Legal · Effective May 17, 2026
Privacy Policy
CaptivaHQ (“CaptivaHQ”, “we”, “us”) is an Enterprise Operating System operated by United Technology Services LLC (“UTS”). This policy describes how we handle information while CaptivaHQ is in beta. Because the product is still evolving, this policy will evolve with it; we will post changes here and update the effective date above.
1. Beta status
CaptivaHQ is offered as a beta service. Features, data models, and the information we collect may change without notice. Do not use the beta to store data you cannot afford to lose, re-create, or expose to occasional bugs.
2. Information we collect
- Account information. Name, work email address, organization name, and any authentication identifiers you provide when requesting or accepting beta access.
- Content you put into the product. Records you create or import — contacts, accounts, opportunities, projects, invoices, documents, and the like.
- Usage telemetry. Pages visited inside the product, feature use, performance metrics, and error reports. We use this to fix bugs and decide what to build next.
- Device and log data. IP address, browser, operating system, and standard server logs.
3. Google Workspace integration — how we handle Google user data
If you choose to connect your Google account to CaptivaHQ (for example, to bring your Gmail conversations and Google Calendar into the CRM), we request access to specific Google API scopes on your behalf. CaptivaHQ's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements that apply to Gmail and Calendar data.
What we request from Google, and why:
| OAuth scope | Sensitivity | How CaptivaHQ uses the data |
|---|---|---|
https://www.googleapis.com/auth/gmail.readonly | Restricted | Read messages and metadata from your Gmail mailbox so CaptivaHQ can show the email conversations tied to a contact, account, or opportunity in your CRM. |
https://www.googleapis.com/auth/gmail.send | Restricted | Send email from your Gmail address when you compose, reply, or schedule an outbound message from inside CaptivaHQ. We only send messages that you explicitly trigger. |
https://www.googleapis.com/auth/calendar | Sensitive | Read and write your Google Calendars so CaptivaHQ can show your availability and create CRM-linked meetings. |
https://www.googleapis.com/auth/calendar.events | Sensitive | Create, update, and remove calendar events that you schedule from inside CaptivaHQ (for example, a meeting booked from an opportunity record). |
https://www.googleapis.com/auth/userinfo.email | Basic | Read the email address of the Google account being connected so we can label the connection in CaptivaHQ and route data back to the correct user. |
How we protect Google user data. Gmail messages, calendar events, and the OAuth refresh tokens that let us reach the Google APIs are transmitted over TLS and encrypted at rest using AES‑256. Tokens and message bodies are accessible only to the CaptivaHQ services that need them to render your CRM. Access by CaptivaHQ personnel is least‑privilege, audit‑logged, and limited to (a) responding to a support request you have filed, (b) investigating a suspected security incident, or (c) satisfying a legal obligation.
How we share Google user data. We do not sell or rent Gmail or Calendar data. We share it only with the infrastructure sub-processors that host and operate CaptivaHQ on our behalf (our cloud database provider, our hosting provider, and the LLM provider that powers AI features inside the product) under written agreements that require equivalent protection and that forbid those providers from using your data for their own purposes. We never transfer Google user data to data brokers, advertising networks, or any third party for that third party's own use.
How we retain and delete Google user data. We retain copies of the Gmail messages and calendar events we sync only while your Google integration is connected and your CaptivaHQ account is active. You can disconnect the Google integration from Settings → Integrations inside the product at any time; doing so revokes our access immediately and deletes the synced Gmail and Calendar data from your CaptivaHQ tenant within 30 days. You can also request deletion at any time by emailing [email protected], and you can revoke CaptivaHQ's access directly from your Google Account permissions page. Retention beyond 30 days only occurs where required by law or to resolve an active security incident; backup copies expire on our standard backup-retention cycle.
Limited Use — what we will never do with Gmail, Calendar, or other Google user data. We do not:
- Sell or rent Google user data to anyone.
- Use Google user data for targeted advertising or to serve ads.
- Use Google user data to train, fine‑tune, or evaluate any generative AI or machine‑learning model, ours or a third party's, including the LLM provider that powers AI features inside CaptivaHQ.
- Allow humans to read Gmail or Calendar data, except (i) with your explicit consent for a specific message or event, (ii) where necessary for security purposes such as investigating abuse, (iii) to comply with applicable law, or (iv) for internal operations where the data has been aggregated and anonymized.
- Use Google user data for credit scoring, employment decisions, or any other purpose unrelated to delivering the CaptivaHQ features you signed up for.
4. How we use information
- Provide, operate, secure, and improve the beta service.
- Authenticate you and prevent abuse of the platform.
- Respond to your support requests and beta feedback.
- Send service-related and beta-program communications. We do not sell your data.
5. AI features
CaptivaHQ is AI-first. Content you provide may be sent to large-language-model providers we contract with to power features such as drafting, summarization, search, and extraction. We do not use your business content, and we do not use Google user data, to train third-party foundation models. We configure our providers to retain prompts and outputs only for the period required to deliver the response and provide abuse monitoring.
6. Where data is stored
Customer data is stored within a regional “cell” selected for your account. EU customers' data is hosted in the European Union. US customers' data is hosted in the region indicated for the US cell at sign-up. We never copy customer data between regional cells.
7. Sharing
We share information only with vendors who help us run the service (hosting, email delivery, LLM inference, error tracking) under written agreements that require them to protect it. We may disclose information if required by law or to protect the safety or rights of users.
8. Retention & deletion
You can request deletion of your beta account and associated tenant data at any time by emailing [email protected]. We will delete tenant data within a reasonable period, subject to backup-retention windows and any legal hold obligations. For deletion of Google-provided account data specifically, see Section 3 above.
9. Security
We use industry-standard administrative, technical, and physical safeguards, including encryption in transit, encryption at rest, audit logging, and least-privilege access controls. No system is perfectly secure, especially in beta — please report suspected vulnerabilities to [email protected].
10. Children
CaptivaHQ is a business tool not directed to children under 16. We do not knowingly collect personal information from children.
11. Your rights
Depending on where you live, you may have rights to access, correct, port, or delete your personal information. Contact [email protected] and we will respond within the period required by applicable law.
12. Contact
United Technology Services LLC
Attn: Privacy
[email protected]