Privacy Policy

Laureo CRM ("Laureo," "we," "us," or "our") operates the customer relationship management platform available at app.laureo.io (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service, including information obtained through integrations with third-party services such as Google Workspace.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign up using a third-party identity provider, we receive basic profile information (name and email) from that provider.

1.2 CRM Data

You and your team members enter data into the Service, including contacts, companies, opportunities, activities, notes, tasks, and other business records. Laureo acts as a Data Processor for this CRM data; the subscribing organization (the “Customer”) is the Data Controllerand decides what data is entered, how it is used, and when it is deleted. CRM records are processed by us solely to provide the Service on the Customer's instructions. See Section 7 for how this affects data-subject requests.

1.3 Google Workspace Data

If you choose to connect your Google account, we may access the following data depending on the permissions you grant:

• Gmail: Email metadata (sender, recipient, subject, date, snippet, labels) and email bodies — used to log email activity against CRM contacts, send emails on your behalf, display correspondence, power full-text search and AI-assisted features (draft suggestions, smart replies, summaries), and manage your inbox (mark as read/unread, archive, move to trash, and restore). Email synchronization is push-based: when new mail arrives in your inbox, Gmail notifies the CRM via Google Cloud Pub/Sub and the metadata is captured in near-real-time. Email bodies are fetched from Gmail and stored in our database — sanitized (HTML is run through an industry-standard sanitizer on every write to prevent cross-site scripting) — for every synced email, regardless of whether it is matched to a CRM contact, so the in-CRM reading, search, and AI features work without re-fetching from Gmail on every interaction. We may fetch and store bodies either on-demand the first time you open an email in the CRM or proactively as part of background sync, depending on product configuration. Stored bodies are subject to strict automatic retention windows (see Section 6) and to organization-level privacy controls (see Section 6.1). The CRM also provides organizational features such as starring, snoozing, and custom CRM labels that are stored only within the CRM and do not modify your Gmail account.
• Google Calendar: Calendar events, attendees, and scheduling details — used to sync meetings and activities with your CRM records and enable scheduling features.
• Google Drive: File names, types, and metadata for documents you browse, attach, or link within the CRM — used to associate documents with CRM records. File content remains in Google Drive and is accessed via Google's own viewer when you open a linked file.
• Google Meet: Meeting transcripts and recordings stored in your Google Drive's Meet space — used to automatically link meeting notes and recordings to the corresponding CRM activity records. We always store file metadata (name, type, size, Drive reference URL, thumbnail) so that the files appear in the CRM. We may also fetch and store the content of transcripts and recordings in our database to power AI-assisted features such as meeting summaries, action-item extraction, and thread-aware replies. When transcript or recording content is stored, it is subject to the same organization-level privacy controls (Section 6.1) and retention behavior that apply to email bodies, and you can purge stored content at any time from Settings → Integrations.

We only access the minimum Google data necessary to provide the CRM features you have enabled. You can revoke Google access at any time from your account settings.

1.4 AI-Derived Data

When you use the CRM's AI-assisted features (email draft suggestions, smart replies, summaries, suggestion chips, meeting-note extraction, and similar), we may generate and store derivative data in your own organization's workspace. This includes:

• Per-user writing-style profiles: Summaries of your own writing style (such as typical greetings, sign-offs, formality, and sentence length) derived from your outbound email content and used only to personalize AI draft suggestions for your account. Stored only within your organization's workspace; never shared across users or organizations; never used to train generalized or third-party AI models.
• Cached AI outputs: Short-lived caches of AI-generated suggestion chips, summaries, and similar results keyed to the specific email or record they refer to, so repeat views within the cache window do not re-run the inference. Caches have a maximum lifetime of seven days.
• AI access logs: Metadata records of AI operations (action type, referenced email or record identifier, model used, token counts, timestamp) used for audit, rate-limiting, and cost accounting. Access logs do not contain the prompt or completion content.

Retention and deletion of AI-derived data are described in Section 6. You can delete your own writing-style profile at any time from Settings → Profile → Data Controls. Bulk deletion of cached AI outputs, the AI access log, or all user-level data is performed by an organization administrator from the Users management panel in Admin Settings, consistent with Laureo's role as a processor acting on the Customer's instructions (see Section 7).

1.5 Usage and Technical Data

We automatically collect technical information such as browser type, device type, IP address, pages visited, and feature usage patterns. This data is used to maintain, secure, and improve the Service.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Sync and display data from connected integrations (Gmail, Google Calendar, Google Drive, Google Meet)
• Send transactional communications (account verification, security alerts, billing notices)
• Monitor and improve Service performance, reliability, and security
• Respond to support requests
• Comply with legal obligations

We do not use your data — including any Google Workspace data — for advertising, marketing to third parties, or training generalized, shared, or third-party artificial intelligence or machine learning models. Our AI-powered features (such as email draft suggestions, smart replies, summaries, and meeting-note extraction) are served by a third-party AI inference provider operating under a Zero Data Retention agreement that we enforce on every request. The provider does not log, retain, or train on prompts or completions, and only routes to downstream model providers that contractually do not retain or train on customer data. Data sent to the provider is used solely to produce a single inference result for the active user request and is discarded at the provider side immediately afterward. No Google Workspace data or customer data is shared with any AI processor for training or fine-tuning any model.

We mayuse your own Google Workspace and CRM data to generate personalization profiles and cached AI outputs that are stored in your own organization's workspace (see Section 1.4) and used only to improve AI features for your own account. These per-user derivatives are never shared across users or organizations and never used to train any AI model that is distributed or used outside your organization.

3. Google Workspace APIs — Limited Use Disclosure

In accordance with Google's Limited Use requirements:

• We only use Google Workspace data to provide and improve the CRM features you have explicitly enabled.
• We do not transfer Google Workspace data to third parties unless it is necessary to provide the Service, required by law, or part of a merger or acquisition (with notice to you).
• We do not use Google Workspace data for serving advertisements.
• We do not use Google Workspace data to develop, improve, or train generalized, shared, or third-party AI or machine-learning models. AI-powered CRM features send your data to an inference provider operating under a Zero Data Retention agreement (see Section 5) — the provider does not retain, log, or train on that data. Separate from inference requests, we may generate personalization profiles and cached AI outputs from your own data and store them in your own organization's workspace (see Section 1.4); these per-user derivatives are never shared, sold, or used to train any AI model distributed outside your organization.
• We do not use Google Workspace data to determine creditworthiness or for lending, underwriting, insurance, or financial-qualification decisions.
• We do not allow humans to read your Google Workspace data unless: (a) you have given explicit consent for a specific message or file (e.g., for a support request), (b) it is necessary for security purposes (such as investigating a security incident), or (c) it is required to comply with applicable law.

4. Data Storage and Security

Your data is stored using cloud infrastructure providers and a managed database hosting provider. We implement industry-standard security measures, including:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at rest: Data stored in our databases and file storage systems is encrypted at rest using AES-256 or equivalent encryption.
• OAuth token protection: Access and refresh tokens for Google and other connected services are encrypted with AES-256-GCM at rest using a per-record initialization vector and authentication tag, versioned to support key rotation. Tokens are decrypted only inside the server-side integration pipeline and are never exposed to the browser.
• Access controls: Internal access to production systems is restricted to authorized personnel on a need-to-know basis, using multi-factor authentication and audit logging.
• Regular security reviews: We regularly review our security practices, dependencies, and infrastructure configuration.

5. Data Sharing

We do not sell your personal information or CRM data. We may share data with the following categories of recipients:

• Cloud infrastructure providers: To host and deliver the Service.
• Database hosting provider: To store your CRM data securely.
• Email delivery provider: To send transactional emails (account verification, notifications) on our behalf.
• Payment processor: To process subscription payments. We do not store your full credit card details.
• AI inference provider: To serve user-initiated AI features (email draft suggestions, smart replies, summaries, meeting-note extraction, and similar). We enforce Zero Data Retention on every request. The provider does not retain prompts or completions on its side, does not use customer data for model training, and does not permit human review of customer content. Downstream model providers accessed through this configuration operate under the same no-retention, no-training, and no-human-review terms for ZDR-enabled traffic. No Google Workspace data or personal information is used to train, fine-tune, or evaluate any AI model distributed outside your organization. Note that separately from the inference provider, the CRM may store AI outputs (such as generated suggestion chips) in your own organization's database for a short period to avoid re-running the same inference on repeat views — see Section 1.4.
• Analytics provider: To collect anonymized usage data that helps us improve the Service. No personally identifiable CRM data is shared for analytics.

All third-party service providers are bound by contractual obligations to process data only as instructed by us and to maintain appropriate security measures. We may also disclose information when required by law, regulation, or legal process.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account and CRM data: Retained while your account is active. Upon account deletion, your data is permanently deleted from our production systems within 30 days. Backups containing your data are purged within 90 days.
• Google Workspace data: Synced email metadata, email bodies, calendar events, Drive file metadata, meeting transcript links, and any stored transcript or recording content are retained while the Google integration is connected. When you disconnect the Google integration or delete your account, all synced Google data — including stored email bodies, stored transcript or recording content, and any ephemeral cache — is permanently deleted (see “Disconnect” below). AI-derived data is handled separately (see the AI-derived data bullet below).
• Trashed emails: Emails you move to the trash within the CRM (including any stored body content) are automatically and permanently deleted from our database 30 days after being trashed.
• Email bodies — storage model: Email bodies are fetched from Gmail and stored in our database (sanitized) for every synced email, whether or not it is matched to a CRM record, to power in-CRM reading, full-text search, and AI features. The stored body follows the same retention rules as the parent email row: retained while the Google integration is connected, and deleted together with the row on trash-auto-purge, disconnect, or account deletion. In addition to database storage, a short-lived ephemeral cache (up to 30 minutes) accelerates repeat views within a session and is purged on disconnect. See Section 6.1 for organization-level privacy controls that reduce or eliminate database body storage.
• Disconnect: When you disconnect the Google integration, the CRM synchronously deletes all synced email rows (metadata and bodies), calendar events, file-link metadata (including Meet transcript links and any stored transcript or recording content), and any ephemeral caches for that integration during the disconnect request. The disconnect completes only after deletion completes. AI-derived data listed below (writing-style profile, cached AI outputs, AI access log) is retained under its own schedules; it is fully removed on account deletion, can be deleted by an administrator at any time from the admin user-management panel, and — for the writing-style profile specifically — can be deleted by the user from Settings → Profile → Data Controls.
• AI-derived data (see Section 1.4):
  • Writing-style profile: Retained while the integration is connected and refreshed on a weekly basis. You can delete your own profile at any time from Settings → Profile → Data Controls. Organization administrators can also delete it from the admin user-management panel. Deleted on account deletion.
  • Cached AI outputs (suggestion chips, summaries): Automatically expire after seven days. A daily cleanup job permanently removes expired rows. Administrators can purge them immediately for any user from the admin user-management panel.
  • AI access log: Retained for up to thirteen months for audit and rate-limiting, then automatically purged. Contains action metadata only (never prompt or completion content). Administrators can purge the log for any user from the admin user-management panel.
• Usage and technical data: Retained in anonymized form for up to 12 months for security and service-improvement purposes.

6.1 Organization-Level Privacy Controls for Email Bodies

Organization administrators can further restrict how email bodies are stored, in addition to the retention windows above. These controls are available in the Service under Settings → Integrations → Email Privacy:

• Disable database body storage: When enabled (by turning off “Store email body content”), email bodies are kept only in the 30-minute ephemeral cache and are never persisted to our database. In this mode, repeat views within a 30-minute window are served from the cache; outside the window, bodies are re-fetched from Gmail on each view. Full-text search and some AI features may be reduced or unavailable in this mode.
• Per-sender exclusion list: Administrators can specify sender-address patterns whose bodies are never written to the database, regardless of the organization-level storage setting. Useful for compliance-sensitive communications (for example, communications with outside counsel or healthcare providers).
• Sensitive-content detection: When enabled, a content scanner runs before every database write; bodies containing detected personally identifiable information patterns (for example, US Social Security numbers, credit card numbers, medical terms) bypass database storage and remain only in the ephemeral cache.
• Organization-wide purge: Administrators can purge all stored email bodies for their organization at any time. Metadata (subject, sender, date, labels) is preserved; bodies are re-fetched from Gmail the next time each email is viewed.

7. Your Rights and Roles Under Data-Protection Law

For CRM records (contacts, companies, opportunities, activities, notes, synced emails, calendar events, file metadata, and similar), the subscribing organization is the Data Controller and Laureo is the Data Processor. That means data-subject requests concerning these records — whether from an employee who uses the CRM, a contact whose information is stored inside it, or any other individual — should be directed to the subscribing organization. Laureo processes such records only on the Controller's documented instructions, and will assist the Controller in fulfilling valid requests under our Data Processing Addendum.

For data that Laureo holds about you as a user of the Service itself — your account record, authentication data, billing information, and your personal writing-style profile — you have the following rights, exercisable directly with Laureo:

• Access: You can access and export a machine-readable copy of your AI-related personal data at any time from Settings → Profile → Data Controls (GDPR Art. 15 / CCPA §1798.110). For CRM data, the Service's built-in export features are available to administrators of the subscribing organization.
• Correction: You can update or correct your personal information directly within the Service. CRM records are corrected by administrators or users with appropriate permissions from the subscribing organization.
• Deletion: A user's own writing-style profile is deletable at Settings → Profile → Data Controls. Account-level deletion (and the bulk deletion of other per-user data — cached AI outputs, AI access log, synced-email caches) is performed by an administrator of the subscribing organization from the admin user-management panel. Deletion of a CRM record about a third party, or of an entire employee account, is processed by the organization's administrator under its Controller obligations. Requests concerning Laureo's own processing (for example, billing records, account-creation events) can be sent to privacy@laureo.io and will be completed within 30 days.
• Revoke Google access: You can disconnect the Google integration at any time from your account settings. You can also revoke Laureo CRM's access to your Google account directly from your Google Account permissions page.
• Data portability: You can request a machine-readable export of your data. For your own AI-derived data, use the export button on Settings → Profile → Data Controls. For CRM data, administrators can export from the Service's data-management features.

If the subscribing organization fails to respond to a request in a timely manner, or if you believe Laureo itself has mishandled your personal data, you may contact us directly at privacy@laureo.io, and — if the organization is established in the EU, UK, or California — you have the right to lodge a complaint with your supervisory authority.

8. Cookies

The Laureo web app at app.laureo.io uses only first-party session cookies to authenticate you and to maintain your preferences, and it loads no third-party analytics or tracking scripts.

The marketing site at laureo.iouses privacy-preserving Google Analytics 4 cookies (with IP anonymization enabled) only after you click "Accept" on the cookie banner. If you decline or ignore the banner, no analytics cookies are set. We do not use advertising, ad-retargeting, or cross-site tracking cookies on either surface.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact us at privacy@laureo.io.