1. Introduction

Anablock Inc. (“we,” “our,” or “us”) operates Anablock CRM at crm.anablock.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

2.1. Account Information

When you create an account, we collect your name, email address, and authentication credentials managed via Clerk.

2.2. CRM Data

We store contact records, pipeline data, notes, tasks, and activity logs that you create within the Service.

2.3. Google Account Data

If you connect your Google account to enable Gmail integration, we access and store the following Google user data:

• Gmail messages — to send, read, and manage emails on your behalf within the CRM
• Gmail profile — your Gmail address, used to identify your connected account
• Google Contacts — to sync your contacts into the CRM and keep them up to date
• Google user profile — your name and email, used to personalize the Service

We store a Google OAuth refresh token to maintain persistent access to the above data on your behalf. You can revoke this access at any time from your Google Account security settings or by disconnecting Gmail within Anablock CRM.

2.4. Usage Data

We collect analytics data about how you interact with the Service, including page views, feature usage, and error events, to improve the product.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Send and receive emails on your behalf via your connected Gmail account
• Sync and manage your Google Contacts within the CRM
• Power AI-assisted features such as email generation and contact enrichment
• Communicate with you about your account, updates, and support
• Detect, prevent, and address technical issues and security threats

4. Google API Limited Use Disclosure

Anablock CRM's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google user data to provide and improve features directly visible to and requested by the user within Anablock CRM.
• We do not use Google user data to serve advertisements.
• We do not allow humans to read your Gmail data unless you have explicitly given us permission to do so, or it is necessary for security, legal compliance, or to fix a bug that affects you.
• We do not sell, transfer, or share Google user data with third parties except as necessary to provide the Service (e.g., our AI inference provider), or as required by law.
• We do not use Google user data for purposes unrelated to the features you have activated.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Neon (a serverless Postgres platform). Google OAuth refresh tokens are stored encrypted at rest. We implement industry-standard security measures including TLS encryption in transit and access controls.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

• Service providers — hosting (Vercel), database (Neon), authentication (Clerk), payments (Stripe), AI inference (Anthropic) — solely to operate the Service
• Legal authorities — when required by law, court order, or to protect our rights

7. Your Rights and Controls

• Access and export — you may request a copy of your data by contacting us
• Deletion — you may request deletion of your account and associated data
• Disconnect Google — you may disconnect your Gmail account at any time from the Integrations page; this revokes our access to your Google data
• Revoke Google access — you may also revoke access directly at myaccount.google.com/permissions

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, data deletion requests, or to exercise your rights, contact us at: