Privacy Policy — Calibrate CRM
Last updated: April 10, 2026 · Effective date: April 10, 2026
Google API Disclosure
Calibrate CRM's use of information received from Google APIs adheres to the
Google API Services User Data Policy,
including the Limited Use requirements. We do not use Gmail or Google Calendar data to serve advertisements,
train AI or machine learning models, or share data with third parties for any purpose other than
providing the Calibrate CRM service to you.
1. Who We Are
Calibrate CRM ("Calibrate CRM," "we," "our," or "us") operates a customer relationship management platform
accessible at calibratecrm.com. This Privacy Policy describes how we collect,
use, and protect personal data — including data obtained through Google APIs — when you use our services.
Our Gmail OAuth authentication gateway is operated at connectmail.calibratecrm.com.
All references to "the Service" include both domains.
2. Information We Collect
2.1 Account Information
When you or your company administrator creates a Calibrate CRM account, we collect:
- Name, business email address, and company name
- Billing information (processed by our payment provider; we do not store raw card numbers)
- Account credentials (passwords are hashed; API keys are stored as one-way hashes)
2.2 Google Account Data (Gmail & Calendar)
When you connect your Google account, we request access to the following Google API scopes.
Access is limited strictly to what is necessary to provide Calibrate CRM features:
- gmail.readonly — We read your incoming emails to sync contact conversation history into Calibrate CRM.
- gmail.send — We send emails on your behalf when you compose and send from within Calibrate CRM.
- gmail.modify — We apply CRM labels (e.g., "Calibrate CRM – Synced") to messages you log to deals, and mark emails as read when you open them in the CRM.
- calendar.events — We read and create Google Calendar events so you can schedule meetings, calls, and follow-ups from Calibrate CRM deal and contact pages.
- OpenID / profile / email — We verify the identity and email address of the Google account being connected to prevent mismatched accounts.
2.3 Usage Data
We automatically collect technical information including API request logs, event counts (emails sent/received, calendar events), and error logs for troubleshooting.
3. How We Use Your Information
3.1 Permitted Uses of Google API Data
We use data obtained from Google APIs only to provide and improve the Calibrate CRM service as described in this policy. Specifically:
- Displaying your email threads with contacts in the CRM timeline
- Sending emails from the CRM on your behalf
- Labeling and organizing emails you sync to deals
- Showing and creating calendar events within the CRM
- Notifying the CRM of new incoming emails in real time (via Gmail push notifications)
3.2 Prohibited Uses — Google API Data
We explicitly do NOT:
- Use Gmail or Calendar data to serve, retarget, or personalize advertisements
- Use Gmail or Calendar data to train, fine-tune, or evaluate any artificial intelligence or machine learning model
- Sell, rent, or transfer your Gmail or Calendar data to third parties
- Use Gmail data to build user profiles for any purpose beyond the CRM features you explicitly requested
- Allow humans to read your email content except: (a) with your express permission, (b) when required for security investigation, or (c) when legally compelled
- Combine Gmail data with data from other products or services to create advertising profiles
Our use of Google user data complies with the
Google API Services User Data Policy,
including its Limited Use requirements.
4. How We Store and Protect Your Data
4.1 Token Security
Your Google OAuth access tokens and refresh tokens are stored encrypted using AES-256-GCM authenticated encryption.
Encryption keys are stored separately from the encrypted data, in environment variables on production infrastructure.
Tokens are never logged or exposed in error messages.
4.2 Database Security
All data is stored in a Postgres database with TLS-encrypted connections. Database credentials are rotated periodically.
We use parameterized queries throughout to prevent SQL injection.
4.3 Transport Security
All connections to connectmail.calibratecrm.com and calibratecrm.com are encrypted via TLS 1.2+.
HTTP Strict Transport Security (HSTS) is enforced.
4.4 Access Controls
Per-tenant API keys authenticate all inbound CRM requests. Keys are stored as SHA-256 hashes; we have no ability
to retrieve a key in plaintext after issuance. Employees at Calibrate CRM do not have routine access to customer email content.
5. Data Sharing and Third Parties
We do not sell your personal data. We share data only with:
- Google LLC — to operate the Gmail and Calendar integration you requested
- Cloud infrastructure providers (hosting, database) — under strict data processing agreements, processing data only on our behalf
- Law enforcement — only when required by a valid legal process; we will notify you where legally permitted
6. Data Retention
We retain your Google OAuth tokens for as long as your account is active and you maintain the Gmail connection.
Email metadata synced into the CRM is retained for the duration of your subscription.
If you disconnect your Gmail account, your OAuth tokens are immediately revoked and deleted from our systems.
After account deletion, all personal data is permanently deleted within 30 days.
7. Your Rights — Revoking Gmail Access
You can revoke Calibrate CRM's access to your Gmail account at any time:
- Via this service: Visit connectmail.calibratecrm.com/disconnect and follow the instructions.
- Via Google Account settings: Go to myaccount.google.com/permissions, find "Calibrate CRM," and click "Remove Access."
- Via Calibrate CRM: Navigate to Settings → Integrations → Gmail → Disconnect.
Revoking access immediately invalidates your OAuth tokens.
To exercise additional data rights (access, correction, deletion, portability), contact us at
privacy@calibratecrm.com.
8. Children's Privacy
Calibrate CRM is a business-to-business service not directed at children under 13.
9. Changes to This Policy
Material changes will be communicated by email to account administrators at least 30 days before the change takes effect.
10. Contact Us
Email: privacy@calibratecrm.com
Website: calibratecrm.com