Privacy Policy

Effective Date: July 31, 2025 · Last Updated: July 13, 2026

Connekt ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and secure personal information when you use our Chrome browser extension and CRM platform services ("Services").

Google API Services — Limited Use Disclosure

Connekt's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1. Google Data We Access

When you connect your Gmail account, Connekt requests the following Google OAuth scope:

https://www.googleapis.com/auth/gmail.readonly

This scope allows Connekt to read your email messages and settings in read-only mode. Specifically, we access:

  • Email thread content (subject, body, sender, recipient, timestamp)
  • Email metadata (folder labels, read/unread status)
  • Sender and recipient email addresses

When you connect your Google Calendar in the Connekt Notetaker Chrome extension, we request this separate OAuth scope:

https://www.googleapis.com/auth/calendar.events.readonly

This scope allows Connekt to read your calendar events in read-only mode. Specifically, we access:

  • The title of the calendar event associated with the Google Meet call being recorded
  • The names and email addresses of that event's attendees

We do not request access to send emails, delete emails, modify emails, or access Google Drive or any other Google product. We do not create, modify, or delete calendar events, and we do not browse or store your calendar beyond the single event tied to the meeting being recorded.

2. How We Use Google Data

Google user data accessed via the Gmail API is used exclusively for the following purpose:

  • Email thread synchronisation: We retrieve email threads involving your candidates' and contacts' email addresses and display them alongside the corresponding CRM records, so recruiters can view full communication history without leaving the platform.
  • Conversation matching: We match email senders and recipients against email addresses stored in your Connekt CRM. Only emails that match a known candidate or contact are stored; all other emails are discarded immediately.

Google user data is not used for advertising, profiling, training AI or ML models, or any purpose beyond displaying your own email history within Connekt. We do not use Gmail data to build profiles about users beyond the recruiter's own CRM context.

Google Calendar data accessed via the Calendar API is used exclusively for the following purpose:

  • Meeting note enrichment: When you record a Google Meet call with Connekt Notetaker, we look up the calendar event matching that specific call and use its title and attendee list to automatically fill in the title and attendees on the generated meeting notes, instead of relying on scraping the Meet interface.

Calendar data is looked up silently in the background only during an active recording — connecting your calendar never triggers a surprise sign-in prompt mid-meeting.

Use of Google Data with AI/ML Models

The meeting title and attendee names sourced from Google Calendar are passed, together with your call's transcript, to a large language model (Google Gemini, accessed via the OpenRouter API) solely to generate the AI title and summary shown on your meeting notes. This data is not used to train, fine-tune, or improve any foundational or generalized AI/ML model. Our OpenRouter account is configured to route these requests only through providers under Google's paid Vertex AI terms, which do not use submitted data for model training, and first-party/free-tier endpoints that may train on data are disabled at the account level.

Limited Use Compliance: The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

3. Sharing of Google User Data

We do not sell, rent, or trade Google user data. We do not share Google user data with third parties except in the following strictly limited circumstances:

  • Infrastructure providers: We use Supabase (database hosting) and cloud infrastructure to store and serve your data. These providers act as data processors and are contractually prohibited from using your data for any purpose other than providing the service to us.
  • Legal obligations: We may disclose data if required by law, court order, or to protect the rights and safety of our users or the public.

No Google user data is shared with any advertising networks, data brokers, analytics platforms, or other third parties.

4. Storage and Protection of Google User Data

  • Encryption in transit: All data transferred between your browser, our servers, and Google APIs is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Email content stored in our database is encrypted at rest.
  • Access controls: Only authenticated users can access their own Gmail data within Connekt. Our engineers access production data only when required for support or incident resolution, under strict access controls.
  • OAuth tokens: Gmail OAuth tokens are stored securely via Nylas (our email API provider) and are never exposed in logs or client-side code. Calendar OAuth tokens are managed entirely by Chrome's built-in Identity API on your device — they are never transmitted to or stored on Connekt's servers.
  • Minimal data principle: We only store email threads that match a candidate or contact in your CRM. Unrelated personal emails are never stored. For Calendar, we only retain the event title and attendee list of the specific meeting you recorded, as part of that meeting's notes — no other calendar events or details are ever stored.

5. Retention and Deletion of Google User Data

Retention period: Synced email data is retained for as long as your Connekt account is active and the Gmail integration is connected. Email threads older than 90 days that no longer match active CRM records are automatically purged.

Disconnecting Gmail: You can revoke Connekt's access to your Gmail account at any time by:

  • Going to Settings → Integrations → Gmail → Disconnect within the Connekt platform, or
  • Visiting Google Account Permissions and revoking access for Connekt.

Upon disconnection, we immediately invalidate your OAuth token. All previously synced Gmail data associated with your account is deleted within 30 days.

Disconnecting Calendar: You can disconnect Google Calendar at any time from the Connekt Notetaker extension's settings. Disconnecting immediately revokes the OAuth grant directly with Google (not just locally), so the permission is fully withdrawn from your Google account, not merely hidden from Connekt's UI.

Account deletion: When you delete your Connekt account, all associated Google user data is permanently deleted within 30 days. To request deletion, email privacy@letsconnekt.com or use the account deletion option in your settings.

Information We Collect

From the Chrome Extension

When you use our Chrome extension on LinkedIn, we collect:

  • Profile Information: Names, job titles, company names, contact information, and other professional details from LinkedIn profiles you choose to extract
  • Usage Data: Information about how you interact with the extension, pages visited on LinkedIn, and extraction activity
  • Authentication Data: Login credentials and session tokens to sync with your Connekt CRM account

From Our CRM Platform

When you use our CRM services, we collect:

  • Account Information: Name, email address, company details, billing information
  • Contact Data: Information about candidates and companies you store in your CRM
  • Communication Records: Messages, notes, and interaction history you create within the platform
  • Device Information: Browser type, operating system, IP address, and device identifiers

How We Use Your Information

We use the collected information to:

  • Provide and operate our Chrome extension and CRM services
  • Sync extracted LinkedIn data with your CRM account
  • Process payments and manage your subscription
  • Send service-related communications and support responses
  • Improve our services and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations

Information Sharing

We do not sell your personal information.

We may share information in these limited circumstances:

Service Providers

Third-party vendors who help us operate our services (payment processors, hosting providers, analytics services). All service providers are contractually bound to protect your data.

Legal Requirements

When required by law, legal process, or to protect our rights and safety.

Business Transfers

In connection with mergers, acquisitions, or sale of assets, with advance notice to affected users.

With Your Consent

When you explicitly authorize us to share specific information.

Data Security

We implement industry-standard security measures including:

🔒 Encryption

Data encrypted in transit (TLS 1.2+) and at rest

🛡️ Access Controls

Secure authentication and restricted access controls

🔍 Monitoring

Regular security audits and continuous monitoring

👥 Limited Access

Need-to-know basis for personal information access

Data Retention and Deletion

Active accounts: We retain your data for as long as your account is active or as needed to provide services.

Account deletion: When you delete your account, all personal data is permanently deleted within 30 days, except where retention is required by law.

Gmail integration data: Synced email data is deleted within 30 days of disconnecting your Gmail account or deleting your Connekt account. See the Google API Services section above for full details.

Calendar integration data: We only retain the event title and attendee list of meetings you actually record, stored as part of that meeting's notes. No other calendar data is retained. Disconnecting Calendar revokes the OAuth grant with Google immediately. See the Google API Services section above for full details.

To request deletion: Email privacy@letsconnekt.com with the subject line "Data Deletion Request". We will confirm and complete deletion within 30 days.

Your Rights and Choices

You have the right to:

Access: Request a copy of your personal information
Correct: Update or correct inaccurate information
Delete: Request deletion of your personal information
Export: Download your CRM data in a portable format
Opt-out: Unsubscribe from marketing communications
Revoke: Disconnect Google or LinkedIn integrations at any time

To exercise these rights, contact us at privacy@letsconnekt.com

Chrome Extension Specific Disclosures

Our Chrome extension:

  • Only accesses LinkedIn pages when you actively use the extension
  • Does not collect or store your LinkedIn login credentials
  • Processes data locally before syncing to your CRM account
  • Can be uninstalled at any time through Chrome's extension management

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it's used

• Right to delete personal information

• Right to opt-out of the sale of personal information (note: we do not sell personal information)

• Right to non-discrimination for exercising privacy rights

European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Legal Basis: We process your data based on contract performance, legitimate interests, and consent
  • Data Protection Officer: Contact privacy@letsconnekt.com for privacy-related inquiries
  • Supervisory Authority: You may file complaints with your local data protection authority

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: