempts are rate-limited and accounts are temporarily locked after repeated failures.
๐ข
Data isolation
Each company's data is strictly isolated. No account can access another's data.
๐
API key encryption
Third-party API keys (Twilio, Bland.ai etc.) are encrypted before storage.
๐
CSRF protection
All forms include CSRF tokens to prevent cross-site request forgery attacks.
5. Data Retention
We retain your account data for as long as your subscription is active. After cancellation, your data is retained for 30 days to allow recovery, then permanently deleted. You can request immediate deletion at any time by contacting us.
Backups are retained for up to 90 days and are then permanently destroyed.
6. Your Rights Under UK GDPR
- Right of access - request a copy of all data we hold about you
- Right to rectification - correct inaccurate data
- Right to erasure - request deletion of your data ("right to be forgotten")
- Right to data portability - receive your data in a machine-readable format
- Right to object - object to processing based on legitimate interests
- Right to restrict processing - limit how we use your data
To exercise any of these rights, email dpo@unavoidablem.com. We will respond within 30 days.
7. Cookies
We use strictly necessary session cookies only. We do not use tracking cookies, advertising cookies or third-party analytics cookies. No cookie banner is required because we only use cookies that are essential for the service to function.
8. Third-Party Services
We use the following third-party services to operate the platform:
- Stripe - payment processing (UK/EU data centres, PCI-DSS compliant)
- Twilio - SMS and calling infrastructure
- Bland.ai - AI receptionist calls
- OpenRouter / Anthropic - AI content generation features
Each processor is subject to a Data Processing Agreement. We only share the minimum data necessary for each service to function.
9. Contact & Complaints
.png)
UNAVOIDABLE MARKETING CRM