GullStack, Inc. ("GullStack", "we", "us") operates SuperTool (mysupertool.app), a business management platform. This Privacy Policy explains how we collect, use, store, and protect your information.
1. Information We Collect
We collect the following categories of information:
- Account information: Name, email address, and profile photo provided via Google OAuth sign-in.
- Business data: Contacts, customers, appointments, invoices, messages, and other data you enter into the platform.
- Google API data: When you connect your Google account, we access data from Gmail, Google Calendar, and Google Business Profile based on the permissions you grant. See Section 5 for details.
- Usage data: Browser type, pages visited, and feature usage to improve our services.
2. How We Use Your Data
Your data is used to:
- Provide and operate the SuperTool platform and its features.
- Display your Gmail inbox and send emails on your behalf (with your authorization).
- Sync and display your Google Calendar events and manage appointments.
- Import business information from your Google Business Profile.
- Improve the platform based on usage patterns.
We do not sell your personal information to third parties. We do not use your data for advertising purposes.
3. Data Storage & Security
Your data is stored on secure, encrypted servers hosted by Railway (backend) and Vercel (frontend). We use industry-standard security measures including:
- TLS/SSL encryption for all data in transit.
- Encrypted database connections.
- HttpOnly session cookies for authentication.
- OAuth 2.0 token encryption at rest using AES-256 encryption.
- Secure, HttpOnly cookies that are not accessible to client-side scripts.
4. Data Sharing
We share your data only in the following circumstances:
- Service providers: Infrastructure providers (Vercel, Railway, Stripe) that help us operate the platform, under strict data processing agreements.
- Your direction: When you explicitly choose to send an email, share a booking link, or connect a third-party service.
- Legal requirements: If required by law, subpoena, or court order.
5. Google API Services — Limited Use Disclosure
SuperTool's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, SuperTool accesses the following Google API scopes:
- gmail.readonly: To display your inbox messages within SuperTool so you can view customer emails alongside your CRM data.
- gmail.send: To send and reply to emails directly from SuperTool on your behalf, keeping all customer communication in one place.
- calendar (read/write): To sync your Google Calendar events with SuperTool's scheduling system, so appointments appear in both places.
- calendar.events: To create, update, and manage calendar events when appointments are booked through SuperTool.
We do not:
- Use Google API data for advertising or marketing purposes.
- Transfer Google API data to third parties (except as needed to provide the service).
- Use Google API data to train machine learning or AI models.
- Store Google API data beyond what is necessary to provide the requested features.
SuperTool's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
6. Data Retention & Deletion
You may request deletion of your account and all associated data at any time by contacting us. Upon deletion, all personal data including stored OAuth tokens are permanently removed within 30 days.
7. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Revoke Google API access at any time through your Google Account permissions.
- Export your data upon request.
8. Contact
For privacy-related questions or data requests, contact us at: josh@gullstack.com
GullStack, Inc.
Boise, Idaho, USA