← Paper CRM

Privacy Policy

Last updated: April 19, 2025

Overview

Paper CRM is a personal sales tool that helps you manage contacts, track follow-ups, and send emails. We take your privacy seriously. We do not sell your data, share it with advertisers, or use it for any purpose beyond running the product for you.

What we collect

  • Account information — your email address when you sign up.
  • Contact data — names, emails, phone numbers, and companies you add to the CRM.
  • Notes and tasks — anything you log inside the app.
  • Email metadata — subjects and bodies of emails you send through the app, stored in your email logs.
  • Gmail tokens — OAuth access tokens used to send and (optionally) read email on your behalf. Tokens are encrypted at rest and never shared.

Gmail access

Paper CRM uses Google OAuth 2.0 to connect your Gmail account. We request only the scopes we need:

  • gmail.send — to send emails on your behalf from within the app.
  • gmail.readonly (optional) — only requested if you enable the Follow-ups feature, which reads your sent folder to surface unanswered emails. You can revoke this at any time in Settings.
  • userinfo.email — to identify which Gmail account is connected.

We do not read, index, or store the contents of your inbox beyond what is explicitly needed for the Follow-ups feature. Email body content used for follow-up suggestions is processed in memory and not permanently stored.

Paper CRM's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

How we use your data

  • To operate and personalise the CRM for you.
  • To generate AI-powered suggestions (follow-up drafts, action recommendations). Your data is sent to AI providers only for this purpose and is not used to train models.
  • To send emails you explicitly compose and initiate.

Data storage and security

All data is stored in Supabase with row-level security (RLS) enforced at the database level — only you can access your own data. We use HTTPS for all data in transit. OAuth tokens are stored securely and never exposed client-side.

Third-party services

  • Supabase — database and authentication.
  • OpenRouter / Google Gemini — AI text generation for email drafts and memory summaries.
  • Google Gmail API — sending and (optionally) reading email.
  • Vercel — hosting and deployment.

Each provider has their own privacy policy and data handling practices.

Data retention and deletion

Your data is retained for as long as your account is active. You can delete individual contacts, notes, and emails within the app at any time. To permanently delete your account and all associated data, email us at the address below.

Your rights

You have the right to access, correct, or delete your personal data at any time. To exercise these rights or ask any privacy-related questions, contact us at the address below.

Changes to this policy

We may update this policy occasionally. When we do, we'll update the date at the top of this page. Continued use of Paper CRM after changes constitutes acceptance of the updated policy.

Contact

Questions or requests? krishnagajipara215@gmail.com