Privacy Policy

Last updated: July 1, 2026

1. What we collect

Account information: your name, email address, brokerage, and phone number, provided at registration and through your Microsoft or Google sign-in profile.

Workspace data you store: contacts, deals, tasks, notes, campaigns, and messages you create or sync into your CRM workspace.

Connected-service data: if you connect Microsoft 365 or Google, we sync email, calendar, and task data as needed to power inbox, calendar, and task features. OAuth tokens are stored server-side and are never exposed to the browser.

Usage and log data: standard server logs (IP address, timestamps, requests) used for security and reliability.

2. How we use it

To operate the Service: displaying your pipeline, syncing your inbox and calendar, sending the emails and SMS messages you compose or schedule, and generating AI summaries and drafts you request.

To secure the Service: authentication, rate limiting, and abuse prevention.

We do not sell your data. We do not use your workspace data to advertise to you or to anyone else.

3. AI processing

AI features (contact summaries, drafted replies) send the relevant contact context to our AI provider (Anthropic) to generate the output you requested. This data is processed to provide the feature and is subject to the provider's data-use commitments for API customers.

4. Service providers

We use a small set of infrastructure providers to run the Service: Vercel (hosting), Neon (database), Microsoft and Google (sign-in and, if connected, email/calendar sync), Twilio (SMS), Resend (transactional email), and Anthropic (AI features). Each receives only the data needed to perform its function.

5. Data isolation

Every record in your workspace is scoped to your account. Other users of the Service cannot see your contacts, deals, messages, or settings.

6. Retention and deletion

We retain your workspace data while your account is active. If your access ends, you may request an export and deletion of your workspace by emailing [email protected]; we will complete deletion within 30 days, except where retention is required by law.

7. Security

Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production systems is limited to the operator of the Service.

8. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Contact [email protected] to exercise them.

9. Changes

We will update this policy as the Service evolves and revise the “Last updated” date above. Material changes will be communicated in the app or by email.

10. Contact

Privacy questions: [email protected].