Google Data Use / Limited Use Statement
This page explains how Lucrum CRM uses Google user data when a user connects Google Workspace.
Last updated: May 23, 2026. Google access is optional and feature-specific.
1. Summary
Lucrum CRM uses Google user data only to provide user-visible CRM features that the user or their organization enables. Google data is not sold, not used for advertising, and not used to train generalized AI or machine learning models.
2. Google data by feature
| Feature | Google scopes | Use |
|---|---|---|
| Google sign-in / identity | openid, email, profile | Identify the user and connected Google account. |
| Email / Gmail | gmail.readonly, gmail.send | Display Gmail messages in the Email module and send/reply only when explicitly requested and confirmed by the user. |
| Contacts | contacts.readonly | Show contacts for user review, matching, linking, or CRM record creation after user selection. |
| Calendar | calendar.events.readonly | Display calendar events in CRM context. |
Lucrum CRM requests scopes incrementally where practical. Google sign-in does not automatically grant Gmail, Contacts, or Calendar access. Lucrum CRM does not request full mailbox access, Gmail modify access, Contacts write access, or Calendar write access for this release.
3. Limited Use commitments
- Google user data is used only to provide and improve user-facing features that are prominent in Lucrum CRM.
- Google user data is not sold.
- Google user data is not used for advertising, retargeting, or ad measurement.
- Google user data is not transferred to data brokers or information resellers.
- Google user data is not used to determine credit-worthiness or lending eligibility.
- Google user data is not used to train generalized AI or machine learning models.
- Access is limited to the minimum data needed for enabled features.
4. Storage and security model
Google refresh tokens are stored only in the central Google integration broker/token vault, not in individual customer CRM containers. Tokens are encrypted at rest and protected with access controls and audit logging. Google access tokens are treated as short-lived secrets and are not placed in browser URLs, localStorage, frontend state, customer CRM containers, or logs.
5. Human access
Lucrum Industries personnel do not casually access users' Gmail, Contacts, or Calendar data. Human access is limited to support requested by the customer/user, security investigation, abuse prevention, legal compliance, or other narrow operational necessity.
6. Disconnect, retention, and deletion
Users can disconnect Google access from Lucrum CRM and can also revoke the app from their Google Account permissions page. Google OAuth tokens are deleted or marked inactive when access is disconnected or revoked. Google-derived active records are retained only as needed for user-selected CRM records, audit/security records, customer requirements, legal obligations, or encrypted backup rotation. See Disconnect and deletion instructions for details.