Privacy Policy for HyeGro CRM

When you connect your email account through OAuth authentication, we adhere to the following principles:

• Limited Data Storage: We only store your email address and encrypted access tokens. The access tokens are encrypted using a private key that is rotated quarterly for enhanced security.
• No Email Content Storage: We do not permanently store any email content or attachments. Email data is accessed directly from the provider's servers only when you use the related features.
• No AI Training: We do not use any data obtained through Google Workspace APIs, Microsoft Graph APIs, or any other email integration to develop, improve, or train generalized AI and/or ML models.
• User-Only Access: Email data is only accessible to you, the authenticated user. No other users, including administrators, can access your email data.

The HyeGro mobile application (Android & iOS) requests location permissions to enable field sales tracking and management features. Below is how we handle your location data:

• Purpose of Collection: Location data is collected to enable Activity check-ins, field team tracking, route optimization, and location-stamped reporting for sales activities. This helps organizations monitor field operations and improve sales team productivity.
• When Location is Collected: Location data is collected when you actively use the mobile app for check-ins, logging activities, or when location tracking is enabled by your organization for field sales management purposes.
• Data Transmission: Your location data is securely transmitted to the HyeGro platform using encrypted connections (HTTPS/TLS). This data is associated with your user account and the relevant Activity or check-in record.
• Organizational Access: Location data collected through the mobile app is accessible to authorized users within your organization (such as managers and administrators) for field sales reporting and team management purposes.
• User Control: You can manage location permissions through your device settings at any time. Disabling location access may limit certain field sales features that require geolocation data.
• No Third-Party Sharing: We do not sell, rent, or share your location data with third parties for advertising or marketing purposes. Location data is used solely for the field sales management features described above.

We do not share, sell, rent, or trade your personal information with third parties for their commercial purposes.

We may share your information only in the following limited circumstances:

• Service Providers: With trusted service providers who help us operate our business (e.g., cloud hosting providers) under strict confidentiality agreements.
• Legal Requirements: When required by law, such as to comply with a subpoena or similar legal process.
• Protection: When necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Google User Data: We do not share Google user data with any third parties except for the limited purposes described above and in compliance with Google API Services User Data Policy.

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Information: Retained as long as your account is active or as needed to provide you services.
• Email Integration Data: Access tokens are retained only while your account is active and the integration is enabled. They are immediately deleted when you revoke access or close your account.
• Google User Data: We retain Google user data only for as long as necessary to fulfill the limited purposes for which it was collected. You can revoke access at any time through your Google account settings or by contacting us.
• Location Data: Location data collected through the mobile app is retained as part of your Activity and check-in records for as long as your account is active. When you delete your account, all associated location data is deleted within 30 days.

Account Deletion: When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legitimate business or legal purposes.