Privacy

Privacy notice

This notice explains what Dealbeam AI processes when teams use the web app or Gmail Add-on to generate CRM previews for Pipedrive.

Controller and contact

Dealbeam AI is the controller for account, workspace, settings, license, integration, and product security data. For privacy requests, contact privacy@dealbeamai.com.

Personal data we process

  • Google sign-in profile data: email address, name, picture URL, and Google account ID.
  • Workspace data: organization name, Google domain, settings, license status, and integration state.
  • Authentication data: hashed session tokens and short-lived OAuth state cookies.
  • Gmail preview inputs: message participants, subject, and message text submitted for a requested preview.
  • CRM integration data: encrypted Pipedrive refresh tokens, connection metadata, CRM schema metadata, and confirmed write result IDs.
  • Operational metadata: audit events, counts, source labels, timestamps, and hashes. Raw email bodies are not stored in audit logs.

Why we process data

  • To authenticate users and keep sessions secure.
  • To generate requested CRM previews and follow-up drafts.
  • To apply workspace settings and license controls.
  • To connect to Pipedrive when a workspace admin authorizes it.
  • To maintain audit, security, reliability, and abuse-prevention records.

Legal bases

We rely on contract necessity to provide requested product features, legitimate interests for security and operational logs, consent where a user authorizes OAuth access or optional integrations, and legal obligation where retention or disclosure is required by law.

Processors and transfers

Dealbeam may use infrastructure and product processors including Vercel, Supabase, Google, Gemini, and Pipedrive. Data may be processed outside the EEA depending on the processor and workspace configuration. Where required, Dealbeam relies on appropriate contractual safeguards such as data processing terms and transfer mechanisms offered by those providers.

Retention

Email message content is processed to generate the requested preview and is not stored by default. Account, workspace, license, integration, CRM schema, cache handle, and audit metadata are kept while the workspace uses Dealbeam or as needed for security, legal, and operational purposes. OAuth state cookies expire within minutes, and session cookies expire after 30 days unless the user signs out sooner.

Your choices

Workspace admins can update insight settings, disconnect Pipedrive, and sign out to remove the browser session cookie. You can exercise privacy rights from the GDPR rights page.

Automated decisions

Dealbeam generates CRM preview suggestions for human review. It does not make solely automated legal or similarly significant decisions about individuals.