DATA BREACH POLICY

Last Updated: August 21, 2025

1. Purpose

Cerberus CRM (“we,” “us,” or “our”) values the trust of our clients and their end customers. This Data Breach Policy describes how we handle incidents involving unauthorized access to data within our systems. Our role is limited to promptly notifying our clients of a confirmed breach, as required by applicable law.

2. Scope

This policy applies to all data stored or processed on the Cerberus CRM platform, which is built on the Go HighLevel infrastructure. It covers incidents where personal data or sensitive information under a client’s account is accessed, disclosed, altered, or destroyed by an unauthorized party.

3. Roles & Responsibilities

Cerberus CRM as Service Provider

- We operate as a service provider/processor of data on behalf of our clients. If we become aware of a breach of personal data in our systems, our responsibility is to notify the affected client without undue delay.

Client as Controller/Business

- Each client of Cerberus CRM acts as the data controller/business for their end users. Clients are solely responsible for:

- Assessing the impact of a breach on their own end customers.

- Notifying regulators, affected individuals, or other third parties, as required by law.

- Taking all other remedial actions in connection with a breach.

4. Breach Notification

If Cerberus CRM becomes aware of a data breach:

- We will notify the affected client promptly and provide available details about the nature of the breach.

- We may provide reasonable cooperation or information to assist the client in meeting their own legal obligations.

- We will not notify end users, regulators, or third parties directly, unless specifically required by law.

5. Limitation of Liability

Cerberus CRM is not responsible or liable for:

- Any damages, losses, or claims arising from a data breach, including but not limited to loss of data, business interruption, or reputational harm.

- A client’s failure to comply with their own data protection obligations.

To the fullest extent permitted by law, Cerberus CRM’s liability for any claim relating to a data breach is strictly limited to the fees paid by the client for the three (3) months prior to the event, or $100 if no fees were paid.

6. Client Obligations

By using Cerberus CRM, clients agree to:

- Maintain appropriate data protection policies for their own end users.

- Notify their own customers and regulators in the event of a breach, in compliance with applicable laws (e.g., GDPR, CCPA, state data breach statutes).

- Indemnify and hold harmless Cerberus CRM from any claims or liabilities arising from a breach impacting their data or end users.

7. Policy Updates

Cerberus CRM may update this policy at any time. Clients will be notified of material changes. Continued use of the platform constitutes acceptance of the revised policy.

For additional details, please email us at [email protected]

Contact Us

Cerberus CRM

[email protected]