1. Overview
Vector CRM ("the Portal", "we", "us") is a private internal tool operated by Vector CRM for use by authorized agents and partners. This Privacy Policy explains how we collect, use, and protect information when you access and use the Portal.
2. Information We Collect
We collect and process the following types of information:
- Account information: Name, email address, and role used to authenticate and authorize access to the Portal.
- Google account data (when you connect Google): Vector requests Gmail and Google Calendar scopes via OAuth. We access (a) Gmail send to deliver outbound email from your account, (b) Gmail readonly to match inbound replies to outbound campaigns and surface conversation threads inside Vector, (c) Gmail modify to apply labels and mark messages read, (d) Google Calendar events read/write to compute availability and create booked appointments on your behalf, (e) basic profile (email + name) to identify your account.
- Microsoft account data (when you connect Microsoft 365): Vector requests Microsoft Graph Mail.Send, Mail.Read, Mail.ReadWrite, Calendars.ReadWrite, and User.Read scopes to provide the same email and calendar functionality for Outlook / Microsoft 365 users.
- Contact and CRM data: Information about client contacts, appointments, conversations, policies, and pipeline stages stored within Vector and (where applicable) synchronized with integrations such as GoHighLevel for operational purposes.
- Usage data: Standard server logs including IP addresses and timestamps for security and debugging purposes.
3. How We Use Your Information
- To provide and operate the Portal for authorized agents.
- To display your Google Calendar events alongside your GHL appointments.
- To synchronize client contact and pipeline data between the Portal and GoHighLevel.
- To authenticate and authorize access to the Portal.
- To improve and maintain the Portal's functionality.
4. Google API Services — Limited Use Disclosure
Vector uses Google APIs (Gmail and Google Calendar) on behalf of users who explicitly connect their Google account. Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Gmail data is used only to send email from your account on your behalf, read messages for the purpose of matching inbound replies to Vector-initiated outbound conversations, and modify message labels for organization within Vector's inbox. We do not transfer Gmail user data to third parties, do not use Gmail user data for serving advertisements, and do not allow humans to read Gmail user data except as expressly permitted (with affirmative agreement from the affected user, for security/legal purposes, or to comply with applicable law).
- Google Calendar data is used only to compute your availability for booking pages, create appointment events when bookings are confirmed, and display your schedule inside Vector. We do not sell or transfer Google Calendar data, and do not use it for advertising or any purpose unrelated to Vector's calendar functionality.
- No model training: we do not use Google user data to train AI/ML models.
- You may revoke Vector's access to your Google account at any time via your Google Account permissions page.
4a. Microsoft Graph Services
When you connect a Microsoft 365 account, Vector accesses your mail and calendar via Microsoft Graph using the same operational purposes described above (sending outbound mail on your behalf, matching inbound replies, computing availability, creating appointment events). Microsoft Graph data is not transferred to third parties, used for advertising, used for model training, or accessed by humans except as required for support with your explicit consent or to comply with applicable law.
You may revoke Vector's access at any time via your Microsoft account dashboard.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties except as necessary to operate the Portal (e.g., our hosting provider, Supabase for database services). All third-party service providers are contractually required to protect your data.
6. Data Security
We implement industry-standard security measures including encrypted connections (HTTPS), secure token storage, and role-based access controls. Access to the Portal is restricted to authorized Vector CRM agents and partners only.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data by contacting us at the email below.
8. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Revoke Google or Microsoft access at any time via the respective account dashboards linked in sections 4 and 4a above.