Privacy Policy

Last updated: January 2025

Overview

At RetainerBot, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding that data.

We're built for agencies, and we understand how sensitive client communication data is. We've designed our entire system with privacy and security as the foundation.

What Data We Collect

Account Information

  • Name, email address, and company name
  • Billing information (processed securely through Stripe)
  • Team member information you choose to add

Email Data (Gmail Integration)

  • Email content from conversations with your designated clients
  • Email metadata (timestamps, participants, response times)
  • We only access emails for clients you've explicitly added to RetainerBot

Usage Data

  • How you interact with our platform (features used, pages viewed)
  • Device information and IP addresses
  • Error logs and performance data

Gmail Data Collection & Use

What Gmail Data We Access

When you connect your Gmail account to RetainerBot, we access:

  • Email content (subject, body, headers) from conversations with clients you've designated
  • Email metadata (timestamps, sender/recipient information, thread IDs)
  • Email participants and addresses

Read-Only Access (gmail.readonly scope)

We request read-only access to your Gmail, which means:

  • ✅ We CAN read your emails
  • ❌ We CANNOT send, delete, or modify emails
  • ❌ We CANNOT access emails outside your designated client list

How We Use Gmail Data

Gmail data is used exclusively to:

  • Sync email threads with your designated clients
  • Analyze communication patterns (response times, frequency)
  • Provide AI-powered insights on client relationships
  • Calculate risk scores and client health metrics
  • Generate account management recommendations

What We DON'T Do With Gmail Data

  • We DO NOT sell your Gmail data to anyone
  • We DO NOT use it for advertising or marketing
  • We DO NOT share it with unauthorized third parties
  • We DO NOT access emails unrelated to your designated clients
  • We DO NOT use your data to train general AI models

Google API Services Compliance

RetainerBot's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This means:

  • We only request the minimum necessary Gmail scopes for our features
  • Gmail data is used only to provide user-facing features you explicitly enable
  • We do not transfer Gmail data to third parties except as necessary to provide the service or as required by law
  • Gmail data is not used for serving advertisements
  • Humans do not read Gmail data unless you give explicit consent for support purposes, it's necessary for security, or required by law

Data Minimization

We follow the principle of data minimization to protect your privacy:

  • We only access emails for clients you explicitly add to RetainerBot
  • We do not sync your entire Gmail inbox
  • We filter emails by specific client email addresses and domains you designate
  • We automatically exclude marketing and promotional emails from analysis
  • We store only the minimum data needed to provide analysis and insights

How We Use Your Data

We use your data exclusively to:

  • Provide churn prediction and client health analysis
  • Generate insights and recommendations for your clients
  • Improve our service and fix bugs
  • Send you important product updates and security alerts
  • Process billing and maintain your account

We NEVER:

  • Sell your data to third parties
  • Use your client emails to train our general AI models
  • Share your data with advertisers or marketers
  • Access emails outside of your designated client list

Data Security

We protect your data with:

  • Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • OAuth: Secure, read-only Gmail access using Google's OAuth 2.0
  • Infrastructure: Hosted on SOC 2 compliant cloud providers
  • Access controls: Strict internal policies limiting who can access data
  • Regular audits: Third-party security assessments quarterly

Your Rights

You have the right to:

  • Access: Request a copy of all data we have about you
  • Correction: Update or correct any inaccurate information
  • Deletion: Request deletion of your data (within legal retention limits)
  • Export: Download your data in a portable format
  • Revoke access: Disconnect Gmail integration at any time

To exercise these rights, email us at privacy@retainerbot.com

How to Revoke Gmail Access

You can revoke RetainerBot's access to your Gmail at any time using either of these methods:

Option 1: Within RetainerBot (Recommended)

  1. Go to Settings → Integrations (or Connected Accounts)
  2. Click "Disconnect" or "Remove" next to your Gmail account
  3. Confirm removal
  4. We will immediately stop accessing your Gmail and delete stored OAuth tokens

Option 2: Via Google Account Settings

  1. Go to Google Account Permissions
  2. Find "RetainerBot" in the list of connected apps
  3. Click "Remove Access"
  4. This immediately revokes our access to your Gmail

What Happens After Revocation

  • We immediately stop syncing new emails
  • Stored OAuth tokens are deleted from our database
  • Previously synced email data can be deleted upon request
  • Analysis results remain unless you request deletion
  • You can reconnect your Gmail account at any time

Data Retention

We retain your data only as long as necessary to provide our service:

  • Active account data is retained while your subscription is active
  • After cancellation, we retain data for 30 days to allow reactivation
  • Billing records kept for 7 years for legal/tax compliance
  • Anonymized usage data may be retained indefinitely for analytics

Third-Party Services

We use carefully selected third-party services:

  • Google (Gmail): OAuth authentication and email access for syncing client communications
  • Stripe: Payment processing (we never see full credit card numbers)
  • AI Service Providers: We use third-party AI services to analyze email content and generate insights. These services process data via API and do not use your data for training their models.
  • Cloud Infrastructure: Secure hosting and data storage on SOC 2 compliant providers

All third-party services are bound by strict data processing agreements and meet our security standards.

Cookies

We use minimal cookies for:

  • Authentication (keeping you logged in)
  • Security (CSRF protection)
  • Preferences (dark mode, language)

We do not use advertising cookies or tracking pixels.

International Data Transfers

RetainerBot is based in the United States. If you're using our service from outside the US, your data will be transferred to and processed in the US. We ensure all transfers comply with GDPR and other applicable data protection laws.

Children's Privacy

RetainerBot is not intended for use by anyone under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy occasionally. We'll notify you of significant changes via email and update the "Last updated" date at the top. Your continued use after changes indicates acceptance.

Contact Us

Questions about privacy? We're here to help: