Privacy Policy

Last updated: May 27, 2026

Laureo CRM ("Laureo," "we," "us," or "our") operates the customer relationship management platform available at app.laureo.io (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service, including information obtained through integrations with third-party services such as Google Workspace, Microsoft 365, and Zoom.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign up using a third-party identity provider, we receive basic profile information (name and email) from that provider.

1.2 CRM Data

You and your team members enter data into the Service, including contacts, companies, opportunities, activities, notes, tasks, and other business records. Laureo acts as a Data Processor for this CRM data; the subscribing organization (the “Customer”) is the Data Controllerand decides what data is entered, how it is used, and when it is deleted. CRM records are processed by us solely to provide the Service on the Customer's instructions. See Section 7 for how this affects data-subject requests.

1.3 Google Workspace Data

If you choose to connect your Google account, we may access the following data depending on the permissions you grant:

  • Gmail: Email metadata (sender, recipient, subject, date, snippet, labels) and email bodies, used to log email activity against CRM contacts, send emails on your behalf, display correspondence, power full-text search and AI-assisted features (draft suggestions, smart replies, summaries), and manage your inbox (mark as read/unread, archive, move to trash, and restore). Email synchronization is push-based: when new mail arrives in your inbox, Gmail notifies the CRM via Google Cloud Pub/Sub and the metadata is captured in near-real-time. Email bodies are fetched from Gmail and stored in our database, sanitized (HTML is run through an industry-standard sanitizer on every write to prevent cross-site scripting), for every synced email, regardless of whether it is matched to a CRM contact, so the in-CRM reading, search, and AI features work without re-fetching from Gmail on every interaction. We may fetch and store bodies either on-demand the first time you open an email in the CRM or proactively as part of background sync, depending on product configuration. Stored bodies are subject to strict automatic retention windows (see Section 6) and to organization-level privacy controls (see Section 6.1). The CRM also provides organizational features such as starring, snoozing, and custom CRM labels that are stored only within the CRM and do not modify your Gmail account.
  • Google Calendar: Calendar events, attendees, and scheduling details, used to sync meetings and activities with your CRM records and enable scheduling features.
  • Google Drive: File names, types, and metadata for documents you browse, attach, or link within the CRM, used to associate documents with CRM records. File content remains in Google Drive and is accessed via Google's own viewer when you open a linked file.
  • Google Meet: Meeting transcripts and recordings stored in your Google Drive's Meet space, used to automatically link meeting notes and recordings to the corresponding CRM activity records. We always store file metadata (name, type, size, Drive reference URL, thumbnail) so that the files appear in the CRM. We may also fetch and store the content of transcripts and recordings in our database to power AI-assisted features such as meeting summaries, action-item extraction, and thread-aware replies. When transcript or recording content is stored, it is subject to the same organization-level privacy controls (Section 6.1) and retention behavior that apply to email bodies, and you can purge stored content at any time from Settings → Integrations.

We only access the minimum Google data necessary to provide the CRM features you have enabled. You can revoke Google access at any time from your account settings.

1.3a Microsoft 365 Data

If you choose to connect your Microsoft 365 account (work/school or personal Microsoft account), we may access the following data depending on the permissions you grant:

  • Outlook Mail (Mail.ReadWrite): Email metadata (sender, recipient, subject, date, snippet, categories) and email bodies, used to log email activity against CRM contacts, send emails on your behalf, display correspondence, power full-text search and AI-assisted features (draft suggestions, smart replies, summaries), and manage your inbox (mark as read/unread, archive, move to trash, restore). Email synchronization is push-based: when new mail arrives in your inbox, Microsoft Graph notifies the CRM via a webhook subscription and the metadata is captured in near-real-time. Email bodies are fetched from Outlook and stored in our database, sanitized on every write, with the same retention model that applies to Gmail data (see Section 6).
  • Mailbox Settings (MailboxSettings.Read): Read-only access to your "automatic replies" (out-of-office) state, used to display OoO badges next to contacts who are also Microsoft 365 users in your CRM. We never modify mailbox settings.
  • Outlook Calendar (Calendars.ReadWrite): Calendar events, attendees, and scheduling details, used to sync meetings and activities with your CRM records, enable scheduling features, and create calendar events with embedded Microsoft Teams meeting links via the booking scheduler.
  • Microsoft Teams Meetings (OnlineMeetings.ReadWrite): Standalone Teams meeting links generated outside a calendar event (e.g., from the messaging composer's "Generate Teams link" button). Required only for the standalone-meeting feature; calendar-attached Teams meetings use Calendars.ReadWrite.
  • Outlook Contacts (Contacts.ReadWrite): Your Outlook personal address book, used to import contacts into the CRM, match against existing CRM people, optionally auto-create new CRM people, and push CRM person edits back to Outlook contacts when you opt in.
  • People insights (People.Read): Relevance-ranked suggestions for people you communicate with, used as autocomplete hints in compose and CRM creation flows. Read-only.
  • Microsoft To Do (Tasks.ReadWrite): Bidirectional sync between CRM tasks and your Microsoft To Do lists when you opt in per task. Edits in either side propagate to the other within seconds.
  • OneDrive (Files.ReadWrite): File names, types, and metadata for documents you browse, attach, or link within the CRM, used to associate documents with CRM records. File content remains in OneDrive and is accessed via Microsoft's own viewer when you open a linked file.
  • SharePoint (Sites.Read.All): Read-only access to your organization's SharePoint sites and document libraries, used to attach SharePoint files to CRM records. This permission is admin-restricted: it requires your tenant administrator to consent on behalf of the organization. We never modify SharePoint content.
  • User profile (User.Read, openid, profile, email): Your name, email, profile photo, and tenant identifier, used for sign-in identity and account-type detection (work/school vs personal Microsoft account).
  • Refresh tokens (offline_access): Long-lived tokens used to refresh your Microsoft access token without forcing repeated sign-ins. Stored encrypted at rest using AES-256-GCM.

We only access the minimum Microsoft data necessary to provide the CRM features you have enabled. You can revoke Microsoft access at any time from your account settings, and disconnecting will delete every Microsoft Graph subscription remotely (so we no longer receive push notifications) and purge synced Microsoft data from the CRM.

1.3b Zoom Data

If you choose to connect your Zoom account, we may access the following data depending on the permissions you grant. The Zoom integration is per-user. Each rep authorizes their own Zoom account independently. We only access the minimum Zoom data necessary to provide the CRM features you have enabled.

  • OAuth tokens: The access token and refresh token Zoom issues for your account. We store these encrypted at rest using AES-256-GCM and use them solely to call Zoom's API on your behalf.
  • Zoom user identity (user:read:user): Your Zoom user identifier (zoom_user_id), Zoom account identifier (zoom_account_id), email, display name, and account type. We use these to display the connected account in the integration drawer and to route Zoom's webhook events (such as app_deauthorized) back to your CRM account.
  • Meeting metadata (meeting:read:list_meetings, meeting:write:meeting): Topic, scheduled time, duration, host email, and attendee count for meetings on your Zoom account. Used to attach each meeting to the right CRM activity, and to provision new Zoom meetings when you book through the Laureo scheduler.
  • Cloud recording metadata (cloud_recording:read:list_user_recordings, cloud_recording:read:list_recording_files): File type, start time, duration, and the Zoom-hosted playback URL. We do not store the recording video, audio, or transcript content itself. When you click a recording inside Laureo, you are sent to Zoom's hosted player and stream the content directly from Zoom.
  • Operational metadata: The IP address of the Zoom user at the time of OAuth consent (captured in our application logs) and timestamps of API calls we make to Zoom on your behalf. Retained for security auditing and rate-limit enforcement only; never used for marketing or shared with third parties.

You can revoke Zoom access at any time from Settings → Integrations → Zoom → Disconnect inside Laureo, or by removing the Laureo app from marketplace.zoom.us/user/installed. Either path triggers Laureo to delete your encrypted Zoom tokens within seconds. Recording metadata (file type, start time, playback URL) is also deleted unless you explicitly opted into retaining it for historical CRM context. Disconnecting does not delete recordings stored in Zoom. Those remain in your Zoom account and are subject to Zoom's own retention policies.

1.4 AI-Derived Data

When you use the CRM's AI-assisted features (email draft suggestions, smart replies, summaries, suggestion chips, meeting-note extraction, and similar), we may generate and store derivative data in your own organization's workspace. This includes:

  • Per-user writing-style profiles: Summaries of your own writing style (such as typical greetings, sign-offs, formality, and sentence length) derived from your outbound email content and used only to personalize AI draft suggestions for your account. Stored only within your organization's workspace; never shared across users or organizations; never used to train generalized or third-party AI models.
  • Cached AI outputs: Short-lived caches of AI-generated suggestion chips, summaries, and similar results keyed to the specific email or record they refer to, so repeat views within the cache window do not re-run the inference. Caches have a maximum lifetime of seven days.
  • AI access logs: Metadata records of AI operations (action type, referenced email or record identifier, model used, token counts, timestamp) used for audit, rate-limiting, and cost accounting. Access logs do not contain the prompt or completion content.

Retention and deletion of AI-derived data are described in Section 6. You can delete your own writing-style profile at any time from Settings → Profile → Data Controls. Bulk deletion of cached AI outputs, the AI access log, or all user-level data is performed by an organization administrator from the Users management panel in Admin Settings, consistent with Laureo's role as a processor acting on the Customer's instructions (see Section 7).

1.5 Usage and Technical Data

We automatically collect technical information such as browser type, device type, IP address, pages visited, and feature usage patterns. This data is used to maintain, secure, and improve the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Sync and display data from connected integrations (Gmail, Google Calendar, Google Drive, Google Meet)
  • Send transactional communications (account verification, security alerts, billing notices, receipts, payment reminders, booking confirmations)
  • Send optional lifecycle and product emails (onboarding guidance, product tips and updates, and occasional check-ins) on the basis of our legitimate interest in helping you get value from the Service. These are not required service messages. You can opt out of any of them at any time from Settings → Email Preferences or via the unsubscribe link in each such email, and doing so will not affect the transactional messages above.
  • Monitor and improve Service performance, reliability, and security
  • Respond to support requests
  • Comply with legal obligations

We do not use your data, including any Google Workspace data, for advertising, marketing to third parties, or training generalized, shared, or third-party artificial intelligence or machine learning models. Our AI-powered features (such as email draft suggestions, smart replies, summaries, and meeting-note extraction) are served by a third-party AI inference provider operating under a Zero Data Retention agreement that we enforce on every request. The provider does not log, retain, or train on prompts or completions, and only routes to downstream model providers that contractually do not retain or train on customer data. Data sent to the provider is used solely to produce a single inference result for the active user request and is discarded at the provider side immediately afterward. No Google Workspace data or customer data is shared with any AI processor for training or fine-tuning any model.

We mayuse your own Google Workspace and CRM data to generate personalization profiles and cached AI outputs that are stored in your own organization's workspace (see Section 1.4) and used only to improve AI features for your own account. These per-user derivatives are never shared across users or organizations and never used to train any AI model that is distributed or used outside your organization.

3. Google Workspace APIs: Limited Use Disclosure

Laureo CRM's use and transfer of information received from Google Workspace APIs to any other app will adhere to the Google User Data Policy, including the Limited Use requirements.

In accordance with Google's Limited Use requirements:

  • We only use Google Workspace data to provide and improve the CRM features you have explicitly enabled.
  • We do not transfer Google Workspace data to third parties unless it is necessary to provide the Service, required by law, or part of a merger or acquisition (with notice to you).
  • We do not use Google Workspace data for serving advertisements.
  • We do not use Google Workspace data to develop, improve, or train generalized, shared, or third-party AI or machine-learning models. AI-powered CRM features send your data to an inference provider operating under a Zero Data Retention agreement (see Section 5). The provider does not retain, log, or train on that data. Separate from inference requests, we may generate personalization profiles and cached AI outputs from your own data and store them in your own organization's workspace (see Section 1.4); these per-user derivatives are never shared, sold, or used to train any AI model distributed outside your organization.
  • We do not use Google Workspace data to determine creditworthiness or for lending, underwriting, insurance, or financial-qualification decisions.
  • We do not allow humans to read your Google Workspace data unless: (a) you have given explicit consent for a specific message or file (e.g., for a support request), (b) it is necessary for security purposes (such as investigating a security incident), or (c) it is required to comply with applicable law.

4. Data Storage and Security

Your data is stored using cloud infrastructure providers and a managed database hosting provider. We implement industry-standard security measures, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored in our databases and file storage systems is encrypted at rest using AES-256 or equivalent encryption.
  • OAuth token protection: Access and refresh tokens for Google and other connected services are encrypted with AES-256-GCM at rest using a per-record initialization vector and authentication tag, versioned to support key rotation. Tokens are decrypted only inside the server-side integration pipeline and are never exposed to the browser.
  • Access controls: Internal access to production systems is restricted to authorized personnel on a need-to-know basis, using multi-factor authentication and audit logging.
  • Regular security reviews: We regularly review our security practices, dependencies, and infrastructure configuration.

5. Data Sharing & Subprocessors

We do not sell your personal information or CRM data. We engage a vetted set of subprocessors to deliver the Service:

  • We maintain a complete, current subprocessor list (including each vendor's name, purpose, the categories of data they process, the region of processing, and DPA references) which we provide to customers and procurement teams on request and as part of our Data Processing Addendum (DPA).
  • All third-party subprocessors are bound by contractual obligations to process data only as instructed by us and to maintain appropriate security measures.
  • AI inference: AI features (email draft suggestions, smart replies, summaries, meeting-note extraction, and similar) are routed through our AI gateway subprocessor with Zero Data Retention enforced. The gateway and downstream model providers do not retain prompts or completions, do not use customer data for model training, and do not permit human review of customer content for ZDR-enabled traffic. No Google Workspace data or personal information is used to train, fine-tune, or evaluate any AI model distributed outside your organization. Cached AI outputs (such as generated suggestion chips) are stored in your own organization's database for short periods to avoid re-running the same inference on repeat views (see Section 1.4).
  • We may also disclose information when required by law, regulation, or legal process.

When we add, remove, or materially change a subprocessor, we notify affected customers in advance via email to the primary contact on file, and an updated list is available on request.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and CRM data: Retained while your account is active. Upon account deletion, your data is permanently deleted from our production systems within 30 days. Backups containing your data are purged within 90 days.
  • Google Workspace data: Synced email metadata, email bodies, calendar events, Drive file metadata, meeting transcript links, and any stored transcript or recording content are retained while the Google integration is connected. When you disconnect the Google integration or delete your account, all synced Google data, including stored email bodies, stored transcript or recording content, and any ephemeral cache, is permanently deleted (see “Disconnect” below). AI-derived data is handled separately (see the AI-derived data bullet below).
  • Trashed emails: Emails you move to the trash within the CRM (including any stored body content) are automatically and permanently deleted from our database 30 days after being trashed.
  • Email bodies, storage model: Email bodies are fetched from Gmail and stored in our database (sanitized) for every synced email, whether or not it is matched to a CRM record, to power in-CRM reading, full-text search, and AI features. The stored body follows the same retention rules as the parent email row: retained while the Google integration is connected, and deleted together with the row on trash-auto-purge, disconnect, or account deletion. In addition to database storage, a short-lived ephemeral cache (up to 30 minutes) accelerates repeat views within a session and is purged on disconnect. See Section 6.1 for organization-level privacy controls that reduce or eliminate database body storage.
  • Disconnect: When you disconnect the Google integration, the CRM synchronously deletes all synced email rows (metadata and bodies), calendar events, file-link metadata (including Meet transcript links and any stored transcript or recording content), and any ephemeral caches for that integration during the disconnect request. The disconnect completes only after deletion completes. AI-derived data listed below (writing-style profile, cached AI outputs, AI access log) is retained under its own schedules; it is fully removed on account deletion, can be deleted by an administrator at any time from the admin user-management panel, and (for the writing-style profile specifically) can be deleted by the user from Settings → Profile → Data Controls.
  • AI-derived data (see Section 1.4):
    • Writing-style profile: Retained while the integration is connected and refreshed on a weekly basis. You can delete your own profile at any time from Settings → Profile → Data Controls. Organization administrators can also delete it from the admin user-management panel. Deleted on account deletion.
    • Cached AI outputs (suggestion chips, summaries): Automatically expire after seven days. A daily cleanup job permanently removes expired rows. Administrators can purge them immediately for any user from the admin user-management panel.
    • AI access log: Retained for up to thirteen months for audit and rate-limiting, then automatically purged. Contains action metadata only (never prompt or completion content). Administrators can purge the log for any user from the admin user-management panel.
  • Usage and technical data: Retained in anonymized form for up to 12 months for security and service-improvement purposes.

6.1 Organization-Level Privacy Controls for Email Bodies

Organization administrators can further restrict how email bodies are stored, in addition to the retention windows above. These controls are available in the Service under Settings → Integrations → Email Privacy:

  • Disable database body storage: When enabled (by turning off “Store email body content”), email bodies are kept only in the 30-minute ephemeral cache and are never persisted to our database. In this mode, repeat views within a 30-minute window are served from the cache; outside the window, bodies are re-fetched from Gmail on each view. Full-text search and some AI features may be reduced or unavailable in this mode.
  • Per-sender exclusion list: Administrators can specify sender-address patterns whose bodies are never written to the database, regardless of the organization-level storage setting. Useful for compliance-sensitive communications (for example, communications with outside counsel or healthcare providers).
  • Sensitive-content detection: When enabled, a content scanner runs before every database write; bodies containing detected personally identifiable information patterns (for example, US Social Security numbers, credit card numbers, medical terms) bypass database storage and remain only in the ephemeral cache.
  • Organization-wide purge: Administrators can purge all stored email bodies for their organization at any time. Metadata (subject, sender, date, labels) is preserved; bodies are re-fetched from Gmail the next time each email is viewed.

7. Your Rights and Roles Under Data-Protection Law

For CRM records (contacts, companies, opportunities, activities, notes, synced emails, calendar events, file metadata, and similar), the subscribing organization is the Data Controller and Laureo is the Data Processor. That means data-subject requests concerning these records (whether from an employee who uses the CRM, a contact whose information is stored inside it, or any other individual) should be directed to the subscribing organization. Laureo processes such records only on the Controller's documented instructions, and will assist the Controller in fulfilling valid requests under our Data Processing Addendum.

For data that Laureo holds about you as a user of the Service itself (your account record, authentication data, billing information, and your personal writing-style profile) you have the following rights, exercisable directly with Laureo:

  • Access: You can access and export a machine-readable copy of your AI-related personal data at any time from Settings → Profile → Data Controls (GDPR Art. 15 / CCPA §1798.110). For CRM data, the Service's built-in export features are available to administrators of the subscribing organization.
  • Correction: You can update or correct your personal information directly within the Service. CRM records are corrected by administrators or users with appropriate permissions from the subscribing organization.
  • Deletion: A user's own writing-style profile is deletable at Settings → Profile → Data Controls. Account-level deletion (and the bulk deletion of other per-user data: cached AI outputs, AI access log, synced-email caches) is performed by an administrator of the subscribing organization from the admin user-management panel. Deletion of a CRM record about a third party, or of an entire employee account, is processed by the organization's administrator under its Controller obligations. Requests concerning Laureo's own processing (for example, billing records, account-creation events) can be sent to privacy@laureo.io and will be completed within 30 days.
  • Revoke Google access: You can disconnect the Google integration at any time from your account settings. You can also revoke Laureo CRM's access to your Google account directly from your Google Account permissions page.
  • Revoke Zoom access: You can disconnect the Zoom integration at any time from Settings → Integrations → Zoom → Disconnect inside Laureo. You can also revoke our access from your Zoom account at marketplace.zoom.us/user/installed. Either path triggers Laureo to delete your encrypted Zoom tokens within seconds; recording metadata is deleted within ten (10) days per the Zoom Marketplace Developer Agreement.
  • Data portability: You can request a machine-readable export of your data. For your own AI-derived data, use the export button on Settings → Profile → Data Controls. For CRM data, administrators can export from the Service's data-management features.

If the subscribing organization fails to respond to a request in a timely manner, or if you believe Laureo itself has mishandled your personal data, you may contact us directly at privacy@laureo.io, and (if the organization is established in the EU, UK, or California) you have the right to lodge a complaint with your supervisory authority.

8. Cookies

The Laureo web app at app.laureo.io uses only first-party session cookies to authenticate you and to maintain your preferences, and it loads no third-party analytics or tracking scripts.

The marketing site at laureo.iouses privacy-preserving Google Analytics 4 cookies (with IP anonymization enabled) only after you click "Accept" on the cookie banner. If you decline or ignore the banner, no analytics cookies are set. We do not use advertising, ad-retargeting, or cross-site tracking cookies on either surface.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact us at privacy@laureo.io.

Related Resources

Help Center

Security

How Laureo protects your data.

Help Center

Terms of Service

Our terms and conditions.

Help Center

Contact

Get in touch with the team.