Effective date: 11th day of August, 2025
www.karmacrm.com (the “Site”) is owned and operated by John P. Narowski. John P. Narowski is the data controller and can be contacted at: support@karmacrm.com
At Karma Software, Inc., we prioritize your privacy and data security. This Privacy Policy outlines how we adhere to the EU-U.S. Data Privacy Framework (DPF) Principles to safeguard personal information transferred from the European Union (EU) and the United Kingdom (UK) to the United States (U.S.). Our compliance ensures transparency, trust, and adherence to the highest standards of data protection.
This Privacy Policy applies to all personal information collected, processed, and shared under the scope of our certification to the DPF Principles.
We collect personal information to provide services and enhance user experience. Information collected may include names, email addresses, and billing details. We use this data to:
Process transactions and manage customer accounts
Create your account and enable features within the system
Send customer service communications
We share this data only with third parties that help us fulfill these purposes. You will be informed of any new uses of your personal data or changes in third-party data sharing.
We may also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You have the right to opt out of sharing your personal data with third parties or using your data for purposes other than those originally collected or authorized. By opting out, your account will be placed at a Free Account level, and any integrations will be severed. Please contact us at support@karmacrm.com to exercise this right.
When transferring personal data to third parties, we ensure that they maintain the same level of data protection required under the DPF Principles. Contracts and other measures are implemented to ensure compliance.
Under the DPF Principles, we remain liable if our third-party service providers process personal data in a manner inconsistent with these Principles, unless we can demonstrate that we are not responsible for the event giving rise to the damage.
We implement reasonable and appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data.
We collect only relevant and accurate data necessary for our legitimate purposes. Personal data is retained only as long as required for the purposes for which it was collected, after which it is securely deleted or anonymized.
You have the right to access your personal data held by us, to correct any inaccuracies, and to request deletion under certain conditions. Please contact support@karmacrm.com for assistance.
We use an independent dispute resolution provider to address unresolved complaints regarding privacy practices. Complaints can also be filed with relevant EU data protection authorities or the U.S. Department of Commerce.
Karma Software, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Karma Software, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Karma Software, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to BBB National Programs Privacy Framework Services, an alternative dispute resolution provider based in the United States, the European Union, and the United Kingdom (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://privacytrust.com/services/data-privacy-framework/dispute-resolution/ for more information or to file a complaint. The services of BBB National Programs Privacy Framework Services are provided at no cost to you.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Under certain conditions, you may also invoke binding arbitration to address residual complaints not resolved by other means. This option is available when you have followed all required procedures outlined in Annex I of the DPF Principles. We are obligated to arbitrate claims and follow the terms set forth in Annex I, provided you deliver notice and meet the conditions described therein.
Contact Information
If you have any questions or concerns regarding this Privacy Policy or how we handle your data under the DPF Principles, please contact: