Outbound calls and SMS from CasmoZ are routed through downstream provider accounts. CasmoZ-as-platform does not auto-dial without provider consent. We honor the National DNC registry, internal opt-outs (STOP keywords on SMS, "remove me" on calls), and time-of-day windows configurable per provider via the /compliance dashboard.

All marketing email sent through CasmoZ-managed campaigns includes the sender's physical postal address (from the provider's configured business address), a single-click unsubscribe header, and an in-body opt-out link. Unsubscribes propagate within 10 business days as required. CasmoZ never re-engages an opted-out recipient.

CasmoZ aggregates data from 300+ public datasets — municipal permits, parcel records, census, federal filings (SEC, NPPES, FMCSA, IRS, SAM, OSHA), state licensing boards. We do NOT use scraped private databases, leaked credentials, or paid people-search services. All ingested data is publicly available under FOIA, Open Records, or the respective agency's open-data licensing.

CasmoZ is US-focused but accepts data subject access, deletion, and portability requests from any jurisdiction within 30 days. Email privacy@casmoz.com with proof of identity and the lead/contact identifier. Removal propagates across our cross-reference indexes within 7 business days. We do not sell personal data; the "Do Not Sell My Personal Information" link below is a no-op for that reason.

Massachusetts (MA G.L. c. 93H) breach notification: 30 days. California (CCPA) opt-out: honored automatically. Florida (FIPA), Maryland (Maryland Online Consumer Protection Act), Texas (Texas DPSA) — handled identically via the same removal pipeline. State Attorneys General can contact legal@casmoz.com for compliance correspondence.

TLS 1.2+ in transit, AES-256 at rest for sensitive fields (phone, email, SSN if surfaced), bcrypt for password hashes, JWT in HttpOnly cookies for sessions. Penetration testing annually. Incident response within 24h. Service-level uptime target 99.5%. No payment-card data is stored (Stripe-managed).