Privacy Policy

Last updated: April 6, 2026

Laureo CRM ("Laureo," "we," "us," or "our") operates the customer relationship management platform available at app.laureo.io (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service, including information obtained through integrations with third-party services such as Google Workspace.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign up using a third-party identity provider, we receive basic profile information (name and email) from that provider.

1.2 CRM Data

You and your team members enter data into the Service, including contacts, companies, opportunities, activities, notes, tasks, and other business records. This data is owned by you and processed by us solely to provide the Service.

1.3 Google Workspace Data

If you choose to connect your Google account, we may access the following data depending on the permissions you grant:

  • Gmail: Email messages including content, metadata (sender, recipient, subject, date), and labels — used to log email activity against CRM contacts, send emails on your behalf, display relevant correspondence, manage your inbox (mark as read/unread, archive, move to trash, and restore), and power AI-assisted email drafting. The AI assistant uses email content alongside your CRM data (contact history, deals, invoices) to draft contextual replies — this processing occurs within the CRM and no email data is sent to third parties for model training. The CRM also provides organizational features such as starring, snoozing, and custom CRM labels that are stored only within the CRM and do not modify your Gmail account.
  • Google Calendar: Calendar events, attendees, and scheduling details — used to sync meetings and activities with your CRM records and enable scheduling features.
  • Google Drive: File names, types, and metadata for documents you browse, attach, or link within the CRM — used to associate documents with CRM records. File content remains in Google Drive and is accessed via Google's own viewer when you open a linked file.
  • Google Meet: Meeting transcripts and recordings stored in your Google Drive's Meet space — used to automatically link meeting notes and recordings to the corresponding CRM activity records. Only file metadata and references are stored; transcript content remains in your Google Drive.

We only access the minimum Google data necessary to provide the CRM features you have enabled. You can revoke Google access at any time from your account settings.

1.4 Usage and Technical Data

We automatically collect technical information such as browser type, device type, IP address, pages visited, and feature usage patterns. This data is used to maintain, secure, and improve the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Sync and display data from connected integrations (Gmail, Google Calendar, Google Drive, Google Meet)
  • Send transactional communications (account verification, security alerts, billing notices)
  • Monitor and improve Service performance, reliability, and security
  • Respond to support requests
  • Comply with legal obligations

We do not use your data — including any Google Workspace data — for advertising, marketing to third parties, or training artificial intelligence or machine learning models. Our AI-powered features (such as email draft suggestions) process your data solely to provide CRM functionality within your organization and do not transmit data to external services for model training or fine-tuning.

3. Google API Services — Limited Use Disclosure

Laureo CRM's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In accordance with Google's Limited Use requirements:

  • We only use Google Workspace data to provide and improve the CRM features you have explicitly enabled.
  • We do not transfer Google Workspace data to third parties unless it is necessary to provide the Service, required by law, or part of a merger or acquisition (with notice to you).
  • We do not use Google Workspace data for serving advertisements.
  • We do not allow humans to read your Google Workspace data unless: (a) you have given explicit consent for a specific message or file (e.g., for a support request), (b) it is necessary for security purposes (such as investigating a security incident), or (c) it is required to comply with applicable law.

4. Data Storage and Security

Your data is stored using cloud infrastructure providers and a managed database hosting provider. We implement industry-standard security measures, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored in our databases and file storage systems is encrypted at rest using AES-256 or equivalent encryption.
  • Access controls: Internal access to production systems is restricted to authorized personnel on a need-to-know basis, using multi-factor authentication and audit logging.
  • Regular security reviews: We regularly review our security practices, dependencies, and infrastructure configuration.

5. Data Sharing

We do not sell your personal information or CRM data. We may share data with the following categories of recipients:

  • Cloud infrastructure providers: To host and deliver the Service.
  • Database hosting provider: To store your CRM data securely.
  • Email delivery provider: To send transactional emails (account verification, notifications) on our behalf.
  • Payment processor: To process subscription payments. We do not store your full credit card details.
  • Analytics provider: To collect anonymized usage data that helps us improve the Service. No personally identifiable CRM data is shared for analytics.

All third-party service providers are bound by contractual obligations to process data only as instructed by us and to maintain appropriate security measures. We may also disclose information when required by law, regulation, or legal process.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and CRM data: Retained while your account is active. Upon account deletion, your data is permanently deleted from our production systems within 30 days. Backups containing your data are purged within 90 days.
  • Google Workspace data: Synced data (email messages and content, calendar events, drive file metadata, and meeting transcript links) is retained while the Google integration is active. When you disconnect the Google integration or delete your account, synced Google data is permanently deleted within 30 days.
  • Trashed emails: Emails you move to the trash within the CRM are automatically and permanently deleted from our database after 30 days.
  • Non-CRM emails: Synced emails that do not match any contact in your CRM are automatically deleted from our database after 90 days to minimize unnecessary data storage.
  • Usage and technical data: Retained in anonymized form for up to 12 months for security and service-improvement purposes.

7. Your Rights

You have the following rights regarding your data:

  • Access: You can access and export your CRM data at any time through the Service's built-in export features.
  • Correction: You can update or correct your personal information and CRM data directly within the Service.
  • Deletion: You can request deletion of your account and all associated data by contacting us. Deletion is completed within 30 days of the request.
  • Revoke Google access: You can disconnect the Google integration at any time from your account settings. You can also revoke Laureo CRM's access to your Google account directly from your Google Account permissions page.
  • Data portability: You can request a machine-readable export of your data.

8. Cookies

We use essential cookies to authenticate your session and maintain your preferences. We do not use third-party tracking or advertising cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact us at privacy@laureo.io.

Related Resources