Privacy Policy — AGM Pro Tools

Privacy Policy

Effective Date: May 15, 2026  |  Last Reviewed: May 18, 2026 (no sub-processor changes)  |  AGM Pro Tools  |  agmprotools.com

AGM Pro Tools ("we," "us," or "our") operates agmprotools.com and provides automated growth management and integration services. This Privacy Policy describes how we collect, use, and protect information when you use our website and services.

1. Information We Collect

1.1 Information You Provide

When you create an account, subscribe to our services, or contact us, we may collect:

  • Name and business name
  • Email address and phone number
  • Billing and payment information (processed by our third-party payment provider; we do not store credit card numbers)
  • Information about your operations platform (e.g., Jobber, Field Routes, Housecall Pro)
  • Information about your CRM or sales platform (e.g., AGM, Salesforce)

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Pages visited and time spent on our website
  • Referring website or source

We use this information solely to improve our website and understand how visitors find us. We do not use advertising trackers, sell website visitor data, or build behavioral profiles.

1.3 Client Business Data (Integration Services)

When you use our integration services, business data passes through our platform as we sync information between your connected systems (e.g., from your FSM platform to your CRM). This data may include:

  • Customer names, email addresses, and phone numbers from your FSM platform
  • Job details, quotes, appointments, and service records
  • Subscription and billing information from your FSM platform

Important: This business data belongs to you. We process it solely to provide the integration service you have subscribed to. We do not store your underlying business data long-term. We retain processing metadata (event identifiers) to ensure reliable, deduplicated delivery. We do not use your data for marketing and do not share it with any third party other than the destination system you have authorized (your CRM).

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our integration services
  • Process your subscription and payments
  • Communicate with you about your account, service updates, and support requests
  • Monitor system health and ensure reliable service delivery
  • Improve our platform and develop new features
  • Comply with legal obligations

We do not use your information for targeted advertising, do not sell your information to third parties, and do not use your business data for any purpose other than providing the integration service.

3. How We Protect Your Information

We implement the following security measures to protect your data:

  • Client isolation — Each client's integration operates in a completely separate environment. Your credentials, data, and processing are isolated from every other client.
  • Encryption — All credentials and API keys are encrypted at rest. Data in transit is encrypted via TLS/HTTPS.
  • Access controls — We use a multi-tier access model. Monitoring systems have zero access to production credentials or client data.
  • Automated credential management — OAuth tokens are refreshed automatically. API keys are validated daily through automated health checks.
  • No long-term data storage — Client business data passes through our platform but is not retained. We maintain only processing state (event identifiers) to ensure reliable delivery.

4. Information Sharing

We may share information only in the following circumstances:

  • With your authorized destination systems — We send your business data to the CRM or platform you have connected and authorized (e.g., AGM, Salesforce). This is the core function of our service.
  • With service providers (sub-processors) — We use third-party infrastructure providers to host and run our services. These providers process data on our behalf under written agreements requiring data-protection terms at least as strict as ours. Our current sub-processors are listed below.
  • To comply with law — We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not sell, rent, or trade your personal information or business data to any third party.

4.1 Current Sub-processors

As of the effective date of this policy, AGM Pro Tools engages the following sub-processors. We provide at least 30 days' notice to enterprise customers before adding or replacing a sub-processor that processes Personal Data on their behalf.

  • Modal Labs, Inc. (United States) — serverless compute and storage infrastructure
  • GoHighLevel / LeadConnector (United States) — CRM backbone (white-labeled as the AGM platform)
  • Anthropic, PBC (United States) — AI inference (large language model)
  • OpenAI, LLC (United States) — AI inference (large language model and embeddings)
  • Amazon Web Services, Inc. (United States) — object storage (S3) for backups and media uploads
  • Stripe, Inc. (United States, EU) — payment processing for subscription billing
  • Google LLC (Workspace) (United States) — email delivery, Sheets API integrations
  • Microsoft Corporation (M365) (United States) — email delivery for certain enterprise tiers
  • Salesforce, Inc. (United States) — legacy CRM integration for certain enterprise tiers
  • Neon, Inc. (United States) — managed Postgres database hosting
  • GitHub, Inc. (United States) — static site hosting (aggregated, non-PII content only)
  • ZeroBounce, Inc. (United States) — email address verification

Enterprise customers may request our standard Data Processing Agreement, which incorporates these sub-processors, the EU Standard Contractual Clauses for international transfers, and the UK Addendum. Contact [email protected] to request a copy.

5. Data Retention

  • Account information — Retained while your account is active and for a reasonable period afterward for record-keeping and legal compliance.
  • Integration data — Business data passes through our platform in real time. We retain processing state (event identifiers and deduplication records) for the duration of your subscription to ensure reliable delivery and prevent duplicate processing. We do not retain the underlying business data (customer names, contact details, job records) beyond the time needed to complete each sync operation.
  • Backups — Automated system backups are retained on a 7-day rolling basis and contain processing state only, not client business data.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Opt out of marketing communications
  • Request a copy of your data in a portable format

To exercise any of these rights, contact us at [email protected].

California Residents (CCPA/CPRA)

We do not sell personal information as defined under the California Consumer Privacy Act. We do not use personal information for cross-context behavioral advertising. California residents may contact us to request access to, deletion of, or information about the personal information we collect.

European Economic Area, UK, and Swiss Residents (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation and the UK GDPR. These include the right to:

  • Access the Personal Data we hold about you
  • Request rectification of inaccurate or incomplete Personal Data
  • Request erasure ("right to be forgotten") where applicable
  • Restrict processing in certain circumstances
  • Receive your Personal Data in a portable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where consent is the lawful basis
  • Lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. UK residents may complain to the Information Commissioner's Office (ico.org.uk).

Lawful bases for processing. We rely on the following lawful bases under GDPR Art. 6:

  • Contract performance (Art. 6(1)(b)) — for delivering the integration services you subscribed to.
  • Legitimate interests (Art. 6(1)(f)) — for fraud prevention, service security, system health monitoring, and abuse detection. You may object to processing on this basis as described above.
  • Legal obligation (Art. 6(1)(c)) — where we are required to retain or disclose Personal Data by law.
  • Consent (Art. 6(1)(a)) — where we have asked for and you have given explicit consent (e.g., marketing communications). You can withdraw consent at any time.

International data transfers. When Personal Data of EEA, UK, or Swiss Data Subjects is transferred to a country outside the EEA, UK, or Switzerland that has not received an adequacy decision, we rely on the EU Standard Contractual Clauses (Commission Decision 2021/914) and, for UK transfers, the UK Addendum issued by the Information Commissioner's Office. A copy of the SCCs and our Transfer Impact Assessment is available on request.

Personal Data Breach notification. If a Personal Data Breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR Art. 33. Where the Breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay.

Data Processing Agreement. Business customers who require a Data Processing Agreement under GDPR Art. 28 may request our standard DPA at [email protected]. It incorporates the sub-processor list in §4.1, the EU SCCs, and the UK Addendum.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (extendable to 60 days for complex requests, with notice).

7. Cookies

Our website uses only essential cookies required for basic site functionality (e.g., session management). We do not use advertising cookies, tracking pixels, or third-party analytics cookies that track you across other websites.

8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing any information.

9. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, by email. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

AGM Pro Tools
Email: [email protected]
Website: agmprotools.com