Privacy Policy

Effective Date: 26th May 2025

Ella CRM is committed to protecting your privacy, ensuring your data is secure, and providing transparency in how we handle your information. This policy outlines how we collect, use, protect, and share your data when you use our platform and services.

1. Introduction

Ella CRM is a white-labeled sales and marketing automation platform operated on High Level and provided by Ella CRM with Katie Colella ("we", "our", or "us"). This policy applies to your use of our platform, website, CRM tools, and any associated features or integrations (collectively, the “Platform”).

2. What We Collect

We may collect and process the following personal data:

Contact details (name, email, phone number etc)

Billing and payment information

Technical information (e.g. IP address, browser, device type)

Platform usage data and activity logs

Marketing and communication preferences

Any personal data submitted via forms, automations, or integrations

3. How We Collect It

Data may be collected:

When you sign up, subscribe, or interact with the Platform

Through forms, chat support, or email correspondence

Automatically through cookies, analytics, and session tracking

Via integrations with third-party tools (e.g., Facebook, Stripe, Mailgun). Please note we are not responsible for 3-rd party tools - please refer to their privacu policies.

4. Use of Data

We use your information to:

Deliver and improve the Ella CRM service

Manage billing, payments, and subscription preferences

Provide support and communicate with you

Send updates, service messages, or marketing (with consent)

Comply with legal and contractual obligations

5. Legal Grounds for Processing

Under UK GDPR and applicable data laws, we rely on the following bases:

Performance of contract – to provide our services

Consent – for marketing and optional data processing

Legal compliance – to meet obligations

Legitimate interests – to ensure platform security and functionality

6. Data Security

We take appropriate technical and organisational measures to safeguard your data, including:

Encryption at rest and in transit (TLS, AES-256)

Multi-factor authentication for internal access

Continuous monitoring, logging, and auditing

Data segregation and access control policies

Regular vulnerability scans and backups

7. Data Sharing & Third Parties

We may share your data with:

Trusted service providers (e.g., hosting, payment processors, email delivery)

Integrated third-party tools, where you have connected them

Regulatory authorities, when legally required

Note: The use of your data by third-party platforms is governed by their own privacy policies. We recommend reviewing these where applicable.

8. International Transfers

Where necessary, data may be transferred outside the UK or EEA. In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other legally approved mechanisms.

9. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including:

Maintaining your account and delivering services

Complying with legal, tax, and audit requirements

Security and fraud prevention

If your account is closed, certain data may still be retained for compliance reasons.

10. Your Rights

You have the right to:

Access a copy of your personal data

Request correction of inaccurate data

Request deletion of your data ("right to be forgotten")

Object to or restrict processing

Request data portability

Withdraw consent at any time (where applicable)

Lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise these rights, please contact us using the details below.

11. Cookies & Analytics

We use cookies and tracking tools to improve the user experience and monitor website performance. You can manage cookie settings through your browser.

12. Acting as Data Processor

For certain services (e.g. client CRM setups, automations), we act as a data processor, processing personal data strictly on your behalf and according to your instructions. A Data Processing Agreement (DPA) governs this relationship where required.

13. Policy Updates

We may update this Privacy & Security Policy to reflect changes in law, technology, or our services. Users will be notified of material changes via email or in-app messaging. Please review this policy periodically.

14. Contact Us

For privacy-related questions or to exercise your rights, contact:

Katie Colella

Ella CRM
Email: [email protected]

Cyber Security

At Ella CRM, we take your privacy and security seriously.

Here's how we keep your business data safe:

1.Top-Tier Data Protection

We use trusted cloud infrastructure with enterprise-grade encryption to protect your data—both when it's stored and when it's moving.

2. Secure Access Only

Access to your account is strictly controlled. Our systems use multi-factor authentication and advanced access controls to keep your information private.

3. Regular Monitoring & Backups

We continuously monitor the platform for unusual activity, and we back up data securely and regularly—just in case.

4. Trained Team & Safe Practices

Everyone who works with Ella CRM is trained in data protection best practices. We never share your data, and we only work with carefully vetted partners.

5. GDPR & Compliance-Ready

Ella CRM is built with compliance in mind. We're aligned with UK GDPR, EU privacy laws, and best practices in data handling. You’re in safe hands.