Privacy Policy
This policy describes how we collect, use, and protect information in connection with the features provided by this application, including persona and contact management, email sequence automation, workflow scheduling, analytics and tracking, and integrations with Google services.
Information We Collect
Account data: email, name, hashed password, session information, preferences (e.g., daily reports). App data: personas, contacts, sequences, templates, workflows, and related settings. Email data: sender alias, recipient address, subject, timestamps, delivery status, and activity such as opens and unsubscribes. Tracking data: open tracking via a 1x1 image pixel and unsubscribe tokens processed through our tracking endpoints. Integration data: Google OAuth tokens and granted scopes to send email, read specific messages for reply detection, and fetch aliases. We only access data within the permissions you authorize. System data: logs, queue processing metadata, and Redis connection status for workflow automation.
How We Use Information
Authenticate users and maintain sessions. Manage personas, contacts, sequences, templates, and workflows you configure. Send emails via connected Gmail accounts using authorized scopes and aliases. Poll for replies to measure campaign performance and update contact states. Track opens and unsubscribe actions to provide reporting and compliance tooling. Schedule and queue automation tasks using Redis-backed workers. Improve reliability and user experience using aggregated, non-identifying analytics.
Legal Bases
We process data to fulfill our contract with you (providing the application), based on your consent (e.g., integrations), and for legitimate interests (improving security and service functionality).
Cookies and Tracking
Session cookies used for authentication and maintaining logged-in state. Tracking pixel for email open detection embedded in campaign emails. Unsubscribe links with tokens to honor opt-out requests. You can manage cookies in your browser settings; unsubscribes are processed instantly through the provided links.
Google App Disclosure
The application integrates with Google services (Gmail APIs) to enable email sending, alias management, and reply/bounce detection for campaign workflows. Data Accessed: Google profile and email (userinfo.profile, userinfo.email). Gmail read-only data (gmail.readonly): message metadata (IDs, thread IDs, headers, snippets, timestamps) used to detect replies and bounces. For bounces, some message body content may be read to classify status. Gmail send capability (gmail.send): sends campaign emails from connected accounts. Gmail settings basic (gmail.settings.basic): fetches Send As aliases to let you choose the sender identity. Contacts read-only (contacts.readonly): may be used to enrich contact data when configured. Data Usage: Authenticate your Google account and maintain tokens for authorized actions. Send emails on your behalf using Gmail with selected aliases. Poll Gmail to detect replies and bounce notifications by searching messages and reading minimal metadata. Update campaign analytics (open/unsubscribe tracking, reply/bounce status) and workflow automation. We do not use Google user data for advertising or sell it to third parties.
Data Sharing
We do not share Google user data with third parties, nor do we sell it. If you configure external email providers (e.g., SendGrid or Brevo) for non-Gmail sending, those providers only receive the email content you send through them and not your Google account data. Gmail content and tokens are not transferred to third-party providers.
Data Storage & Protection
Access and refresh tokens are stored in our server-side database tied to your account and are used solely to perform authorized actions. Passwords are hashed (e.g., bcrypt). Password reset tokens are hashed server-side before storage. Transport security (TLS/HTTPS) is enforced in production deployments; server access is restricted and monitored. We apply least-privilege access and log only what's necessary for reliability and auditing.
Data Retention & Deletion
Tokens and Google integration data are retained while the account remains connected. You can disconnect your Gmail account at any time from the Integrations page, which removes associated tokens and disables access. You may request deletion of your account and related data by contacting support. Some logs and aggregated analytics may persist for security and service integrity.
Third-Party Services
We rely on providers such as Google (Gmail APIs), Redis-backed queueing, and optional email services like SendGrid or Brevo if configured. Use of these services is subject to their terms; we access only within your granted permissions.
Data Security
Passwords are hashed (e.g., bcrypt) before storage. Tokens and secrets are stored securely; reset tokens are hashed server-side. Access is restricted to authorized services and accounts; least-privilege principles apply.
Data Retention
We retain account and application data for the duration of your use of the service and as necessary to comply with legal obligations. You may request deletion of your account data; certain logs may persist for security and audit purposes.
Contact
For questions about these terms or privacy practices, contact our support team. This policy reflects features present in the current application, including email automation, tracking, integrations, and workflow scheduling. If your deployment includes additional services, those may be covered by supplemental terms.