DFY·Hybrid SaaS·Custom·Cases·Blog

Legal

Privacy Policy

Last updated: May 22, 2026

This Privacy Policy describes how Automateo ("we", "us", "our"), operator of the Automateo platform available at app.automateo.info and automateo.info (the "Platform"), collects, uses, stores, shares, retains, and protects your information — including data obtained from Google APIs ("Google user data"). By using the Platform, you agree to this Policy.

Contact: contact@automateo.info.

1. Information We Collect

  • Account Data: Email address, display name, and authentication identifiers when you register or sign in (including via Google Sign-In).
  • Google User Data (Gmail): When you choose to connect a Google account on the Inboxes page, we access your Gmail data using OAuth scopes listed in Section 3.
  • Lead Data: Contact information you import or generate (names, emails, company info, LinkedIn/Instagram URLs).
  • Campaign Data: Email content, message templates, sending schedules, and engagement metrics.
  • API Keys: Third-party credentials you provide (OpenAI, Apify, Unipile, Snitcher) are stored encrypted.
  • Usage Data: Feature usage analytics and error logs for platform reliability.

2. Google API Services User Data Policy — Limited Use

Automateo's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve user-facing features that are prominent in the Platform.
  • We do not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not sell Google user data.
  • We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.

3. Google OAuth Scopes & What We Do With Them

When you connect a Google account, Automateo requests only the following OAuth scopes:

  • openid, .../auth/userinfo.email, .../auth/userinfo.profile — Used solely to authenticate you ("Sign in with Google") and to display your name and email inside the Platform.
  • https://www.googleapis.com/auth/gmail.readonly — Used to fetch your Gmail messages, threads, and metadata so they can be displayed in the Platform's Unified Inbox, where you can read incoming replies to your outreach campaigns.
  • https://www.googleapis.com/auth/gmail.send — Used to send emails from your connected Gmail account on your behalf when you (a) send or reply to a message from the Unified Inbox, or (b) launch an email outreach campaign from the Campaigns page.

We do not request any other Gmail scopes (we do not request gmail.modify, gmail.labels, gmail.settings, or the full mail.google.com scope). LinkedIn and WhatsApp automation are handled entirely through the Unipile integration and do not use any Google OAuth scopes.

4. How We Use Your Data

  • To operate and deliver the outreach automation features you request (sending emails from your connected Gmail, displaying replies in the Unified Inbox, sequencing follow-ups).
  • To enforce sending limits, deliverability guardrails, and pacing rules on your account.
  • To generate analytics and campaign performance reports visible only to you.
  • To improve the Platform's features and reliability.

We do not use Google user data to train generalized or third-party AI/ML models. AI features that operate on individual messages (e.g., AI reply suggestions) run only on data you explicitly act on, are scoped to your workspace, and are not used to improve any model.

5. Data Storage & Security

All data is stored in encrypted databases hosted on Supabase (PostgreSQL) within the EU/US regions. OAuth refresh tokens and API keys are stored encrypted at rest. All traffic to the Platform is served over HTTPS/TLS. We implement Row-Level Security (RLS) on every multi-tenant table so users can only access data belonging to their own workspace. Access to production systems is restricted to authorized engineering staff under least-privilege controls and audit logging.

6. Data Sharing & Sub-processors

We do not sell your data. Google user data is shared only with the sub-processors strictly necessary to operate features you have enabled:

  • Supabase — database, authentication, and edge-function hosting.
  • Google (Gmail API) — source of the inbound/outbound mail you connect.
  • Unipile — LinkedIn, Instagram, and WhatsApp messaging (does not receive Google user data).
  • OpenAI / Lovable AI Gateway — AI copy generation (only the specific text you submit for a given request; not used for model training).
  • Apify / Snitcher — optional lead enrichment and website-visitor identification (does not receive Google user data).

Each integration processes only the minimum data required for its function.

7. Data Retention & Deletion

  • Account data is retained for as long as your account is active.
  • Active lead data is retained as long as your account is active.
  • Completed campaign leads are auto-deleted after 12 days.
  • Email job bodies are purged after 60 days.
  • Gmail messages fetched into the Unified Inbox cache are deleted when you disconnect the Gmail account or delete your Automateo account.
  • You can disconnect a Google account at any time from the Inboxes page, which immediately revokes Automateo's stored OAuth tokens and stops further Gmail access.
  • You can also revoke Automateo's access directly at myaccount.google.com/permissions.
  • To delete your account and all associated data, email contact@automateo.info; we will permanently delete your data within 30 days.

8. Your Rights

Subject to applicable law (including GDPR and CCPA), you have the right to access, correct, export, restrict processing of, and delete your personal data. To exercise these rights, contact us through the Platform's settings or email contact@automateo.info.

9. Cookies

We use essential cookies only, for authentication and session management. We do not use third-party advertising or tracking cookies.

10. Children's Privacy

The Platform is not directed to children under 16, and we do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes — particularly any change in how we access, use, store, or share Google user data — will be communicated by updating the "Last updated" date above and, where appropriate, via in-product notification or email.

12. Contact

Questions about this Policy or your data: contact@automateo.info.