Privacy Policy

We collect only the information necessary to provide operational, analytics, and integration services. This may include:

• Business contact information
• System-generated identifiers
• Operational data such as lead records or workflow metadata, when explicitly authorized by a client

We do not collect or process sensitive personal data unless required for a specific client-authorized use case.

Information is used solely to:

• Integrate data between client-authorized systems
• Provide reporting, analytics, and operational visibility
• Support workflow automation and notifications
• Maintain system reliability and data accuracy

We do not sell, broker, or monetize personal or lead data.

All data access is scoped to authorized client accounts and governed by contractual agreements. GaugeWell only processes data on behalf of clients and according to their instructions.

We do not share data with third parties except where required to provide agreed-upon services (such as infrastructure or integration providers), and only under appropriate confidentiality and security controls.

GaugeWell maintains formal policies and procedures for handling requests from public authorities (including law enforcement and government agencies) for personal data or personal information of users. These include:

• Legality Review: Every government or law enforcement data request is reviewed by qualified personnel to verify that it is legally valid, properly scoped, and issued by an authority with appropriate jurisdiction before any disclosure is made.
• Right to Challenge: Where a request is determined to be overbroad, legally deficient, or otherwise unlawful, GaugeWell will challenge the request through appropriate legal channels. We will not comply with requests we believe to be unlawful unless compelled by a court of competent jurisdiction.
• Data Minimization: When disclosure is legally required, we limit the information provided to the minimum necessary to satisfy the specific, lawful request. We do not provide bulk or unrestricted access to user data.
• Documentation & Transparency: All government data requests, our responses, the legal reasoning applied, and the individuals involved in the review are documented and retained. Where legally permitted, we will notify affected users and/or the data Controller of any such request.

We do not voluntarily provide personal data to any government authority except where required by valid legal process or to prevent imminent harm to individuals.

Data is retained only for as long as necessary to fulfill the intended operational purpose or as required by client agreements. Clients may request deletion or export of their data at any time.

We implement reasonable administrative, technical, and organizational safeguards to protect data against unauthorized access, loss, or misuse. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest
• Role-based access controls with principle of least privilege
• Regular security audits and vulnerability assessments
• Secure credential storage using environment-based secrets management
• Logging and monitoring of data access for audit purposes

GaugeWell integrates with third-party platforms (including but not limited to Google, Meta, HubSpot, and other CRM/marketing platforms) solely to provide client-authorized services. When accessing these platforms:

• Limited Scope: We request only the minimum permissions necessary to perform the agreed-upon integration services
• Client Authorization: All platform access is initiated and authorized by the client who owns the connected accounts
• No Unauthorized Use: We do not use API access to collect data beyond what is necessary for service delivery, and we do not use client data for advertising, profiling, or resale
• Secure Token Storage: OAuth tokens and API credentials are encrypted and stored securely, accessible only for authorized service operations
• Prompt Revocation: Upon client request or service termination, we promptly revoke access tokens and delete stored credentials

We comply with all applicable platform developer policies, including Google API Services User Data Policy, Meta Platform Terms, and HubSpot Developer Terms.

Depending on your jurisdiction, you may have certain rights regarding your personal data, including the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing activities
• Data portability (receive your data in a structured format)
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@gaugewell.io. We will respond to requests within the timeframes required by applicable law.

We support complete data deletion upon request. When you request deletion:

• We will delete all personal data associated with your account within 30 days
• We will revoke all connected third-party platform access
• We will purge data from backups within 90 days (standard backup retention cycle)
• Certain data may be retained if required by law or for legitimate business purposes (e.g., billing records)

To request data deletion, you can:

• Submit a request through our Data Deletion Request Form
• Email privacy@gaugewell.io with the subject line "Data Deletion Request"