Privacy Policy for Inner Circle

1. Introduction

Welcome to Inner Circle ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

By using Inner Circle, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our application.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address, profile picture)
• Contact information you input into the app (names, email addresses, phone numbers, organizations, etc.)
• Group information you create (group names, members, descriptions)
• Interactions and todos you record (meeting notes, call logs, follow-up items)
• Content for email reminders
• Any other information you voluntarily provide

2.2 Information Collected Automatically

• Usage data (features used, time spent, actions taken)
• Log data (IP address, browser type, operating system, access times)
• Device information (device type, mobile device identifiers)
• Error logs and performance data
• Analytics information through Google Analytics (anonymized)

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and track information about your interactions with our application. These technologies may collect information such as your IP address, browser type, access times, pages viewed, and links clicked.

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until you delete them). You can control cookies through your browser settings and other tools.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: You have given consent for processing your data for specific purposes.
• Contract: Processing is necessary to provide the services you've requested.
• Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, as long as they're not overridden by your interests or fundamental rights.
• Legal Obligation: Processing is necessary to comply with legal obligations.

4. How We Use Your Information

We use your information for the following purposes:

• To provide, operate, and maintain the Inner Circle service
• To send email reminders on your behalf (only with your explicit permission)
• To improve and personalize your experience
• To analyze usage patterns and optimize our application
• To communicate with you about updates, security alerts, and support
• To respond to your requests and communications
• To detect, prevent, and address technical issues or fraudulent activities
• To comply with legal obligations

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Information: Retained as long as your account is active. Upon deletion of your account, we will delete or anonymize your account information within 30 days.
• Contact and Group Data: Retained as long as you maintain this information in the application.
• Usage Data: Retained for up to 24 months for analytics purposes.
• Log Data: Retained for up to 90 days for security and troubleshooting purposes.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• With Your Consent: When you have explicitly given us permission to do so.
• Service Providers: With third-party service providers who help us operate, analyze, and improve our application (e.g., cloud hosting providers, analytics services).
• Legal Requirements: To comply with applicable law, regulation, legal process, or governmental request.
• Protection of Rights: To enforce our Terms of Service, protect the security or integrity of our services, or protect the rights, property, or safety of Inner Circle, our users, or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets.

6.1 Third-Party Service Providers

We work with the following categories of third-party service providers:

• Google Cloud Platform (hosting and infrastructure)
• Google Analytics (usage analytics)
• Google Workspace/Gmail API (for email functionality)
• Stripe (payment processing, if applicable)
• Sentry (error tracking and monitoring)

All service providers are data processors acting on our behalf and are contractually obligated to handle your data securely and confidentially.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Data encryption in transit (TLS/SSL) and at rest
• Regular security assessments and testing
• Access controls and authentication requirements
• Secure cloud infrastructure with regular updates
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Gmail API Usage

Our application uses Google's Gmail API to send email reminders on your behalf. In accordance with Google's API Services User Data Policy:

• We only send emails that you explicitly request and authorize
• We never read your emails or access your Gmail inbox
• We only access the permissions you grant (send-only)
• We delete your Gmail access tokens immediately upon your request
• Important: Data obtained via Google Workspace APIs is never used to train our AI/ML models.
• Your use of Google's API services is subject to Google's Privacy Policy

You can revoke our access to your Gmail account at any time through your Google Account Settings.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from your country.

Specifically, our servers are primarily located in the United States, and our service providers may be located in various countries. By using Inner Circle, you consent to the transfer of your information to these locations.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we ensure appropriate safeguards are in place, such as standard contractual clauses or Privacy Shield certification where applicable.

10. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

10.1 For All Users

• Access: View the personal information we hold about you
• Correction: Correct inaccurate information
• Deletion: Request deletion of your data
• Data Export: Export your data in a structured format
• Withdrawal of Consent: Withdraw consent for optional features like email notifications

10.2 For EEA/UK/Switzerland Residents (GDPR)

If you reside in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation:

• Right to Object: Object to processing based on legitimate interests
• Restriction of Processing: Request restriction of processing in certain circumstances
• Data Portability: Receive your data in a machine-readable format
• Complaint: Lodge a complaint with a supervisory authority

10.3 For California Residents (CCPA/CPRA)

If you reside in California, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (note that we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising these rights

10.4 How to Exercise Your Rights

To exercise your rights:

• In-App: Use the privacy settings in the application to access, export, or delete your data
• Email: Contact us at [email protected]
• Verification: We may need to verify your identity before fulfilling your request
• Response Time: We will respond to your request within 30 days

11. Children's Privacy

Our service is not directed to children under 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages. If we learn we have collected personal information from a child without parental consent, we will take steps to delete that information.

If you believe we might have any information from or about a child under these ages, please contact us at [email protected].

12. Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach, where feasible
• Provide information about the nature of the breach, the information affected, and steps we are taking
• Take immediate steps to contain and investigate the breach
• Notify relevant authorities as required by applicable law

13. Dispute Resolution

If you have a concern about our privacy practices, please contact us first at [email protected] to attempt to resolve the matter directly.

For unresolved complaints, you may have the right to pursue other legal remedies, including filing a complaint with your local data protection authority.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective as soon as it is accessible.

We encourage you to review this Privacy Policy regularly to stay informed about our information practices. If we make material changes, we will notify you through the application or by email prior to the change becoming effective.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: