Privacy Policy
Last updated: April 02, 2026
Summary
We collect only what's needed to run Leads Manager. Your email data stays private — we never sell it or use it for ads. You can disconnect your accounts and request data deletion at any time.
1 Introduction
Leads Manager ("we," "our," or "us") is a customer relationship management (CRM) and email management application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.
2 Information We Collect
Account Information
When you create an account, we collect:
- First and last name
- Email address
- Password (stored securely using bcrypt hashing)
Email Data (via Google Gmail API)
When you connect your Gmail account, we access and store:
- Email messages (subject, body, sender, recipient, date)
- Email thread metadata
- Email labels and read status
We request the following Gmail API scopes:
Lead and Contact Data
Information you manually enter about your business leads:
- Contact names, email addresses, phone numbers
- Company names and notes
- Lead status and communication history
Knowledge Base Documents
Documents you upload or create for AI-powered email drafting context, including text content and generated embeddings.
3 How We Use Your Information
- Provide and maintain the CRM and email management features
- Sync and display your email communications
- Send emails on your behalf when you compose and approve messages
- Generate AI-powered email draft suggestions using your knowledge base
- Track and manage your business leads and communication history
- Authenticate your identity and secure your account
4 Google API Services — Limited Use Disclosure
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- We do not use Gmail data for advertising purposes
- We do not sell Gmail data to third parties
- We do not use Gmail data to build user profiles for advertising or marketing
- We only use Gmail data to provide and improve the email management features
- Human access to Gmail data is limited to security purposes, legal compliance, or with your explicit consent
5 Data Storage and Security
Encrypted Passwords
bcrypt hashing, never stored in plain text
Encrypted Tokens
OAuth & SMTP credentials encrypted at rest
HTTPS/TLS
All data transmitted over secure connections
Secure Sessions
Signed, HTTP-only cookies
Secure File Storage
File uploads stored securely via AWS S3 with restricted access
6 Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
AI Processing
Email content and knowledge base data may be sent to OpenAI's API for generating drafts. This data is not used to train their models.
Legal Requirements
If required by law, regulation, or legal process.
Service Providers
AWS for hosting and file storage, Google Cloud for Gmail API integration.
7 Data Retention and Deletion
You can disconnect your Gmail account at any time through the Email Accounts settings page. Upon disconnection, your OAuth tokens are revoked and deleted.
To request complete deletion of your account and all associated data, please contact us at the email address below.
8 Your Rights
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Disconnect your Google account and revoke our access at any time
- Revoke access via your Google Account permissions
9 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
10 Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: