VaultReach← Back to Home

Privacy Policy

Last updated: April 2026

1. Information We Collect

VaultReach ("we," "our," or "us") is a B2B sales outreach platform. When you connect your Google account, we collect your name, email address, and Google OAuth access tokens. These tokens are used solely to authenticate Gmail API calls. We also collect campaign data such as prospect names and message templates authored by you, along with send metadata (timestamps).

2. Gmail Data and Google API Services

VaultReach's use of Google APIs, including the Gmail API (gmail.send scope), is limited to sending emails that you explicitly compose and approve within the VaultReach platform, on your behalf, from your own Gmail account.

We do not read, store, index, scan, share, or sell the contents of your Gmail inbox or any received emails. We do not access your Gmail drafts, labels, contacts, or any data beyond what is required to execute the send action you initiate.

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We use your information to operate the VaultReach platform, send emails on your behalf when you initiate a send action, and display campaign analytics. We do not sell, rent, or share your data with third parties for marketing.

4. Data Protection Mechanisms & Security

We implement comprehensive data protection mechanisms and security practices to safeguard your sensitive data, including Google OAuth tokens and campaign information:

  • Encryption in Transit: All data transmitted between your browser, our servers, and Google APIs is encrypted using industry-standard HTTPS/TLS protocols.
  • Encryption at Rest: Sensitive data, specifically OAuth access and refresh tokens, are stored securely using AES-256 encryption at rest in our database.
  • Strict Access Controls: Access to infrastructure and databases containing sensitive user data is strictly limited to authorized engineering personnel on a need-to-know basis and secured with multi-factor authentication.
  • Organizational Security: We enforce secure coding practices and conduct regular internal security reviews to prevent unauthorized access, disclosure, or modification of your data.
  • Data Isolation: We do not store the content of your received emails. We only retain essential metadata (sender, recipient, timestamp) necessary to provide campaign analytics.

5. User Rights and Google API Revocation

You may revoke VaultReach's access to your Google account at any time by:

  1. Visiting Account Settings → Connected Accounts within VaultReach and clicking "Disconnect Gmail", OR
  2. Visiting https://myaccount.google.com/permissions and removing VaultReach.

Upon revocation, we will delete your stored OAuth tokens within 24 hours. To request full data deletion, email: privacy@vaultreach.ai.

6. Contact

For privacy-related questions or data deletion requests, contact us at privacy@vaultreach.ai.