BizCrush Inc. (“Company,” “we,” “our,” or “us”), a Delaware C-Corporation, operates the BizCrush service (“Service”). We are committed to protecting your personal information and complying with applicable privacy laws, including the California Consumer Privacy Act (CCPA) and California Online Privacy Protection Act (CalOPPA). This Privacy Policy explains what personal information we collect through BizCrush, how we use and share it, and your rights regarding this information.

BizCrush is intended for users 18 years of age or older. We do not knowingly allow anyone under 18 to register or use the Service.

1. Personal Information We Collect and Use

We collect only the information necessary to provide and improve the Service:

• Account Registration: Email address and name.

• Profile Information (Optional): Company name, title, profile photo, and other details you choose to provide.

• Meeting Records: Audio recordings, transcripts, summaries, and notes generated during meetings.

• CRM Integration: If you connect Salesforce, HubSpot, Notion, or other CRMs, we process the necessary tokens/credentials to sync your data.

• Payments: Limited billing information is collected by secure processors (Apple, Google, Stripe).

• Customer Support: Name, email, and message content.

• Automatic Data Collection: Device type, OS version, IP address, and usage logs for analytics and diagnostics.

• Gmail OAuth Data (optional): Additional details are described in Section 2 below.

2. Gmail Integration (Google OAuth)

BizCrush offers an optional Gmail integration that allows you to send follow-up emails directly inside the Service. Gmail integration is strictly opt-in and requires your explicit consent.

2-1. Gmail Information We Access

When you connect Gmail, we may access only the minimum information required to operate the feature:

• Your Gmail address

• Your Google account ID

• Your Google profile name and profile image

• Your Gmail signature

• Email metadata (To, From, CC, BCC, Subject)

• The content of emails you create or send using BizCrush

We do not access your Gmail inbox, email history, search data, Gmail drafts, attachments, labels, or threads unless you explicitly include them inside BizCrush.

2-2. Gmail Information We Store

To enable email sending and follow-up functionality, we store only the following:

• Encrypted OAuth tokens

• Your Gmail address

• Your Google user ID

• Your Gmail signature (cached)

• Your Gmail profile image (cached)

• Emails you create or send through BizCrush

We do not store unrelated inbox content or Gmail data that is not created through BizCrush.

2-3. How We Use Gmail Data

Your Gmail data is used strictly to:

• Send emails that you voluntarily initiate

• Generate and draft follow-up emails

• Display your Gmail signature and profile image

• Sync follow-up emails to your connected CRM (only with your authorization)

• Show a history of emails you created through BizCrush

• Maintain your Gmail OAuth session

We do not use Gmail data for advertising, data sales, profiling, cross-context tracking, or machine learning model training.

We comply fully with Google’s API Services User Data Policy, including Limited Use requirements.

2-4. Retention, Revocation, and Deletion of Gmail Data

• OAuth tokens are deleted immediately when you disconnect Gmail.

• Cached Gmail signature and profile metadata are deleted upon disconnection.

• Emails created inside BizCrush remain until you delete them or delete your account.

• No Gmail data is kept beyond what is required for email sending.

• You may revoke Gmail access at any time via BizCrush settings or through Google’s permissions page: https://myaccount.google.com/permissions

Once revoked, all Gmail-related data stored by BizCrush is automatically deleted.

3. Sharing of Personal Information and Service Providers

We do not sell your personal information. We share it only as necessary:

• Payment Processors: Apple, Google, Stripe

• CRM Integrations: Only when you choose to connect them

• Analytics Providers: Firebase, Google Analytics, Amplitude

• Gmail Integration: Gmail data is shared only with Google to send emails you authorize

• Contractors: Bound by confidentiality obligations

• Legal Authorities: When required by court order or applicable law

All third parties are required to protect your information.

4. Retention of Personal Information

• Account data: deleted when you delete your account

• Meeting records: retained until deleted

• Payment records: retained up to 5 years

• Support records: retained up to 1 year

• Usage logs: retained up to 1 year, then anonymized

• Gmail signature/profile data: deleted upon disconnection

• OAuth tokens: deleted upon revocation

• Emails sent via BizCrush: retained until deleted by you

5. Disposal of Personal Information

When data is no longer needed, we securely delete or anonymize it.

Electronic data is permanently deleted or overwritten, and physical documents (if any) are shredded.

6. Your Rights

Depending on your region, you may request:

• Access to your data

• Correction of inaccurate information

• Deletion of your data

• Restriction of processing

• Withdrawal of consent (including Gmail OAuth access)

• A portable copy of your data

Requests can be made through in-app settings or via email at privacy@bizcrush.ai.

7. Member Responsibilities

Members must:

• Keep account credentials secure

• Not misuse or share other users’ information

• Use BizCrush for lawful and professional purposes

8. Technical and Administrative Measures

We implement safeguards including:

• TLS/HTTPS encryption

• Encrypted OAuth token storage

• Access control and monitoring

• Employee security training

• Incident response protocols

No system is 100% secure, but we continuously improve our protections.

9. Processing of Pseudonymized / Aggregated Data

We may use anonymized or pseudonymized data for analytics, research, and product improvement. Such data cannot identify individuals.

10. Contact Information of the Privacy Officer

11. Miscellaneous

• Third-party links are governed by their own privacy policies.

• Data may be transferred internationally with appropriate safeguards.

• We do not knowingly collect data from minors under 18.

12. Notification of Changes

We may update this Privacy Policy:

• Minor updates: 7-day notice

• Major updates: 30-day notice

• Renewed consent when required

The effective date indicates when the latest version takes effect.

13. Additional Privacy Disclosures for California Residents

Under the CCPA/CPRA, California residents may:

• Request to know what personal information is collected

• Request deletion

• Request correction

• Opt-out of data sales/sharing (BizCrush does not sell or share data)

• Exercise rights without discrimination

• Request disclosures from the last 12 months

Requests must be sent to privacy@bizcrush.ai with the subject “CCPA Request.”

Identity verification may be required.