Beeasy.ai Privacy Policy

1. Introduction

1.1 About This Policy

Beeasy.ai ("we," "our," or "us") operates the AI-powered CRM and email automation platform accessible at www.beeasy.ai and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1.2 What is Beeasy.ai?

Beeasy.ai is an AI-powered business intelligence and CRM platform that provides:

• Email Automation: Intelligent email processing and CRM integration
• CRM Management: Contact, deal, and brand relationship management
• Task Management: Project organization and team collaboration
• Social Media Management: Multi-platform social media posting and analytics
• AI-Powered Insights: Automated business intelligence and recommendations

1.3 Your Consent

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Service.

---

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Personal Details: Name, email address, phone number
• Profile Information: Job title, company information, profile picture
• Authentication Data: Google OAuth credentials, encrypted authentication tokens, session data
• Account Settings: Preferences, notification settings, timezone

2.2 CRM and Business Data

As part of our CRM functionality, we collect and process:

• Contact Information: Names, email addresses, phone numbers, job titles of your contacts
• Deal Information: Deal titles, values, stages, expected close dates, notes
• Brand/Company Data: Company names, domains, contact information
• Task Data: Task titles, descriptions, due dates, priorities, assignments
• Communication History: Email threads, meeting notes, activity logs

2.3 Email Integration Data

When you connect your Gmail account, we collect:

• Email Metadata: Sender, recipient, subject, timestamps, thread IDs
• Email Content: Message content for AI analysis and CRM integration
• Email Attachments: File names and metadata (content not stored)
• Email Analytics: Open rates, response times, engagement metrics

2.4 Social Media Integration Data

When you connect social media accounts (Facebook, Instagram, YouTube, TikTok), we collect:

• Account Information: Platform, account name, handle, follower count
• Post Data: Content, hashtags, mentions, scheduling information
• Analytics Data: Engagement metrics, reach, impressions
• OAuth Tokens: Encrypted access tokens for platform integration

2.5 Usage and Analytics Data

We automatically collect information about how you use our Service:

• Usage Patterns: Features used, time spent, navigation paths
• Performance Data: Page load times, error logs, system performance
• Device Information: Browser type, operating system, device identifiers
• IP Address: For security and analytics purposes

2.6 AI Processing Data

For our AI-powered features, we process:

• Email Content: Temporarily for classification and CRM integration
• Business Intelligence: Extracted insights, patterns, and recommendations
• User Preferences: AI model preferences, response templates, automation rules

---

3. How We Use Your Information

3.1 Core Service Provision

We use your information to:

• Provide CRM Services: Manage contacts, deals, brands, and tasks
• Email Automation: Process emails, create CRM records, generate responses
• Social Media Management: Schedule posts, track analytics, manage accounts
• AI-Powered Insights: Generate business intelligence and recommendations
• Task Management: Organize projects, assign tasks, track progress

3.2 AI and Machine Learning

We use your data to:

• Email Classification: Categorize emails using our 3-tier AI system
• Deal Intelligence: Automatically create and update deals from email content
• Contact Extraction: Identify and create contact records from email signatures
• Brand Detection: Recognize and create brand profiles from email domains
• Predictive Analytics: Provide business insights and recommendations

3.3 Service Improvement

We analyze usage data to:

• Enhance Features: Improve existing functionality and develop new features
• Performance Optimization: Optimize system performance and reliability
• User Experience: Personalize the interface and improve usability
• AI Feature Improvement: Improve personalized AI features for your individual account (Google API data is never used to train generalized or foundational AI models; see our Google API Services Limited Use Disclosure below)

3.4 Communication

We use your contact information to:

• Service Notifications: Send important updates about your account
• Support Communications: Respond to your inquiries and provide assistance
• Product Updates: Inform you about new features and improvements
• Marketing Communications: Send promotional content (with your consent)

3.5 Legal Basis for Processing (GDPR)

When processing personal data under GDPR, we rely on:

• Contract Performance: Processing necessary for providing our Service
• Legitimate Interests: Improving our Service and developing new features
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

---

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted service providers who assist us in operating our Service:

Cloud Infrastructure:

• Supabase: Database hosting and authentication services
• Google Cloud: Email processing and AI services
• AWS/Other Cloud Providers: Additional infrastructure services

AI and Analytics:

• OpenAI: AI processing for email classification and content generation
• Google AI Services: Machine learning and natural language processing
• Analytics Providers: Usage analytics and performance monitoring

Email and Communication:

• Gmail API: Email integration and processing
• Google Calendar API: Calendar event management and scheduling
• Google Contacts API: Contact import (read-only)
• Email Service Providers: Transactional and marketing emails

Social Media Platforms:

• Facebook/Meta: Social media posting and analytics
• Instagram: Visual content and story management
• YouTube: Video content posting and analytics
• TikTok: Video content and engagement

4.2 Data Protection Requirements

All third-party service providers are contractually obligated to:

• Use your information only for the purposes we specify
• Implement appropriate security measures
• Comply with applicable privacy laws
• Not sell or disclose your information to other parties

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, etc.)
• Government investigations
• Protection of our rights and property
• Prevention of fraud or illegal activities
• Protection of user safety

---

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Multi-factor authentication and role-based access controls
• Network Security: Firewalls, intrusion detection, and secure network architecture
• Regular Security Assessments: Ongoing security audits and vulnerability testing

Organizational Safeguards:

• Employee Training: Regular security awareness training for all staff
• Confidentiality Agreements: All employees sign strict confidentiality agreements
• Access Monitoring: Continuous monitoring of data access and usage
• Incident Response: Comprehensive incident response procedures

5.2 Data Breach Response

In the event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours (where required by law)
• Report the breach to relevant authorities
• Take immediate steps to contain and remediate the breach
• Provide guidance on protective measures you can take

5.3 OAuth Token Security

Your OAuth tokens for third-party integrations are:

• Encrypted using AES-256-GCM encryption
• Stored securely in our database
• Never transmitted in plain text
• Automatically refreshed to maintain security

---

6. Data Retention

6.1 Retention Periods

We retain your information for different periods depending on the type of data:

• Account Information: Retained for the duration of your account plus 2 years after account closure
• CRM Data: Retained for the duration of your account plus 1 year after account closure
• Email Processing Data: Retained for 90 days for processing, then permanently deleted
• Analytics Data: Retained for 2 years in aggregated, anonymized form
• OAuth Tokens: Retained until revoked or account closure
• Audit Logs: Retained for 1 year for security and compliance purposes

6.2 Account Deletion

You can permanently delete your account through Settings > Google Integration > Delete Account. When you delete your account:

Immediately and permanently deleted:

• Google OAuth tokens (revoked with Google's servers and deleted from our database)
• Email analysis, AI insights, and all processing history
• Your user profile, preferences, and login credentials
• Notification settings, push tokens, and consent records
• AI conversation history and generated content

Preserved for your team (if applicable):

• Records you created in shared workspaces (deals, people, brands, tasks, activities) remain accessible to other workspace members with your name disassociated

Workspace deletion option:

• If you are the sole administrator of a workspace, you may choose to delete the entire workspace and all its data along with your account

6.3 Deletion Procedures

When retention periods expire or you request deletion, we will:

• Securely delete or anonymize your personal information
• Revoke all third-party OAuth tokens with their respective providers
• Remove data from all systems and backups
• Provide confirmation of deletion upon request
• Ensure compliance with applicable data protection laws

---

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Receive a copy of your data in a portable format (JSON, CSV)
• Request correction of inaccurate information
• Request completion of incomplete information

7.2 Deletion and Restriction

You have the right to:

• Request deletion of your personal information
• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Withdraw consent at any time

7.3 Data Portability

You can export your data through our Service:

• CRM Data: Export contacts, deals, and brands in CSV format
• Task Data: Export tasks and projects in various formats
• Analytics Data: Export usage and performance data
• Settings: Export account preferences and configurations

7.4 Exercising Your Rights

To exercise your rights, please contact us at tanner.hatch@beeasy.ai with:

• Your full name and contact information
• Description of the right you wish to exercise
• Any relevant account information for verification

We will respond to your request within 30 days (or as required by applicable law).

7.5 Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.

---

8. Cookies and Tracking Technologies

8.1 Types of Cookies

We use the following types of cookies:

Essential Cookies: Required for basic Service functionality

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

Performance Cookies: Help us understand how you use our Service

• Usage analytics and performance monitoring
• Error tracking and debugging
• Feature usage statistics

Functionality Cookies: Remember your preferences and settings

• User interface preferences
• Language and timezone settings
• Customization options

8.2 Third-Party Cookies

We may use third-party services that set their own cookies:

• Sentry for error tracking and performance monitoring
• Social Media Platforms for social sharing and integration

8.3 Cookie Management

You can control cookies through:

• Your browser settings (disable or delete cookies)
• Our cookie preference center (if available)
• Third-party opt-out tools (for advertising cookies)

Note: Disabling certain cookies may affect Service functionality.

---

9. Third-Party Services

9.1 Integrated Services

Our Service integrates with various third-party services:

Google Services:

• Gmail API - Email integration and processing
• Google Calendar API - Calendar event management and scheduling
• Google Contacts API - Contact import (read-only)
• Google AI (Gemini) - Machine learning and natural language processing

Social Media Platforms:

• Facebook/Meta - Social media posting and analytics
• Instagram - Visual content and story management
• YouTube - Video content posting and analytics
• TikTok - Video content and engagement

AI Services:

• OpenAI - AI processing and content generation

Cloud Infrastructure:

• Supabase - Database and authentication services

Error Tracking:

• Sentry - Error monitoring and performance tracking

9.2 Third-Party Privacy Policies

These third-party services have their own privacy policies. We encourage you to review them:

• Google Privacy Policy
• Facebook/Meta Privacy Policy
• YouTube/Google Privacy Policy
• OpenAI Privacy Policy
• TikTok Privacy Policy
• Sentry Privacy Policy

---

10. International Data Transfers

10.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

10.2 Adequacy Decisions and Safeguards

We rely on:

• European Commission adequacy decisions
• Standard contractual clauses
• Binding corporate rules
• Other appropriate safeguards as required by law

10.3 Data Processing Locations

Our data is primarily processed in:

• United States - Primary data processing location
• European Union - For EU users (when applicable)
• Other Regions - As needed for service delivery

---

11. Children's Privacy

11.1 Age Restrictions

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at tanner.hatch@beeasy.ai. We will take steps to remove such information from our systems.

---

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our Service

12.2 Continued Use

Your continued use of our Service after any changes to this Privacy Policy constitutes acceptance of the updated policy.

---

13. Contact Information

13.1 Privacy Inquiries

If you have questions about this Privacy Policy or our privacy practices, please contact us:

13.2 Data Protection Officer

---

Google API Services Limited Use Disclosure

Compliance with Google API Services User Data Policy

Beeasy.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Requirements

Beeasy.ai accesses Google user data (including Gmail, Google Calendar, and Google Contacts data) through Google API Services. In accordance with Google's Limited Use requirements, Beeasy.ai:

1. Uses data only to provide and improve user-facing features: Data obtained from Google APIs is used solely to provide the CRM, email automation, calendar integration, and contact management features that are prominently visible in Beeasy.ai's user interface. We do not use this data for purposes unrelated to the features you interact with.
2. Does not transfer data to third parties except:
   • As necessary to provide or improve user-facing features that are visible and prominent in Beeasy.ai's user interface, and only with your consent
   • For security purposes (for example, investigating abuse)
   • To comply with applicable laws
   • As part of a merger, acquisition, or sale of assets of the developer, after obtaining your explicit prior consent
3. Does not use data for advertising: We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising. We do not transfer, sell, or use Google user data to determine credit-worthiness or for lending purposes.
4. Does not allow humans to read user data unless:
   • You have given your affirmative agreement to view specific messages or data
   • It is necessary for security purposes (for example, investigating a bug or abuse)
   • It is necessary to comply with applicable law
   • The data (including derivations) is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements
5. Does not use Google data to train generalized AI/ML models: Data obtained from Google APIs, including raw data and data that is aggregated, anonymized, or derived from it, is NOT used to create, train, or improve generalized or foundational machine learning or artificial intelligence models. AI processing of your Google data is limited to providing personalized, user-facing features for your individual account only (such as email classification and CRM record creation).

Secure Data Handling

All Google user data is handled securely in accordance with Google's requirements:

• OAuth tokens are encrypted at rest using AES-256-GCM encryption
• Data is transmitted only over encrypted connections (TLS/HTTPS)
• Access is restricted through Row Level Security policies ensuring users can only access their own data
• Tokens are revoked and data is deleted upon user request or account disconnection

---

Additional Provisions

A. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and share.

Right to Delete: You can request deletion of your personal information.

Right to Opt-Out: You can opt out of the sale of personal information (we do not sell personal information).

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

B. European Union Residents (GDPR)

If you are in the European Union, you have additional rights under the General Data Protection Regulation:

Lawful Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligation.

Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities.

Data Protection by Design: We implement privacy considerations from the design stage of our systems.

---