Privacy Policy for OutBoundHQ

Last updated: 2026-01-29

1. Introduction

Welcome to OutBoundHQ, an AI-powered automated email and social media outreach platform. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

We collect the following types of information:

Campaign data: Email campaigns, social media posts, and outreach content you create or generate using OutBoundHQ
Contact information: Lead data and contact lists you upload or manage through the platform
Usage data: Information about how you use the platform, including campaign activity and interactions
Account information: Basic details required for account creation and management

3. Google API Services and Gmail Data

OutBoundHQ uses Google API Services to provide email management and outreach features. When you connect your Gmail account, we access the following Google user data:

Gmail Messages: We read email messages, including subject lines, sender information, message content, and metadata to provide inbox management and automated response features
Email Send Capability: We send emails on your behalf for outreach campaigns and replies
Email Labels/Status: We modify email labels (such as marking messages as read) to manage your inbox

Data Sharing and Third-Party Services:

Anthropic (Claude AI): We share email content (subject lines and message previews) with Anthropic's AI services to analyze message priority, generate suggested responses, and improve inbox management. This data is transmitted securely via API and is subject to Anthropic's data processing terms.
No Sale of Data: We do not sell your Google user data to third parties or use it for advertising purposes.

Limited Use Disclosure: OutBoundHQ's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve the features you have explicitly authorized, and we do not use this data for any other purpose.

Google User Data Protection

We implement specific protections and policies for Google user data:

Secure Token Storage: Your Google OAuth access and refresh tokens are encrypted and stored using AWS Key Management Service (KMS), which provides enterprise-grade encryption and key management to protect your authentication credentials.
No Message Content Storage: We do not store the content of your Gmail messages on our servers. We only store message IDs, which are used to access your email data in real-time directly from Google's servers when needed to provide our services.
Real-Time Access Only: When you use OutBoundHQ features that require email content (such as inbox management or AI-powered analysis), we fetch the data in real-time from Gmail using the stored message IDs. This ensures we only access what's necessary, when it's necessary.
Limited Access: Access to Google user authentication tokens is restricted to only the specific systems and processes necessary to provide the authorized features. Human access is logged and requires explicit justification.
User Control and Data Deletion: You can revoke OutBoundHQ's access to your Google data at any time through your Google Account settings. You can also request data deletion by contacting us at info@outboundhq.ca, and we will delete all stored Google-related data including OAuth tokens and message IDs.
No Third-Party Sharing: Google user data is never shared with third parties except as explicitly disclosed (e.g., Anthropic for AI processing) and only with the minimum data necessary for the specific feature.
Compliance Monitoring: We maintain ongoing monitoring and compliance checks to ensure all use of Google user data adheres to Google's policies and our privacy commitments.

4. How We Use Your Information

We use the collected information for the following purposes:

To provide and improve OutBoundHQ's email outreach and social media automation services
To enhance user experience and platform performance
To maintain account security and integrity
To communicate important updates and information

5. Data Protection

We take the security of your data seriously and implement multiple layers of protection, especially for sensitive Gmail and Google API data:

Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption. All API calls to Google services use HTTPS.
Encryption at Rest: All user data, including email content, OAuth tokens, and campaign data, is encrypted at rest using AES-256 encryption.
Secure Token Storage: Gmail OAuth access and refresh tokens are encrypted and stored separately from other user data with restricted access controls.
Access Controls: We implement role-based access controls (RBAC) to ensure only authorized systems and personnel can access user data, with the principle of least privilege enforced.
Data Isolation: Each user's data is logically isolated in our database to prevent unauthorized cross-user data access.
Audit Logging: We maintain comprehensive audit logs of all access to Gmail data and other sensitive information for security monitoring and incident response.
Regular Security Assessments: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
Secure Development: Our development process follows secure coding practices and includes security reviews before deployment.

These measures protect against unauthorized access, alteration, disclosure, or destruction of your data, with special emphasis on the protection of Gmail data accessed through Google API Services.

6. Your Rights

You have the right to:

Access the data associated with your account
Request deletion of your account and associated content
Modify your account information and settings
Export your campaigns and contact data

7. Data Deletion

If you wish to request the deletion of your data, please contact us at:

Email: info@outboundhq.ca

Once we receive your request, we will verify your identity and delete the requested data within 30 days, unless legal obligations require us to retain it for a longer period.

8. Data Retention

We retain campaign data, contact information, and associated data for as long as necessary to provide our services or until you request its deletion. You can control the retention period through your account settings.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through our platform.

10. Government and Legal Requests

We are committed to protecting user privacy when responding to lawful requests from public authorities for personal data or information. Our policies and processes include:

Legal Review: We require review of the legality of all requests from public authorities before responding. Each request is examined to ensure it complies with applicable laws and has proper legal authorization (such as a valid warrant, subpoena, or court order).
Challenge Provisions: We maintain provisions for challenging requests if they are considered unlawful, overly broad, or improper. We will seek legal counsel and take appropriate legal action when necessary to protect user privacy.
Data Minimization: We implement a strict data minimization policy, ensuring we disclose only the minimum information necessary to satisfy the legal requirement. We do not provide blanket access to user databases or unrelated information.
Documentation: We maintain detailed documentation of all requests from public authorities, including the nature of the request, our responses, the legal reasoning involved, and the specific actors and authorities involved in the process.

These policies ensure we balance our legal obligations with our commitment to protecting user privacy and maintaining transparency in our data handling practices.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

OutBoundHQ
Email: info@outboundhq.ca