← Back to Murray CRM

Privacy Policy

Last updated: May 9, 2026

Murray CRM ("Murray," "we," "us," or "our") is operated by MurgEx, a California limited liability company located in Antioch, California. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our communications platform.

1. Information We Collect

We collect the following categories of information:

• Account information: Name, email address, phone number, company name, and role when you create an account.
• Communications data: Phone calls (via RingCentral), SMS messages, emails (via Gmail), and Facebook Messenger messages processed through our platform.
• Driver and carrier records: CDL numbers, Social Security numbers, medical card details, and DOB — all encrypted at rest using pgsodium field-level encryption.
• Usage data: Login times, feature usage, IP addresses, browser type, and device information.
• Telematics data: Vehicle location and status data synced from Samsara when enabled by your organization.
• TMS data: Load, driver, and dispatch records synced from TMSFalcon when enabled by your organization.

2. How We Use Information

We use collected information to:

• Provide, operate, and improve the Murray CRM platform.
• Process and route communications (calls, SMS, email) to the appropriate team members.
• Generate AI-assisted draft replies and conversation summaries.
• Maintain audit logs for compliance with DOT and FMCSA regulations.
• Send transactional notifications (account invites, password resets).
• Detect and prevent fraud, abuse, and security incidents.

3. Sharing With Third Parties

We share data only with service providers necessary to operate Murray CRM:

• Google (Gmail API): Email sending and receiving on your behalf.
• RingCentral: Voice calls, SMS, and call recordings.
• Samsara: Vehicle telematics data (only when you enable this integration).
• TMSFalcon: TMS data synchronization (only when you enable this integration).
• Supabase: Database hosting (US datacenter, encrypted at rest).
• Cloudflare: Content delivery, DDoS protection, and SSL.
• Sentry: Error monitoring and application performance.
• Google Gemini / Anthropic Claude: AI processing for draft generation and summarization. No PII is sent to AI providers — only anonymized conversation context.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Data Retention

• Active data: Retained for the duration of your subscription plus 90 days after account closure.
• Audit logs: Retained for 7 years to comply with DOT/FMCSA record-keeping requirements.
• Encrypted sensitive fields: Deleted within 30 days of account closure or upon written request.
• Backups: Purged within 90 days of data deletion from primary systems.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Receive your data in a structured, machine-readable format.
• Opt-out: Opt out of non-essential data processing.

To exercise any of these rights, contact us at [email protected] (or [email protected] until that address is active).

6. Security and Encryption

We implement industry-standard security measures including:

• Field-level encryption (pgsodium) for all sensitive PII (SSN, CDL, medical card, DOB).
• Row Level Security (RLS) enforcing tenant data isolation at the database level.
• TLS encryption for all data in transit via Cloudflare.
• Encrypted backups with split-key management.
• Comprehensive audit logging of all data access.

7. Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery via email and in-app notification. We will also notify relevant regulatory authorities as required by applicable law.

8. International Transfers

Murray CRM is hosted in the United States. If you access our services from outside the US, your data will be transferred to and processed in the United States. By using Murray CRM, you consent to this transfer.

9. Children's Privacy

Murray CRM is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it is used.
• Right to delete personal information.
• Right to opt-out of the sale of personal information (we do not sell your data).
• Right to non-discrimination for exercising your privacy rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of Murray CRM after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries:

MurgEx
Antioch, California, USA
Email: [email protected]