Privacy Policy

Last Updated: 3/8/2025

Nurturally, Inc. ("Nurturally," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform (the "Service"), which integrates with your email inbox and other communication channels (e.g., Slack, LinkedIn, Outlook) to automate lead nurturing. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

We collect the following categories of data:

A. Personal Information

Account Data: Name, email address, business name, payment information (processed securely via third-party gateways like Stripe).

Service Data:

Email/Communication Content: When you connect your email (e.g., Gmail) or other channels (e.g., Slack), we access and process:

  • Email headers (sender, recipient, timestamp)
  • Email body content and attachments (to identify leads and context)
  • Calendar events and contact lists

Third-Party Integrations: Data from LinkedIn, CRMs, or other platforms you authorize (e.g., leads captured via Chrome extension).

User Inputs: Leads, customer lists, referral partner details, and campaign rules you upload or configure.

B. Automatically Collected Data

Usage Data: IP address, device type, browser, pages visited, interactions with the Service.

Cookies/Tracking Technologies: We use cookies to authenticate users and analyze trends. You can disable cookies via browser settings.

C. Research Data

Aggregated, anonymized data derived from Service usage for internal research (e.g., lead response patterns). This data cannot identify individuals.

2. How We Use Your Information

We use your data to:

  • Provide the Service: Automate lead nurturing, send follow-ups, and generate summaries.
  • Improve Functionality: Train AI models to understand client context and optimize campaigns. Important note: We do not retain user data obtained through Google Workspace APIs to develop, improve, or train generalized AI and/or ML models.
  • Communicate: Send service updates, security alerts, and marketing (opt-out available).
  • Legal Compliance: Meet regulatory obligations and respond to lawful requests.

Google Workspace API Data: We do not retain user data obtained through Google Workspace APIs (including Gmail) to develop, improve, or train generalized AI and/or ML models. Data from these sources is only used to provide the specific functionality you've requested within our Service.

3. Legal Basis for Processing (GDPR/CCPA Compliance)

  • Performance of Contract: Processing necessary to deliver the Service under our Terms of Use.
  • Consent: For third-party integrations (e.g., Gmail, LinkedIn), we rely on your explicit authorization via OAuth.
  • Legitimate Interests: Research, fraud prevention, and Service optimization.
  • Legal Obligations: Responding to subpoenas or regulatory inquiries.

4. Data Sharing & Disclosure

We do not sell your data. We may share it with:

  • Service Providers: Third parties that process data on our behalf (e.g., cloud hosting, payment processors). Contracts require confidentiality and compliance with this policy.
  • Business Transfers: In mergers, acquisitions, or asset sales.
  • Legal Requirements: If compelled by law or to protect our rights.

5. Data Security

We implement safeguards including:

  • Encryption: Data in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Role-based permissions and multi-factor authentication.
  • Audits: Regular security assessments of third-party vendors.

Note: No system is 100% secure. You are responsible for safeguarding your account credentials.

6. Data Retention

We retain Personal Information as long as your account is active or needed to provide the Service.

Deleted accounts: Data is anonymized or securely erased within 90 days, except where legal obligations require retention.

7. Your Rights

Depending on residency, you may:

  • Access, correct, or delete your data
  • Opt out of marketing emails
  • Withdraw consent (may limit Service functionality)
  • Request portability of your data
  • Appeal decisions (for automated processing under GDPR)

To exercise rights: Email privacy@nurturally.com. We will respond within 30 days.

California Residents: CCPA grants additional rights (e.g., disclosure of data sold/shared). See our CCPA Addendum for details.

8. Third-Party Services

Our Service integrates with:

  • Email Providers: Gmail, Outlook, Zoho (via OAuth)
  • CRM Platforms
  • Analytics Tools: Google Analytics

Review their privacy policies separately, as we do not control their practices.

9. International Data Transfers

Data may be transferred to and processed in the U.S. or other countries. For GDPR compliance, we use Standard Contractual Clauses (SCCs) with vendors.

10. Children's Privacy

We do not knowingly collect data from individuals under 16. Contact us to request deletion of inadvertently collected data.

11. Changes to This Policy

We will notify users of material changes via email or in-app alerts. Continued use after updates constitutes acceptance.

12. Contact Us

For questions, data requests, or complaints:

Nurturally LLC
4640 Kirkwood St, Boulder, CO 80301
privacy@nurturally.com

Additional Disclosures for Beta Users

Early adopters acknowledge that the Service is in active development. Features marked "Coming Soon" are subject to change.

Beta users may be asked to provide feedback; such input is voluntary and not considered confidential.