Privacy Policy

Last updated: April 2026

KollabOS ("we," "us," or "our") operates a B2B SaaS platform for influencer talent management. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and your rights regarding that data.

1. Data We Collect

Account Information

Name, email address, and authentication credentials (password hash or Google/Microsoft OAuth tokens).

Email Data

When you connect your email account, we access email content (subject lines, sender information, and message bodies) to detect and extract brand partnership opportunities. We only process emails relevant to deal detection.

Contact and Company Data

Names, email addresses, phone numbers, company names, and roles of brand contacts extracted from deal-related emails or manually entered by you.

Deal and Financial Data

Deal values, deliverables, deadlines, invoice amounts, payment statuses, and billing information associated with brand partnerships.

Creator and Social Media Data

Creator profiles including social media handles, follower counts, engagement rates, and audience demographics that you enter or import for media kit generation.

2. Why We Collect This Data

  • AI deal detection -- Analyze incoming emails to automatically identify brand partnership opportunities and extract deal details.
  • Pipeline management -- Track deals through their lifecycle from prospect to paid.
  • Media kit generation -- Create professional media kits using creator profile data and social media statistics.
  • Invoicing -- Generate and track invoices tied to completed deals.
  • Service operation -- Authentication, notifications, billing, and customer support.

3. How We Store and Protect Your Data

Encryption at Rest

Email content and OAuth tokens are encrypted using AES-256-GCM encryption before storage. Encryption keys are managed separately from the database.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted via HTTPS (TLS 1.2+).

Database Security

Data is stored in a PostgreSQL database with workspace-level isolation. Each user's data is logically separated and access-controlled at the application layer.

Infrastructure

Our infrastructure runs on industry-standard cloud providers with SOC 2 and ISO 27001 certifications. Backups are encrypted and stored in geographically separate locations.

4. Data Export and Account Deletion

Export Your Data

You can export all of your data at any time by navigating to Settings → Data & Privacy → Export. This generates a downloadable archive containing your deals, contacts, creators, invoices, and email metadata.

Delete Your Account

You can permanently delete your account by navigating to Settings → Data & Privacy → Delete Account. Upon deletion, all associated data -- including emails, deals, contacts, creators, media kits, invoices, and OAuth tokens -- is permanently removed from our systems within 30 days.

5. Third-Party Services

We do not sell, share, or transfer your personal data to third parties for their own purposes. The following third-party services are used solely to operate KollabOS:

  • Google -- OAuth authentication and Gmail API for email synchronization.
  • Microsoft -- Outlook API for email synchronization.
  • OpenAI / Anthropic -- AI processing for email classification and deal extraction. Email content is sent for real-time analysis only and is not stored or used for training by these providers.
  • Stripe -- Payment processing and subscription billing. We do not store credit card numbers; Stripe handles all payment data directly.
  • Resend -- Transactional email delivery (password resets, notifications, invoice emails).

6. Google API Limited Use Disclosure

KollabOS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the Gmail scopes necessary for deal detection and email synchronization.
  • We do not use Google user data for advertising or sell it to third parties.
  • We do not allow humans to read user email content unless required for security purposes, to comply with applicable law, or with the user's explicit consent.
  • Access to Google user data is limited to the features described in this policy and in our application's scope justification.

7. Cookies

KollabOS uses session cookies exclusively for authentication (powered by NextAuth.js). These cookies are essential for keeping you logged in and are strictly necessary for the service to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Data Retention

We retain your data for as long as your account is active and you continue to use the service. When you delete your account, all associated data is permanently purged from our systems within 30 days. We may retain anonymized, aggregated data that cannot identify you for analytical purposes.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (see Section 4).
  • Export your data in a portable format (see Section 4).
  • Object to or restrict certain processing activities.

To exercise any of these rights, contact us at legal@kollabos.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the platform. Continued use of KollabOS after changes take effect constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions, data requests, or concerns, contact us at:

legal@kollabos.com

Terms of ServiceHome