Privacy Policy

Introduction

CMRH Holdings, LLC, doing business as Further & Co. ("Further & Co.," "we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our client and administrative portals and software, or otherwise interact with our property management services (together, the "Services").

Information We Collect

Information you provide

• Contact and account information: name, email address, phone number, mailing and property address, login credentials, and preferences.
• Property information: details about properties we manage on your behalf, which may include inspection reports, maintenance and service history, equipment and inventory details, photographs and video, and access-related information you choose to provide (such as gate, alarm, lock, and network codes and entry or emergency protocols). This information is sensitive, and we treat it accordingly.
• Documents and communications: documents, contracts, and messages you upload or exchange through the Services.
• Payment and billing information: billing details and payment history. Card payments are processed by our payment provider; we do not store full payment card numbers.
• Authorized user information: information about family members, delegates, or household representatives you add to your account.

Information collected automatically

When you use the Services, we automatically collect usage and device information such as IP address, browser type, pages viewed, and actions taken, including through cookies and similar technologies and through security and audit logs.

Information from third parties

We may receive information from third parties that you connect or that assist our Services, including accounting data from Intuit QuickBooks Online (see below), payment confirmations from our payment processor, location and place data from mapping providers, and vendor information from research sources.

QuickBooks Online (Intuit) Integration

If you choose to connect your Intuit QuickBooks Online account, you authorize us, through Intuit's secure authorization (OAuth) process, to access and exchange certain accounting data in order to provide invoicing and accounting features. This data may include company information, customers, invoices, payments, and items.

• Use: We use QuickBooks data only to provide, maintain, and improve the accounting and invoicing features you request. We do not sell QuickBooks data and do not use it for advertising.
• Access: We request only the access needed for these features, and only our authorized systems and personnel access the data, for these purposes.
• Storage and security: We store QuickBooks data using the safeguards described in the Data Security section below, and access tokens are stored securely.
• Disconnecting: You can disconnect the integration at any time from within QuickBooks or by contacting us. After disconnection, we stop accessing your QuickBooks account and delete or de-identify the associated data within a reasonable period, subject to legal retention obligations.

Our access to and use of QuickBooks data is also subject to Intuit's applicable terms and developer requirements.

How We Use Your Information

We use the information we collect to:

• provide, maintain, and improve our Services;
• operate the client and administrative portals;
• process transactions, invoicing, and payments;
• communicate with you by email, phone, and text message about your account, appointments, inspections, and service updates;
• provide and improve features such as equipment identification and answering your questions about a property;
• protect the security and integrity of the Services, prevent fraud, and maintain audit records;
• send marketing communications where you have opted in; and
• comply with legal obligations and enforce our terms.

Text Messaging

Where you have provided your mobile number and consented, we send service-related and, where separately authorized, marketing text messages. We maintain records of consent and opt-out status. You can opt out at any time by replying STOP, and reply HELP for assistance; message and data rates may apply. We do not sell or share mobile phone numbers with third parties for their own marketing.

Cookies and Similar Technologies

We use cookies and similar technologies that are necessary to operate the Services, including to keep you signed in, remember preferences, maintain security, and understand how the Services are used. You can control cookies through your browser settings, although some features may not function properly without them.

How We Share Information

We do not sell your personal information. We share information only as follows:

• Service providers and sub-processors: trusted vendors that perform services on our behalf, such as hosting, data storage, payment processing, accounting integration, and email and text-message delivery (see the list below).
• Vendors performing the Services: maintenance and service contractors, only as needed to deliver the Services you request.
• Legal and safety: when required by law, legal process, or to protect the rights, property, or safety of our clients, our company, or others.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Privacy Policy.
• With your direction or consent: when you ask us to share information or otherwise consent.

Service Providers We Use

We rely on the following categories of service providers to operate the Services. Each processes information only as needed to provide its service to us:

• Hosting and infrastructure: Vercel, Neon (database), Google Firebase (authentication, storage, and related services), Cloudflare (video delivery), and Upstash.
• Payments: Stripe.
• Accounting: Intuit QuickBooks Online.
• Communications: Resend (email) and HighLevel (text messaging and customer relationship management).
• Maps and research: Google (Places and Maps), Perplexity, and Firecrawl.

Data Security

We implement appropriate technical and organizational measures to protect personal information, including encryption in transit, access controls and authenticated sessions, time-limited signed links for sensitive files, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain personal information for as long as needed to provide the Services and for legitimate business purposes, such as complying with legal, tax, accounting, and recordkeeping obligations, resolving disputes, and enforcing our agreements. When information is no longer needed, we delete or de-identify it.

Your Privacy Rights

Depending on your location, you may have the right to:

• access the personal information we hold about you;
• request correction of inaccurate information;
• request deletion of your personal information;
• opt out of marketing communications; and
• withdraw consent where processing is based on consent.

California

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request deletion or correction; and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights.

EEA and United Kingdom

If you are in the European Economic Area or the United Kingdom, we process personal data on legal bases including the performance of a contract, our legitimate interests, your consent, and legal obligations. You have rights of access, rectification, erasure, restriction, portability, and objection, and you may lodge a complaint with your supervisory authority.

To exercise any of these rights, contact us using the details below. We may need to verify your identity before responding.

International Data Transfers

We are based in the United States, and our service providers may process information in the United States and other countries. If you access the Services from outside the United States, you understand that your information may be transferred to and processed in countries whose data-protection laws may differ from those in your jurisdiction. Where required, we use appropriate safeguards for such transfers.

Children's Privacy

The Services are intended for adults and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

Updates to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last updated" date, and, where appropriate, provide additional notice.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: