Privacy Policy

Last Updated: July 2025

At Lucrum Industries, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information, including data accessed through Google services, when you use our CRM platform. The CRM is hosted on a private VPN and accessible only to authorized clients who connect via VPN. Users can integrate their Google accounts via OAuth to enable features like email sending/receiving, calendar synchronization, and contact management.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on this page, updating the "Last Updated" date, and, where appropriate, sending an email notification or displaying a notice in the app. Your continued use of the CRM after such changes constitutes your acceptance of the updated policy.

1. Information We Collect

We collect information you provide directly to us and through Google integrations.

Information You Provide Directly:

• When you create an account, sign in with email credentials, update your profile, upload profile pictures, or interact with the CRM features.
• Data from completing tasks or modules within the CRM (if applicable to your client setup).

Google User Data Collected via OAuth Integration:

• Email Data (via Gmail API scopes like /auth/gmail.send, /auth/gmail.compose, /auth/gmail.readonly): Your email address, email messages, drafts, and settings to enable viewing, composing, and sending emails within the CRM.
• Calendar Data (via Google Calendar API scopes like /auth/calendar, /auth/calendar.readonly): Your calendar events, including details like dates, times, descriptions, and attendees, to synchronize and display them in the CRM.
• Contacts Data (via People API scopes like /auth/contacts, /auth/contacts.readonly): Your contacts' names, email addresses, phone numbers, and other details to import and manage them within the CRM.
• Basic profile information from Google OAuth, such as your name and email address, to authenticate and personalize your experience.

We only collect this data with your explicit consent during the OAuth authorization process. We do not collect sensitive information beyond what's necessary for the integration, and we do not access data from other Google services unless explicitly integrated.

2. How We Use Your Information

We use your information, including Google user data, solely to provide, maintain, and improve the CRM's functionality. Specifically:

• To authenticate users and manage accounts via Google OAuth.
• To enable email features: viewing, composing, and sending emails on your behalf through your connected Google account.
• To synchronize and display your Google Calendar events within the CRM for scheduling and productivity.
• To import, view, and manage your Google contacts in the CRM for client relationship management.
• To track user progress, communicate updates, and ensure platform security.
• To analyze usage patterns (anonymized where possible) to improve the CRM's performance and user experience.

We limit our use of Google user data to providing or improving user-facing features in the CRM. We do not use this data for:

• Targeted, personalized, retargeted, or interest-based advertising.
• Selling to third parties or data brokers.
• Determining credit-worthiness, lending, or any financial assessments.
• Creating databases for resale or sharing with information resellers.
• Training AI models or any automated decision-making beyond app functionality.
• Any other purposes prohibited by Google's policies.

All uses are restricted to what's necessary for the CRM's core CRM features in a secure, private VPN environment.

3. Information Sharing, Transfer, or Disclosure

We do not sell, rent, or trade your personal information, including Google user data, to third parties. We may share your information only in the following limited circumstances:

• With Service Providers: We share data with trusted third-party service providers who assist in operating the CRM (e.g., hosting providers, security tools). These providers are contractually obligated to use the data only for providing services to us and to maintain confidentiality. For Google user data, this may include processors that help with data synchronization, but only to the extent necessary for app functionality.
• With Third-Party Authentication Providers: When you connect via Google OAuth, we share minimal authentication data back to Google as required by their APIs.
• For Legal Reasons: We may disclose information, including Google user data, if required by law, to comply with legal processes (e.g., subpoenas), or to protect our rights, safety, or property, or that of our users.
• In Business Transfers: If our company is involved in a merger, acquisition, or asset sale, your information may be transferred, but we will notify you and ensure continued protection.

We do not transfer Google user data to third parties for advertising, data brokering, or any prohibited purposes. All transfers are limited to providing or improving the CRM and comply with applicable data protection laws.

4. Data Security

We prioritize the security of your personal information, including sensitive Google user data (e.g., emails, contacts, calendars). Our measures include:

• Encryption of data in transit (using HTTPS/TLS) and at rest.
• Secure OAuth authentication and token management to prevent unauthorized access.
• Regular security audits, vulnerability assessments, and penetration testing.
• Access controls, including role-based permissions and monitoring.
• Firewalls, intrusion detection systems, and other industry-standard protections.

Despite these measures, no system is completely secure. We commit to notifying you promptly in case of a data breach affecting your information, as required by law.

5. Data Retention and Deletion

We retain your personal information, including Google user data, only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specifically:

• Account and profile data is retained while your account is active and for up to 30 days after deletion to allow for recovery.
• Google-synchronized data (emails, calendars, contacts) is stored for the duration of your active integration and deleted upon disconnection or account deletion.
• We retain anonymized usage data for analytics indefinitely, but it cannot be linked back to you.

You can request deletion of your data at any time (see "Your Rights" below). When the retention period expires or upon your request, we securely delete or anonymize the data. Deleted data may persist in backups for up to 90 days for disaster recovery but is not accessible for normal use.

6. Your Rights

You have control over your personal information. You can:

• Access, update, or correct your data via your CRM account settings.
• Disconnect your Google integration at any time, which stops further data access and synchronization.
• Request deletion of your account and associated data (including Google user data) by contacting us—we will process this within 30 days.
• Opt out of non-essential communications.
• Export your data in a portable format.

To exercise these rights, contact us at privacy@lucrumindustries.com. We may verify your identity before processing requests.

7. Hosted in The United States of America

The CRM is hosted on servers in the United States.

8. Children's Privacy

The CRM is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from children.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

privacy@lucrumindustries.com