SquidERP
Sign inStart free trial

Privacy Policy

Effective May 12, 2026

1. Who we are

SquidERP (“SquidERP,” “we,” “us,” or “our”) provides a cloud-hosted ERP, order-management, and operations platform. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our marketing site, customer portal, hosted tenant subdomains (*.squiderp.net), and any SMS messages we send.

2. Information we collect

We collect only the information needed to operate the service:

  • Account information— name, business name, work email address, mobile phone number, role, and the password you set (stored as a one-way hash; we never see your plain password).
  • Billing information— billing address and the last four digits and brand of your payment card. Full card numbers are handled directly by our PCI-compliant payment processor and are never stored on our servers.
  • Operational data you enter— customers, orders, inventory, invoices, and similar records you create inside your tenant.
  • Technical data— IP address, browser type, device information, pages visited, and timestamps, collected via cookies and standard server logs for security and troubleshooting.

3. How we use information

We use the information above to:

  • Provision and operate your tenant and user accounts.
  • Authenticate sign-ins, including sending two-factor authentication codes by SMS or email when enabled.
  • Send transactional notifications you or your administrators request — user invitations, order updates, shipment notifications, password and verification messages, and similar service communications.
  • Process payments, prevent fraud, and bill for usage.
  • Provide support, investigate incidents, and improve reliability and security of the service.
  • Comply with legal obligations.

4. SMS / text messaging

SquidERP sends transactional SMS messages to users and customers of our hosted ERP / order-management platform. Messages include user-invitation links to accept access to a tenant, one-time verification codes for two-factor authentication, and order / shipment status updates that tenant administrators configure for their customers. We do not send marketing or promotional content over SMS.

Call to Action / how users opt in. A mobile phone number is only added to a SquidERP account when one of the following happens, and in each case the person providing the number is shown the consent disclosure below before any SMS is sent:

  • Administrator-added user. A tenant administrator adds the user from inside their SquidERPtenant and enters the user’s mobile number. The administrator must confirm that the user has agreed to receive transactional SMS (account invitations, verification codes, account-security alerts) before the record can be saved. The user then receives the invitation SMS containing a single-use accept-invite link.
  • Customer-provided number for order updates. An end customer of a SquidERP tenant submits their phone number at checkout or order entry, on a form operated by that tenant. The form displays the consent disclosure below and requires the customer to confirm before the order can be submitted.
  • User-enabled two-factor authentication. A signed-in user enables SMS-based two-factor authentication from their account settings and enters and verifies their mobile number. The consent disclosure below is shown on the same screen and the user must verify the number with a code before SMS 2FA is activated.

Consent disclosure shown at each opt-in point:

By providing your phone number, you agree to receive transactional SMS messages from SquidERPrelated to account access, verification codes, invitations, and order updates. Message frequency varies. Msg & data rates may apply. Reply HELP for help, STOP to cancel.
  • Program name: SquidERP Notifications.
  • Message types:account invitations, one-time verification / 2FA codes, password & account-security notifications, and order or shipment updates.
  • Message frequency is not fixed and varies based on your account activity (for example, each invitation, each 2FA-triggered sign-in, and each order or shipment event configured by the tenant administrator).
  • Message and data rates may apply from your mobile carrier.
  • Reply HELP to any message for assistance, or email hello@squiderp.com.
  • Reply STOP to any message to opt out. After STOP you will receive one final confirmation message and no further SMS. To resume, sign in and re-enter your mobile number, or reply START.
  • Carriers are not liable for delayed or undelivered messages.
  • No mobile information is sold or shared with third parties or affiliates for marketing or promotional purposes. Mobile phone numbers and SMS opt-in data are not shared with third parties for marketing under any circumstances.

5. How we share information

We do not sell personal information and we do not share it for third-party marketing. We share information only with:

  • Service providersacting on our behalf under written agreements — for example, cloud hosting (Microsoft Azure, Google Cloud), email delivery (Resend), SMS delivery (Twilio), and payment processing (Stripe). These providers may only use the information to deliver the service to us.
  • Your administrators— the organization that owns your tenant can view and manage data within that tenant.
  • Legal authorities when required by law, subpoena, or to protect rights, safety, or property.
  • Successors in the event of a merger, acquisition, or sale of assets, subject to this Policy.

6. Data retention

We retain account and operational data for as long as your subscription is active and for a reasonable period thereafter to meet legal, tax, and audit requirements. You may request export or deletion of your data by emailing hello@squiderp.com.

7. Security

We use TLS in transit, encryption at rest for stored credentials and sensitive fields, role-based access control, network isolation between tenants, and routine backups. No system is perfectly secure; we encourage strong passwords and enabling two-factor authentication.

8. Your choices and rights

Depending on where you live, you may have the right to access, correct, or delete your personal information, to object to processing, or to receive a portable copy. You can exercise these rights by emailing hello@squiderp.com from the address on your account. You can also unsubscribe from SMS at any time by replying STOP.

9. International users

Our servers are operated in the United States and the European Union. By using the service you understand that information may be processed in countries different from your own.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the new effective date at the top of this page, and material changes will be announced to account administrators by email.

11. Contact

Questions about this Policy can be sent to hello@squiderp.com.