Privacy Policy
ProfReach AI ("we", "our", or "us") is an academic outreach platform that helps researchers and students discover professors worldwide and send personalised outreach emails. This Privacy Policy explains what data we collect, how we use it, and your rights — including how we handle Google user data obtained through OAuth.
Google OAuth summary: We only request the gmail.send scope. We use it exclusively to send emails you compose and explicitly approve inside ProfReach AI. We never read your inbox, access your contacts, or use any Google data for advertising or AI model training.
Google API Services — Limited Use Compliance
✅ Limited Use Compliance Statement
ProfReach AI's use and transfer of information received from Google APIs to any other app will adhere to the
Google API Services User Data Policy
,
including the Limited Use requirements.
Specifically, ProfReach AI affirms the following with respect to Google user data:
- Google user data is used only to provide or improve the user-facing features of ProfReach AI (sending outreach emails the user composes and approves).
- Google user data is never used for serving advertisements or for any advertising-related purpose.
- Google user data is never transferred to third parties except as necessary to provide or improve the app's user-facing features, comply with applicable law, or as part of a merger/acquisition (with prior notice to users).
- Google user data is never used to develop, improve, or train generalised AI or machine learning models — including large language models.
- Raw or derived Google user data is never sold, rented, or shared for any purpose unrelated to the direct operation of ProfReach AI.
- Humans at ProfReach AI do not read Google user data unless the user explicitly requests support, it is necessary for security purposes, or required by law.
1. Information We Collect
1a. Account Information
- Name, email address, and hashed password when you register.
- Phone number (optional, used only for premium plan SMS notifications).
1b. Academic Profile
- Your position, institution, research bio, and skills — entered voluntarily to personalise outreach emails.
1c. Uploaded Documents
- Files you upload (CV, transcripts, SOP, etc.) to attach to outreach emails. These are stored securely and accessible only by you.
1d. Google User Data (Gmail OAuth)
- What we access: When you connect your Gmail account via Google OAuth, we receive an OAuth access token and refresh token. These tokens grant us the ability to send emails from your Gmail address.
- Scope requested:
https://www.googleapis.com/auth/gmail.send only.
- What we do NOT access: We do not read, store, scan, index, or process any of your existing Gmail messages, inbox, drafts, labels, contacts, calendar, or any other Google account data beyond what is strictly required to send a single email at your explicit request.
- Token storage: OAuth tokens are stored in our database, encrypted at rest. They are used solely to send emails you compose and approve inside ProfReach AI. Tokens are never shared with third parties.
1e. Usage Data
- Search queries you submit (research keywords, regions).
- Email generation and send history — stored so you can track your outreach.
- Premium subscription and payment records (transaction IDs, plan type, dates). We do not store full card numbers.
2. How We Use Your Information
- To create and manage your account and authenticate you.
- To generate personalised academic outreach emails using AI, based solely on the academic profile text you provide.
- To send emails only when you explicitly click "Send via Gmail" — we never send emails automatically, in bulk, or without your direct action per email.
- The Agentic Outreach feature may draft and queue emails automatically, but they are placed in a Review Queue first. No email is ever sent without your explicit approval.
- To store your outreach history so you can track sent emails and avoid contacting the same professor twice.
- To process premium plan payments and send SMS/email notifications about your subscription status.
- To run background professor discovery jobs on schedules you configure (Agentic mode).
3. Google User Data — Detailed Disclosure
This section specifically addresses Google's requirement for disclosure of how we interact with Google user data.
Data Accessed
- OAuth access token and refresh token for your Gmail account.
- Your Gmail email address (used as the "From" address when sending emails).
- No other Google user data is accessed, requested, or processed.
Data Usage
- The Gmail OAuth token is used exclusively to call the Gmail API's
users.messages.send method to send a single email composed by you inside ProfReach AI.
- The token is not used to read messages, access contacts, modify labels, or perform any action other than sending.
- Your Gmail address is displayed in the app interface so you know which account is connected.
Data Sharing
- Google user data (OAuth tokens, email address) is never shared with, sold to, or transferred to any third party.
- Google user data is never used for advertising, remarketing, or profiling.
- Google user data is never used to train AI or machine learning models.
- Google user data is never transferred to or processed by any system outside of ProfReach AI's direct operation of the Gmail send function.
Revoking Gmail Access
You can revoke ProfReach AI's access to your Gmail account at any time by visiting myaccount.google.com/permissions and removing ProfReach AI. You can also disconnect Gmail from within the ProfReach AI app. After revocation, we delete your stored OAuth tokens.
4. Data Storage & Security
- All data is stored on secured servers (cPanel shared hosting, SSL/TLS encrypted in transit).
- Passwords are hashed using bcrypt and never stored in plain text.
- OAuth tokens are encrypted at rest and stored in a protected database accessible only by our application.
- Uploaded documents are stored in a non-public directory accessible only through authenticated requests.
- We apply session hardening (HTTP-only cookies, strict mode) to protect authenticated sessions.
5. Data Retention
- Account data is retained for as long as your account is active.
- OAuth tokens are deleted immediately when you disconnect Gmail or delete your account.
- You may request deletion of all your data at any time by emailing us at mamannan4975@gmail.com. We will action deletion within 30 days.
- Uploaded documents can be individually deleted from within the app at any time.
6. Third-Party Services We Use
- Google Gmail API (Google API Terms) — Used solely to send emails you compose. Subject to Google API Services User Data Policy.
- Tavily Search API — Used to search the public web for professor profiles based on your research keywords. No personal data is sent to Tavily.
- Groq / LLM API — Used to generate email drafts. Only the professor's publicly available research information and your academic profile text (bio, skills, position) are sent. No Gmail data, OAuth tokens, or account credentials are ever sent to LLM providers.
- GreenWeb BD SMS — Used to send premium plan notification SMS messages to your phone number (if provided). No other data is shared.
7. Cookies & Sessions
We use a single HTTP-only session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics. We do not use cookies for any purpose other than authentication.
8. Children's Privacy
ProfReach AI is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Your Rights
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may correct inaccurate data from within the app or by contacting us.
- Deletion: You may request deletion of all your personal data at any time.
- Portability: You may request an export of your data in a machine-readable format.
- Revoke Google access: Via Google Account permissions at any time.
10. Changes to This Policy
We may update this policy occasionally. Any material changes will be posted on this page with an updated date. Continued use of ProfReach AI after changes constitutes acceptance of the updated policy. For significant changes affecting how we handle Google user data, we will notify you via email.
11. Contact
For any questions about this Privacy Policy or to exercise your data rights, contact us at:
Email: mamannan4975@gmail.com
Website: https://profreach.ebaubrcc.com