Privacy Policy

Effective Date: February 1, 2025

Welcome to Disclodocs ("Company," "we," "our," or "us"). This Privacy Policy ("Policy") explains how we collect, use, and protect your personal information when you access our platform, website, and related services (collectively, the "Services"). By using our Services, you consent to the collection and use of your information as described in this Policy.

1. Information We Collect

• Personal Information: Includes your name, email address, and payment details when you create an account or make a purchase.
• OAuth Tokens and Authentication Data: We store Google OAuth tokens (access tokens, refresh tokens, and expiration data) to enable Gmail and Calendar integrations. JWT authentication tokens are stored locally on your device.
• Lead Communication History: We store records of email communications and calendar interactions with your leads for CRM functionality.
• Usage Data and Logs: We collect analytics on how you use our Services, including API calls, user actions, and error tracking for debugging and system improvement.
• Cookies and Tracking: We use cookies and similar tracking technologies to enhance your experience.

2. Use of Information

We use the collected information for the following purposes:

• To provide and improve our Services, including lead management and communication features.
• To enable real-time access to your Gmail and Calendar for sending emails and creating appointments.
• To process transactions and send relevant notifications.
• To comply with legal requirements and enforce our policies.
• To personalize user experience, provide customer support, and improve AI-powered features.
• To generate AI-powered email content and property recommendations for your leads.

3. Data Storage & Security

We implement industry-standard security measures to protect your information. However, no method of transmission over the Internet is 100% secure. We store your data securely and take reasonable steps to prevent unauthorized access, disclosure, or modification.

Token Storage: OAuth tokens are securely stored in our database with encryption. JWT tokens are stored locally on your device (localStorage for web, AsyncStorage for mobile, chrome.storage.local for browser extension). Tokens are automatically refreshed as needed and expire according to Google's security policies.

4. Third-Party Integrations

Our Services integrate with various third-party platforms to enhance functionality:

• Google Services: Gmail and Calendar APIs for email communication and appointment scheduling. We access these in real-time and do not cache email content or calendar data.
• OpenAI GPT-4: For AI-powered lead management, email composition, and communication analysis.
• Google Gemini: For real estate document analysis and processing.
• Stripe: For secure payment processing.
• Twilio: For SMS verification services.
• Postmark: For reliable email delivery.

5. OAuth Permissions and Scope

When you connect your Google account, we request the following permissions:

• Gmail Read Access: To read email content for AI analysis and lead management.
• Gmail Send Access: To send personalized emails to your leads on your behalf.
• Calendar Read Access: To view your calendar for scheduling purposes.
• Calendar Events Access: To create calendar invites and appointments with Google Meet integration.

We access Gmail and Calendar APIs in real-time only when needed for specific operations. We do not store email content or calendar data permanently. You can revoke these permissions at any time through your Google Account settings.

6. Data Sharing

We do not sell or rent your personal information. However, we may share data with trusted third parties for necessary business operations, such as payment processing, analytics, and legal compliance. Email content may be processed through AI services (OpenAI, Google Gemini) for analysis and content generation.

7. User Rights

You have the following rights regarding your personal data:

• The right to access, update, or delete your personal data.
• The right to revoke OAuth permissions through your Google Account settings.
• The right to opt out of marketing communications.
• The right to request a copy of the data we store about you.
• The right to withdraw consent for data processing at any time.

8. Data Retention

We retain your personal data only as long as necessary to provide our Services and comply with legal obligations. OAuth tokens are retained until you revoke permissions or delete your account. Lead communication history is retained for CRM functionality. Debug logs are retained for a reasonable period for system improvement. Once no longer needed, we securely delete or anonymize your data.

9. AI Processing and Liability

Our Services include AI-powered features for lead management, email composition, and document analysis. AI may analyze your email content and lead interactions to provide personalized recommendations and generate communication content. By using our Services, you acknowledge and accept full responsibility for any decisions made based on AI-generated insights and waive any liability against us.

10. Dispute Resolution

All disputes regarding this Privacy Policy shall be resolved exclusively with Astride Research, Inc..

11. LLC Disclaimer

Astride Research operates as a Limited Liability Company (LLC). As such, the members, managers, and employees are not personally liable for any debts, obligations, or liabilities of the Company.

12. Contact Information

If you have any questions about this Privacy Policy, please contact us at hello@disclodocs.com.

By using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.