CollabSafe
Back to Home

Privacy Policy

Last updated: June 6, 2026

Google API Services, Limited Use Disclosure

CollabSafe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide and improve the user-facing Gmail-sending feature inside CollabSafe and for no other purpose. We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models, for advertising, for analytics, or to enhance any other product or feature.

1. Information We Collect

When you use CollabSafe, we collect the following information:

  • Account information: Name, email address, and social media handles you provide during signup.
  • Agreement data: Brand names, creator details, payment amounts, deliverables, and other information you enter when creating agreements.
  • Usage data: Pages visited, features used, and general interaction patterns to improve our service.
  • Connected Gmail / Google account data (only if you connect Gmail): your Google account email address, Google user ID (sub), OAuth access token, refresh token, token expiry, and granted scopes. We request only the minimum scopes required: openid, email, profile, and https://www.googleapis.com/auth/gmail.send.
  • SMTP credentials (only if you connect a custom SMTP server): SMTP host, port, username, and password, used solely to send your reminder and follow-up emails on your behalf.

2. Gmail OAuth, Email Automation & Google API Services

Summary: CollabSafe uses the Google Gmail API solely for sending emails on behalf of authenticated users. We do not read, access, store, or modify users' inbox data. The Gmail permission requested is limited to: https://www.googleapis.com/auth/gmail.send.

CollabSafe lets you connect your Gmail or Google Workspace account so that reminder, follow-up, and notification emails (for example: brand task reminders, invoice payment reminders, agreement signing reminders) are sent from your own inbox instead of from CollabSafe's shared sender. This makes deliverability better and keeps the conversation in your sent folder.

Scopes we request

  • openid, email, profile, to identify the connected Google account and display it in your settings.
  • https://www.googleapis.com/auth/gmail.send, to send emails on your behalf when you trigger a reminder or follow-up inside CollabSafe.

We do not request, read, list, search, modify, or delete any messages, threads, drafts, labels, settings, or contacts in your Gmail account. We have no read access to your inbox. Each email we send is one you explicitly initiated from within CollabSafe (manually or via reminder schedules you configured).

How will the scopes be used?

CollabSafe uses Google Sign-In (openid, profile, and email scopes) to authenticate users and associate their accounts with the application.

The Gmail Send scope (https://www.googleapis.com/auth/gmail.send) is used solely to send reminder and follow-up emails on behalf of users through their own Gmail accounts. Users explicitly initiate or configure these emails within the application.

CollabSafe does not read, modify, delete, analyze, sell, share, or use Gmail data for advertising, marketing, profiling, analytics, or AI model training. Email data is used only to provide the core email sending functionality requested by the user.

Less permissive scopes are not sufficient because the application must send emails directly from the user's Gmail account while preserving the user's identity as the sender.

Google User Data

CollabSafe accesses Google user data only to provide the application's core functionality.

Google account information (email address and profile information) is used solely for user authentication and account management.

Gmail data accessed through the Gmail API is used exclusively to send emails on behalf of users. CollabSafe does not read inbox contents, use Gmail data for advertising, marketing, profiling, analytics, or train artificial intelligence models using Google user data.

CollabSafe does not sell, transfer, or share Google user data with third parties except where required to provide the application's functionality or comply with applicable law.

CollabSafe's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use compliance

CollabSafe's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained through Google APIs is:

  • used only to provide the user-facing email-sending feature you enabled;
  • never used to serve advertising;
  • never sold or transferred to third parties for purposes unrelated to the feature;
  • never used to train generalized AI / ML models;
  • never accessed by humans except (a) with your explicit consent, (b) for security or abuse investigations, or (c) when required by law.

3. Token Storage & Security

  • OAuth access tokens, refresh tokens, and SMTP credentials are stored encrypted at rest in our managed database (Lovable Cloud, powered by Supabase) in a row scoped to your user account.
  • Row-Level Security policies ensure no other user can read your tokens. Tokens are decrypted only inside server-side functions that send email on your behalf.
  • Tokens are transmitted only over TLS / HTTPS.
  • Refresh tokens are used solely to renew an expired access token so reminders you scheduled continue to work.
  • If a token becomes invalid (for example, you revoke access in your Google account), we mark the connection as disconnected and prompt you to reconnect.

4. How We Use Your Information

We use the information described above strictly to provide and improve the CollabSafe app's core functionality. Specifically, we use it to:

  • Provide, operate, and maintain the CollabSafe service.
  • Generate, store, and deliver your brand deal agreements, invoices, media kits, and related documents you create in the app.
  • Send the reminder, follow-up, and notification emails that you configure inside the app (via your connected Gmail account, your custom SMTP server, or CollabSafe's default sender if you have not connected one).
  • Authenticate you, secure your account, and send essential service-related communications (login, billing, security).
  • Diagnose, fix, and improve the in-app features you use (for example, fixing a failed send, debugging a template rendering issue).

Specific use of Google user data

Data obtained from Google APIs (your Google account email, Google user ID, OAuth tokens, and the act of sending email via gmail.send) is used solely to provide and improve the user-facing Gmail-sending feature that you explicitly enabled inside CollabSafe. We do not use Google user data for any purpose other than providing or improving this app feature. Specifically, Google user data is:

  • Not used for advertising, marketing, profiling, retargeting, or behavioural analytics of any kind.
  • Not sold, rented, licensed, or transferred to any third party, data broker, or information reseller.
  • Not used to develop, improve, train, fine-tune, or evaluate generalized or non-personalized AI / ML models.
  • Not used to build, improve, personalise, or operate any other CollabSafe feature, product, template, or recommendation, only the Gmail-sending feature itself.
  • Not used for general product analytics, aggregated reporting, market research, or business intelligence.
  • Not read or accessed by any human at CollabSafe, except (a) with your explicit consent, (b) when strictly necessary for security or abuse investigations, or (c) when required by law.

CollabSafe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Storage & Security

Your data is stored securely using industry-standard encryption (TLS in transit, encryption at rest) on Lovable Cloud (powered by Supabase). Row-Level Security policies ensure each user can only access their own data. Only you can access your agreements, we do not share your data with brands or third parties except as described below.

6. Third-Party Integrations & Sub-processors

We rely on a small number of carefully chosen sub-processors to operate CollabSafe. These providers process data only on our instructions and under contractual confidentiality:

  • Lovable Cloud / Supabase, database, authentication, file storage, and serverless functions.
  • Google (Gmail API), only when you connect your Gmail account, used to send emails on your behalf via the gmail.send scope.
  • Brevo, default transactional email delivery when you have not connected your own Gmail/SMTP.
  • Razorpay, payment processing for paid plans.
  • Cloudflare, DNS, CDN, and edge network.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes. We may disclose data only when required by law or legal process.

7. Data Deletion & Your Rights

You are in full control of the data CollabSafe stores on your behalf. You may at any time:

  • Disconnect your Gmail account, go to Settings → Connected Accounts and click Disconnect. We will (a) call Google's token revocation endpoint (https://oauth2.googleapis.com/revoke) to invalidate the refresh and access tokens, and (b) delete the stored tokens, scopes, and Google account identifiers from our database. After disconnection, CollabSafe can no longer send email from your Gmail account.
  • Disconnect a custom SMTP server, same screen, Disconnect button. SMTP credentials are deleted from our database immediately.
  • Revoke access from Google directly, visit myaccount.google.com/permissions and remove "CollabSafe". Our stored tokens will become invalid on next use and the connection will be marked disconnected.
  • Delete an individual agreement, invoice, or document, from the dashboard, open the item and choose Delete.
  • Delete your entire account and all associated data, email contact@collabsafe.in from the address on your account, or write to the postal address below. We will permanently delete your profile, agreements, invoices, documents, OAuth tokens, SMTP credentials, sender logs, and any other personal data within 30 days of a verified request, except where retention is required by law (for example, GST/tax records for paid invoices). Backups are purged on their normal rotation cycle (no later than 60 days).
  • Access, export, or correct your data, write to the same address and we will respond within 30 days.

Data obtained via the Gmail API is subject to the same deletion guarantees and is removed immediately when you disconnect, when you delete your account, or when Google revokes our access.

8. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use tracking or advertising cookies.

9. Children

CollabSafe is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification.

11. Instagram Data Usage

When users connect their Instagram account to CollabSafe (a product of GA Ventures), we may collect and process certain account information through Meta's APIs, including:

  • Instagram username
  • Instagram account ID
  • Follower count
  • Profile information
  • Content performance metrics
  • Engagement statistics
  • Reach and impression data
  • Audience insights (where available)

This information is used solely to:

  • Generate creator analytics and reports
  • Create media kits and performance summaries
  • Match creators with potential brand opportunities
  • Provide performance tracking and benchmarking

CollabSafe does not sell, rent, or share Instagram account data with third parties without user consent.

Users may disconnect their Instagram account at any time from Settings → Connected Accounts, after which no new data will be collected.

12. Contact Us

CollabSafe is a product of GA Ventures. If you have any questions about this Privacy Policy, please contact us:

Founded by Gulzar Ahmed