Privacy Policy

Last updated: June 2026

1. Information We Collect

We collect information you provide directly to us when you create an account, including your name, email address, and any lead data you import into the platform.

When you connect your Google account, we request access to your email address, profile name, and Gmail sending permission (gmail.send) solely to send outreach emails on your behalf within the platform.

2. How We Use Your Information

We use the information we collect exclusively to provide the Service to you:

• To authenticate your identity and manage your account.
• To send outreach emails on your behalf using your connected Gmail account, only when you explicitly trigger a send action.
• To send transactional emails such as email verification and password reset notices.

Google user data is not used for any purpose other than operating the features you directly request. We do not use Google user data to train AI models, serve advertising, build user profiles, or for any analytics beyond what is necessary to deliver the Service to you.

3. Data Storage and Security

We implement the following technical and organisational measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS enforced on all endpoints).
• Encryption at rest: OAuth tokens (including Google refresh tokens) are stored encrypted in our database. The database itself is hosted on an isolated private server with restricted access.
• Access control: Only authorised personnel with a documented business need can access production systems. Credentials are never logged or exposed in error messages.
• Token minimisation: We store only the OAuth token required for gmail.send. We do not store or cache the contents of any emails sent.
• Data isolation: Each user's data is scoped to their account. Multi-tenant queries are enforced at the database query layer to prevent cross-account data access.

We do not sell, rent, or share your personal data or Google user data with third parties.

Administrative access: Authorised Predictive Analytics Lab staff may access account data — including subscription status, connection status, and usage statistics — solely for the purpose of providing customer support, resolving technical issues, and operating the platform. All administrative access is logged and restricted to staff accounts only. Payment card details are never accessible to staff as payments are processed entirely through Paystack's hosted payment pages.

4. Google API Services — Limited Use Disclosure

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the gmail.send scope, which allows us to send emails on your behalf.
• Google user data (including your Gmail address and OAuth token) is used only to send emails you explicitly initiate within the platform.
• We do not read, index, store, or analyse the content of your Gmail inbox.
• We do not transfer Google user data to third parties except as necessary to send the email (i.e., the email is delivered via Google's own Gmail API).
• We do not use Google user data for serving advertisements or for any purpose unrelated to sending your outreach emails.

5. Meta Lead Ads Integration

Organisations that enable the Meta Lead Ads integration on this platform may receive lead data submitted through Facebook and Instagram lead forms. When a user submits a lead form on Meta's platforms, the following information may be transmitted to us via Meta's Webhooks API and stored in the platform:

• Full name
• Email address
• Phone number (if included in the lead form)
• Any other fields the organisation configured in their Meta lead form

This data is collected exclusively for the purpose of enabling the organisation to follow up with prospects who have voluntarily submitted their information through a Meta lead advertisement. We do not use Meta lead data for advertising, AI training, analytics, or any purpose beyond delivering it to the organisation that collected it.

We receive this data through the Meta Marketing API (Webhooks) under the leadgen permission. Our use of Meta platform data complies with Meta's Platform Terms and Meta's Privacy Policy. Lead data received via Meta is not shared with any third party other than the organisation that collected it through their Meta lead form.

If you submitted a Meta lead form and wish to have your data removed, please contact the organisation that ran the advertisement, or reach out to us at info@predictiveanalyticslab.co.ke.

6. Third-Party Services

We use the following third-party services to operate the platform:

• Anthropic — AI-generated email drafts. Only the lead's name, company, and job title are sent; your personal data and Google credentials are never shared.
• Resend — transactional email delivery (verification emails, org invitations). Your Google credentials are not used for this.
• Apollo.io / Apify — lead discovery. Only search filters are sent; no personal account data is shared.
• Meta (Facebook) — lead form data received via the Meta Marketing API Webhooks when organisations enable the Meta Lead Ads integration.

7. Data Retention

We retain your account data for as long as your account is active. You may request full deletion of your account and all associated data at any time from the Settings page. Google OAuth tokens are revoked and deleted immediately upon account deletion or when you disconnect your Google account.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can revoke Google OAuth access at any time from your Google account permissions page — this immediately prevents the platform from sending emails via your Gmail account.

9. Contact

For privacy questions or data requests, contact us at info@predictiveanalyticslab.co.ke.