← Back to OrgSweep

Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

OrgSweep collects the following information to provide our services:

  • Account information: Email address, name, and password when you create an account.
  • Salesforce data: We access your Salesforce org data (Contacts, Leads, Accounts, Opportunities) via OAuth to perform dedup scans, generate reports, and execute admin operations. We do not store full Salesforce records — only metadata and scan results.
  • Email metadata: When you connect Gmail or Outlook, we access email subjects, sender/recipient addresses, and dates. We do NOT read or store email body content.
  • Usage data: Scan results, report queries, and admin actions are logged for your audit trail.

2. How We Use Your Information

  • To provide duplicate detection, natural language reports, admin automation, and email sync services.
  • To match emails to Salesforce records and log activities.
  • To improve our AI matching and report generation accuracy.
  • To communicate with you about your account and service updates.

3. Data Storage & Security

  • Data is stored in Supabase (PostgreSQL) with Row Level Security enabled.
  • All API tokens (Salesforce, Gmail, Outlook) are encrypted at rest.
  • We use HTTPS for all data in transit.
  • We never store full email bodies — only subjects and addresses for matching.

4. Third-Party Services

We integrate with:

  • Salesforce: Via OAuth for CRM data access.
  • Google Gmail API: Via OAuth for read-only email access. We only read email metadata (subject, from, to, date). We never send emails on your behalf.
  • Microsoft Graph API: Via OAuth for read-only Outlook email access.
  • Anthropic (Claude AI): For natural language processing. We send query text and Salesforce schema metadata. No personal data is sent to AI models.
  • Stripe: For payment processing. We do not store credit card information.

5. Your Rights

  • You can disconnect any connected service (Salesforce, Gmail, Outlook) at any time.
  • Disconnecting deletes all synced data associated with that connection.
  • You can request full account deletion by contacting us.
  • You can export your data at any time.

6. Data Retention

We retain your data for as long as your account is active. Scan results and email logs are kept for your audit trail. You can delete individual records or your entire account at any time.

7. Contact

For privacy-related inquiries, contact us at privacy@orgsweep.com.