← Legal

Privacy Policy

Fergus CRM Integration

Last updated: 19 April 2026  ·  Effective date: 3 April 2026

1. Introduction and Identity of the Operator

Fergus CRM Integration (the "App") is operated by FernNola Limited (NZBN 9429053630490) ("we", "us", or "our"), a New Zealand limited liability company.

The App is a software integration that connects your CRM platform accounts with Fergus job management accounts, enabling the secure and automated transfer of data between the two platforms.

Contact details for privacy enquiries:
Email: support@fernnola.com
Website: www.fernnola.com
Registered office: 1222 State Highway 16, RD3, Waimauku, New Zealand

2. Scope of This Privacy Policy

This Privacy Policy describes how we collect, use, handle, store, and protect information when you install and use the Fergus CRM Integration App through the CRM Marketplace.

This policy applies to:

  • App users - CRM account holders, including agencies and subaccounts, that install and use the App.
  • CRM staff members - CRM users within an installed account whose details are recorded when they access the embedded App page.
  • End customers - Individuals whose data (including contact details, job records, and site information) is processed through the App as a result of an App user's activity.

Where you are an end customer, your primary privacy relationship remains with the business controlling your data. This policy explains how we process personal data on that business's behalf.

3. Our Role Under Data Protection Laws

Under the New Zealand Privacy Act 2020, the UK/EU General Data Protection Regulation (GDPR), and equivalent legislation, our role depends on the context of processing:

  • Data Processor - Where we process customer contact, job, or site data on behalf of an App user. In this context, the App user is the Data Controller.
  • Data Controller - Where we process information provided directly to us, including account credentials, OAuth tokens, CRM staff user details, and support communications.

4. Categories of Data We Process

4.1 Data Synced Between the CRM and Fergus

The App facilitates the transfer of the following categories of data between the CRM and Fergus:

CategoryExamples
Contact / customer detailsNames, email addresses, phone numbers, physical addresses
Jobs / opportunitiesJob titles, descriptions, statuses, assigned contacts, scheduled dates
Site detailsSite names, addresses, access notes, and related location information

Data is transferred in near real time as part of the sync operation. To operate the integration and maintain an activity log, we store a subset of this data on our servers, including contact names, opportunity names, pipeline and stage names, and Fergus job numbers. This information is retained as described in Section 7 and is used solely for deduplication, error diagnosis, audit trail, and displaying activity history within the App.

4.2 Authentication Tokens

To operate the integration, we store OAuth access tokens and refresh tokens for the CRM, and a Fergus Personal Access Token (PAT). These tokens:

  • Are necessary to authenticate API requests on your behalf
  • Are encrypted at rest using AES‑256 or equivalent
  • Are used solely for operating the integration
  • Are permanently deleted within 7 days when you uninstall the App or revoke access

4.3 CRM Staff User Data

When a CRM staff member opens the embedded App page within the CRM, we record:

  • Their CRM user ID, name, and email address
  • Their CRM role (e.g. admin)
  • The date and time they last accessed the App

This information is used to provide a personalised experience within the App and for operational monitoring. It is retained for the life of the App installation and deleted within 7 days of uninstallation.

4.4 Activity Log Data

The App maintains an activity log of events for each installed location, including:

  • Job creation events - contact name, opportunity name, Fergus job number, pipeline and stage, action taken
  • Quote outcome events - whether a quote or estimate was published, sent, accepted, or rejected, and which pipeline stage the opportunity moved to; job phase events recording when a job is scheduled, work-completed, or invoiced
  • Error and conflict records - error messages and details of any data conflicts encountered

This log is visible to App users within the embedded App and is used to provide transparency about integration activity. Log records are retained for the life of the App installation.

4.5 Technical and Operational Data

We collect limited technical information required to operate and maintain the App, including API response metadata and error diagnostics. This data does not include full customer records and is retained for a maximum of 30 days.

4.6 Support Communications

If you contact us for support, we process the information you provide (such as name, email address, account details, and issue description) solely to respond to and resolve your enquiry.

5. Purposes and Lawful Bases for Processing

We process information only for the purposes outlined below:

PurposeLawful Basis (GDPR)NZ Privacy Act Principle
Syncing data between the CRM and FergusPerformance of contractIPP 2
Maintaining authentication connectionsLegitimate interests / contractIPP 4
Maintaining an activity log for App usersLegitimate interests / contractIPP 1
Recording CRM staff user accessLegitimate interestsIPP 1
Operating and improving the AppLegitimate interestsIPP 1
Responding to support enquiriesLegitimate interests / contractIPP 1
Legal and regulatory complianceLegal obligationIPP 1

We do not:

  • Sell or commercially share data
  • Use customer data for marketing or profiling
  • Train artificial intelligence or machine‑learning models using App data
  • Use data for purposes unrelated to operating the integration

6. Data Sharing and Sub‑Processors

The App acts as a conduit between third‑party platforms and relies on the following sub‑processors:

RecipientPurposeLocation
The CRM platform operatorIntegration source platform - governed by the CRM platform's own privacy policyUnited States
Fergus SoftwareIntegration target platform - governed by the Fergus Privacy PolicyNew Zealand / Australia
Vercel Inc.Application hosting and serverless infrastructureUnited States
Railway (Infrastructure as a Service)Database hosting - all App data is stored in a PostgreSQL database hosted on RailwayUnited States

We do not use additional sub‑processors beyond those listed above. Should this change, this policy will be updated accordingly. We are not responsible for the privacy practices of third‑party platforms and encourage users to review their respective policies.

7. Data Retention

Data TypeRetention Period
CRM OAuth tokens and Fergus PATDeleted within 7 days of App uninstallation or access revocation
Activity log records (contact names, job numbers, outcomes)For the life of the App installation; deleted within 7 days of uninstallation
CRM staff user data (name, email, role, last seen)For the life of the App installation; deleted within 7 days of uninstallation
API response metadata and error diagnostics30 days
Support communications2 years from last contact

Upon uninstallation of the App, all tokens, activity log records, staff user data, and residual account‑related data are permanently deleted within 7 days.

8. Data Security

We implement appropriate technical and organisational safeguards, including:

  • Encryption of OAuth tokens and API credentials at rest (AES‑256 or equivalent)
  • Encryption of data in transit (TLS 1.2 or higher)
  • Restricted access to infrastructure and systems
  • Periodic review of security controls

No system is entirely secure. If you become aware of a security issue, please contact support@fernnola.com immediately.

9. International Data Transfers

The App is operated from New Zealand. Application infrastructure is hosted on Vercel Inc. and data is stored in a Railway-hosted PostgreSQL database, both of which may process data in the United States. The CRM and Fergus may also process data in multiple jurisdictions, including the United States and Australia.

  • UK / EEA users: Transfers outside the region are safeguarded by standard contractual clauses and recognised compliance certifications.
  • New Zealand users: Transfers comply with Information Privacy Principle 12 of the NZ Privacy Act 2020.

10. Your Rights

New Zealand (Privacy Act 2020)

  • Right to access personal information
  • Right to request correction
  • Right to complain to the Office of the Privacy Commissioner

United Kingdom / European Union (GDPR)

  • Right of access, rectification, and erasure
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent (where applicable)
  • Right to lodge a complaint with a supervisory authority

Requests can be submitted to support@fernnola.com. We respond within 20 working days (NZ) or 30 calendar days (GDPR).

11. Children's Data

The App is intended for business use and is not directed at individuals under the age of 18. We do not knowingly process children's personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will reflect any changes. Continued use of the App constitutes acceptance of the updated policy.

13. Contact and Complaints

FernNola
Email: support@fernnola.com
Website: www.fernnola.com

New Zealand users may also contact the Office of the Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909

UK and EU users may lodge complaints with their local data protection authority, such as the UK Information Commissioner's Office (ICO): www.ico.org.uk

This Privacy Policy applies to the Fergus CRM Integration operated by FernNola and distributed via the CRM Marketplace.