iConnect← Home

Privacy Policy

Last updated: May 21, 2026

This Privacy Policy describes how iConnect (“we,” “us,” or “the Service”) handles information when you use the Gmail campaign platform, including the web application and optional Chrome extension. iConnect is typically operated by you or your organization on infrastructure you control (for example, a private deployment or your own cloud account).

1. Who is responsible

The party that deploys and administers your iConnect instance (the “Operator”) is responsible for this Service and for fulfilling privacy obligations toward end users. If you have questions about how your data is handled, contact your Operator. This policy describes what the software does by design.

2. Information we collect

Account and authentication

  • Email address and password (password stored using a one-way hash)
  • Session cookies managed by NextAuth for sign-in

Gmail connection

  • OAuth tokens and related metadata for Gmail accounts you connect (tokens are encrypted at rest using your deployment’s encryption key)
  • Connected Gmail address and account settings (for example, daily send limits)

Campaign and recipient data

  • Campaign names, subjects, HTML bodies, schedules, and send settings
  • Recipient information you import or enter (such as email addresses, names, and custom merge fields)
  • Send job status, errors, and delivery-related logs

Email tracking

  • Open and click events when tracking is enabled, including timestamps and recipient identifiers linked to campaigns
  • Technical data needed to serve tracking pixels and redirect links (for example, IP address and user agent, as received by your tracking endpoint)

Chrome extension

  • If you use the extension: API tokens you generate, Gmail compose content you choose to export, and connection state between the extension and your iConnect API URL

3. How we use information

We use collected information to:

  • Authenticate you and operate the dashboard
  • Send email on your behalf through connected Gmail accounts
  • Apply merge tags, throttling, work schedules, and per-account rotation
  • Record campaign progress and optional open/click analytics
  • Support the Chrome extension’s account linking and draft export features

We do not sell your personal information. We do not use your data for third-party advertising.

4. Third-party services

Depending on your configuration, data may be processed by:

  • Google / Gmail API — to send mail and manage OAuth for connected accounts (subject to Google’s Privacy Policy)
  • Hosting and database providers — for example, Vercel (web app) and Turso (database), if you deploy there

Your Operator chooses these providers and is responsible for their agreements and data processing terms.

5. Storage and security

Data is stored in the database configured for your deployment (SQLite locally or Turso in production). Gmail OAuth tokens are encrypted with the ENCRYPTION_KEY set in your environment. You are responsible for protecting secrets, access to the server, and backups.

6. Retention

Campaign, recipient, and tracking data are retained until deleted by an authorized user or until your Operator removes or resets the database. Session data expires according to your authentication configuration.

7. Your choices and rights

Depending on applicable law and your role, you may be able to:

  • Access or correct account information through the Service or your Operator
  • Disconnect Gmail accounts from the Accounts page
  • Delete campaigns and associated recipient data from the dashboard
  • Request deletion or export of your data from your Operator

If you are a recipient of emails sent through iConnect, contact the sender or their organization directly regarding list removal or privacy requests.

8. Email recipients

If you import contacts or send campaigns, you are responsible for having a lawful basis to process recipient data, providing required notices, and honoring opt-out requests. Tracking pixels and links should be disclosed where required by law.

9. Children

The Service is not directed at children under 16, and we do not knowingly collect their personal information.

10. Changes

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy questions, contact the Operator of the iConnect instance you use. If you operate your own deployment, use the administrative contact defined for your organization.