Privacy Policy
Last updated: July 1, 2026
1. What we collect
Account information: your name, email address, brokerage, and phone number, provided at registration and through your Microsoft or Google sign-in profile.
Workspace data you store: contacts, deals, tasks, notes, campaigns, and messages you create or sync into your CRM workspace.
Connected-service data: if you connect Microsoft 365 or Google, we sync email, calendar, and task data as needed to power inbox, calendar, and task features. OAuth tokens are stored server-side and are never exposed to the browser.
Usage and log data: standard server logs (IP address, timestamps, requests) used for security and reliability.
2. How we use it
To operate the Service: displaying your pipeline, syncing your inbox and calendar, sending the emails and SMS messages you compose or schedule, and generating AI summaries and drafts you request.
To secure the Service: authentication, rate limiting, and abuse prevention.
We do not sell your data. We do not use your workspace data to advertise to you or to anyone else.
3. AI processing
AI features (contact summaries, drafted replies) send the relevant contact context to our AI provider (Anthropic) to generate the output you requested. This data is processed to provide the feature and is subject to the provider's data-use commitments for API customers.
4. Service providers
We use a small set of infrastructure providers to run the Service: Vercel (hosting), Neon (database), Microsoft and Google (sign-in and, if connected, email/calendar sync), Twilio (SMS), Resend (transactional email), and Anthropic (AI features). Each receives only the data needed to perform its function.
5. Data isolation
Every record in your workspace is scoped to your account. Other users of the Service cannot see your contacts, deals, messages, or settings.
6. Retention and deletion
We retain your workspace data while your account is active. If your access ends, you may request an export and deletion of your workspace by emailing [email protected]; we will complete deletion within 30 days, except where retention is required by law.
7. Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production systems is limited to the operator of the Service.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Contact [email protected] to exercise them.
9. Changes
We will update this policy as the Service evolves and revise the “Last updated” date above. Material changes will be communicated in the app or by email.
10. Contact
Privacy questions: [email protected].