Privacy Policy

Effective: 6 May 2025Last updated: 15 May 2025

1. Overview

Privacy Conduit (“Privacy Conduit”, “we”, “us”, “our”) operates a global privacy rights infrastructure platform — helping individuals exercise their data rights under applicable laws (India DPDP Act 2023, EU/UK GDPR, US CCPA/CPRA) and helping organisations manage incoming data subject requests.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. It applies to privacyconduit.com and all Privacy Conduit services.

Short version: We only collect what we need to run the service. We never sell your data. When you connect Gmail, we read only what is required to identify companies and send privacy requests — nothing more.

2. Information we collect

We collect information in three ways: information you give us, information generated by your use of the service, and information from third-party integrations you authorise.

Information you provide

Name & emailCollected when you create an account via Clerk (our auth provider).
Privacy requestsThe company name, right type (Delete, Access, etc.), and draft email text you compose.
Employer detailsIf you send employee-context requests, your employer name and role.

Information generated automatically

Request historyStatus, timestamps, company responses, and follow-up threads for each request you send.
Usage eventsPages visited, features used — used only to improve the product. No advertising.
Error logsCrash reports and stack traces captured by Sentry. PII is scrubbed before storage.

Gmail integration (when you connect)

OAuth refresh tokenEncrypted with AES-256-CBC and stored so we can act on your behalf without repeated logins.
Sender domainsWe extract only the domain of each email sender (e.g. amazon.com) to match against our company registry. Email subjects, bodies, recipients, and attachments are never stored.
Thread IDsStored alongside your sent requests so we can detect when a company replies.

3. How we use your information

We use your data only to provide and improve Privacy Conduit. Specifically:

  • Send privacy request emails from your Gmail account to companies and employers on your behalf.
  • Scan your inbox to identify companies that may hold your personal data.
  • Monitor Gmail threads for company responses and update your request status automatically.
  • Generate legally-cited request drafts using our LLM pipeline (Anthropic Claude). Your name and right intent are passed; raw email content is not.
  • Send you transactional notifications (request sent, response received, deadline approaching).
  • Prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

4. Google API Services — Limited Use Disclosure

Required disclosure. Privacy Conduit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Accessed

When you connect your Google account, Privacy Conduit requests exactly two Gmail permissions:

  • gmail.readonly — to scan sender domains in your inbox and monitor Gmail threads for company replies to privacy requests.
  • gmail.send — to send privacy request emails directly from your own Gmail address to companies on your behalf (legally, requests must originate from the data subject's own email).

No other Google API scopes are requested or used.

Data Usage

Gmail data is used solely to operate the following features:

  • Extract sender domains from your inbox (e.g. amazon.com) to build a list of companies that may hold your data. Email subjects, bodies, recipients, and attachments are never read or stored.
  • Send privacy request emails from your Gmail account to companies and employers on your behalf.
  • Monitor Gmail thread IDs to detect when a company replies to a sent request and automatically update your request status.

Gmail data is never used for advertising, profiling, product analytics, or any purpose beyond the features above. It is never used to train, fine-tune, or improve any AI or machine learning model.

Data Sharing

We do not sell, rent, or share Gmail data with third parties for their independent use. The only disclosures are:

  • Infrastructure providers (Vercel, Railway, Neon/PostgreSQL) — these providers host the platform and process data only as necessary to deliver the service. Each is bound by a data processing agreement and may not use your data independently.
  • Recipient companies — when you send a privacy request, your email address and the request text are disclosed to the company you are contacting. This disclosure is the purpose of the service and is performed only on your explicit instruction.

No Gmail content is shared with Anthropic or any AI provider. The LLM pipeline receives only your name and your chosen right type (e.g. “Delete”) to draft request text — raw Gmail data is never passed to it.

Data Storage & Protection

  • OAuth refresh token — encrypted with AES-256-CBC (randomly generated IV per token) before storage. This is the only Gmail credential we persist.
  • Access tokens — never stored. Obtained on demand from the refresh token and used in memory only for the duration of an operation.
  • Sender domains — stored as plain domain strings (e.g. amazon.com). No email content, subjects, addresses, or attachments are stored.
  • Thread IDs — stored alongside your sent requests to enable reply detection. No message content is stored.
  • Encryption in transit — all data is transmitted over TLS 1.2+. HTTP requests are rejected.
  • No human access — Privacy Conduit employees and contractors do not read the content of your emails. All inbox processing is fully automated.

Data Retention & Deletion

OAuth refresh tokenDeleted immediately and permanently when you disconnect Gmail or delete your Privacy Conduit account.
Sender domainsRetained while your account is active. Deleted within 30 days of account deletion.
Thread IDsRetained for the lifetime of the associated request (3 years), then deleted.

To disconnect Gmail and delete all associated tokens at any time, go to Settings → Connected accounts in your Privacy Conduit dashboard and click Disconnect. To request deletion of all your data, email support@privacyconduit.com with the subject “Data Deletion Request”. We will confirm deletion within 30 days.

You can also revoke Privacy Conduit's Gmail access directly from your Google Account permissions page. Revocation immediately invalidates the stored token and halts all Gmail-based operations.

5. Sharing and disclosure

We do not sell your personal data. We share it only in the following limited circumstances:

  • Infrastructure providers. We use Vercel (frontend hosting), Railway (backend hosting), Neon/PostgreSQL (database), Redis (job queuing), Clerk (authentication), Sentry (error tracking), and Anthropic (LLM for request drafting). Each provider processes data only as necessary to provide their service and is bound by data processing agreements.
  • On your behalf. When you send a privacy request, the email and your identity are disclosed to the recipient company — that is the purpose of the service.
  • Legal requirements. If required by law, court order, or government authority, we may disclose data. We will notify you where legally permitted.
  • Business transfers. If Privacy Conduit is acquired or merges, your data may transfer to the successor entity, which will be bound by this policy.

6. Data retention

Account dataRetained while your account is active. Deleted within 30 days of account deletion.
Privacy requestsRetained for 3 years to support legal compliance history, then deleted.
Gmail refresh tokenDeleted immediately when you disconnect Gmail or delete your account.
Inbox scan dataSender domain matches retained while account is active. Deleted with account.
Error logsAutomatically purged after 90 days.

You can request deletion of your data at any time by emailing support@privacyconduit.com. We will respond within 30 days.

7. Security

We take security seriously and apply the following controls:

  • Encryption at rest. Gmail OAuth tokens are encrypted with AES-256-CBC using a randomly generated IV before storage. Database encryption is enabled at the infrastructure layer.
  • Encryption in transit. All data is transmitted over TLS 1.2+. Our backend enforces HTTPS; HTTP requests are rejected.
  • Access control. Internal access to production systems requires multi-factor authentication. Access is granted on a least-privilege basis.
  • Token hygiene. OAuth access tokens are never persisted. Only refresh tokens (encrypted) are stored. Revoked or expired tokens are automatically detected and removed.
  • Dependency scanning. We run automated vulnerability scans on dependencies in CI.

If you discover a security vulnerability, please report it responsibly to admin@privacyconduit.com. We ask that you give us reasonable time to remediate before public disclosure.

8. Your rights and choices

Depending on your jurisdiction, you may have the following rights over your personal data:

AccessRequest a copy of the personal data we hold about you.
CorrectionAsk us to correct inaccurate or incomplete data.
DeletionAsk us to delete your data (subject to legal retention obligations).
PortabilityReceive your data in a machine-readable format.
ObjectionObject to certain processing activities.
WithdrawalWithdraw consent at any time (e.g. disconnect Gmail, delete account).

To exercise any of these rights, email support@privacyconduit.com with the subject line “Privacy Rights Request”. We will respond within 30 days (GDPR/DPDP) or 45 days (CCPA).

Disconnecting Gmail. Go to Settings → Connected accounts in your dashboard and click Disconnect. This immediately purges the stored OAuth token and halts all inbox scanning and Gmail sends.

9. Cookies and tracking

We use a minimal set of cookies:

  • Authentication cookies — set by Clerk to maintain your login session. Strictly necessary; cannot be disabled.
  • Preference cookies — store your UI preferences (theme, language). First-party only.

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies.

10. Children's privacy

Privacy Conduit is not directed at or designed for children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently done so, please contact us at support@privacyconduit.com and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. For material changes, we will notify you by email and by displaying a prominent notice in the app at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of Privacy Conduit after the effective date constitutes your acceptance of the updated policy.

12. Contact us

If you have any questions, concerns, or requests related to this Privacy Policy:

Privacy Conduit Privacy

Email: support@privacyconduit.com

For security disclosures: admin@privacyconduit.com