PRIVACY POLICY

1. Introduction

SpurIQ (“we,” “our,” “us,” or “the Extension”) is a Chrome browser extension designed to enhance productivity through AI-powered email and calendar insights. This privacy policy explains how we collect, use, store, and protect your information when you use the SpurIQ extension.

Important Note: SpurIQ is a private extension available only to authorized organizations and their members. It is distributed through private channels and is not publicly available on the Chrome Web Store.

Extension Information

Extension Name: SpurIQ
Version: 1.0.0
Developer: SpurIQ
Contact: [email protected]

2. Information We Collect

SpurIQ collects and processes the following types of information to provide its functionality:

2.1 Authentication Information

Google account email address (obtained via OAuth 2.0)
OAuth authentication tokens
User profile information (name, profile picture) from your Google account

2.2 Gmail Data

We access the following Gmail data with your explicit authorization:

Email content, including subject lines, body text, and metadata
Email attachments
Sender and recipient information
Email timestamps and thread organization
Email labels, folders, and categories
Draft emails and compose data
Email settings (filters and labels)

2.3 Google Calendar Data

We access the following Calendar data with your explicit authorization:

Calendar events, schedules, and attendee information
Event metadata including times, locations, descriptions, and meeting links
Calendar settings and sharing permissions
Individual event details

2.4 CRM Integration Data

HubSpot CRM data related to Deals, Leads, and Contacts
Synchronization data between your email/calendar and CRM

2.5 Meeting Recording Data

Meeting recordings processed through Fireflies.ai when the Fireflies agent joins your meetings
Meeting transcripts and analysis generated by Fireflies.ai

2.6 Usage and Preference Data

Extension settings and user preferences
Temporary state data for maintaining session continuity
Background synchronization triggers and events

2.7 AI-Generated Insights

Summaries, analytics, and insights generated from your email and calendar data
AI-processed information derived from your communications

3. How We Use Your Information

We use the collected information solely for the following purposes:

3.1 Core Functionality

Authentication & Identity: To securely authenticate users and associate data with the correct account
AI-Powered Insights: To generate intelligent summaries, analytics, and contextual insights from your Gmail and Calendar data using third-party AI services (OpenAI GPT and Anthropic Claude)
Calendar Integration: To display relevant calendar events and scheduling information within the extension
CRM Synchronization: To sync email and calendar data with HubSpot CRM for sales and contact management
Meeting Intelligence: To process meeting recordings and generate transcripts via Fireflies.ai integration

3.2 Data Management

Backend Synchronization: To sync data with our secure backend services for persistent storage and functionality
User Experience: To maintain user preferences, settings, and provide a consistent experience
Trigger-Based Updates: To refresh insights and maintain up-to-date information through event-based background tasks

3.3 Permitted Use Only

We use your Gmail and Calendar data exclusively for providing the features and functionality visible and useful to you within the SpurIQ extension. We do not use your data for:

Serving advertisements
Marketing purposes unrelated to SpurIQ functionality
Selling or renting to third parties
Any purpose beyond what is disclosed in this policy

4. AI Processing and Third-Party Services

4.1 AI Service Providers

SpurIQ uses the following third-party AI services to process your data:

OpenAI GPT models
Anthropic Claude models

Processing Location: Your data is sent to these third-party AI service providers via their APIs. Processing occurs on their servers, which may be located in the United States and other countries.

Training Prohibition: Your data is not used to train or improve AI models operated by SpurIQ or our third-party AI providers. We have configured our API usage to prevent data retention for model training purposes.

AI Processing Details:

Email and calendar content may be sent to AI APIs to generate summaries, insights, and contextual analysis
Processing happens in real-time when you use AI-powered features
AI-generated insights are stored on our backend servers for your future access

4.2 Third-Party Services We Use

Required Services:

Google APIs: Gmail and Google Calendar (subject to Google’s Privacy Policy)
OpenAI: AI processing services (subject to OpenAI’s Privacy Policy)
Anthropic: AI processing services (subject to Anthropic’s Privacy Policy)
HubSpot: CRM integration (subject to HubSpot’s Privacy Policy)
Fireflies.ai: Meeting transcription and analysis (subject to Fireflies.ai Privacy Policy)

Authentication:

Google OAuth 2.0: For secure authentication via your GSuite account

5. Fireflies.ai Meeting Recording Integration

5.1 How It Works

Fireflies.ai integration is enabled by default for meeting intelligence features
When a Fireflies recording agent joins your scheduled meetings, audio is captured and sent to Fireflies.ai for transcription and analysis
Meeting recordings and transcripts are processed to generate insights related to your sales activities, deals, and contacts

5.2 User Control

You can prevent recording of specific meetings by manually removing the Fireflies agent/bot before or during the meeting
Disabling the Fireflies agent will prevent that specific meeting from being recorded and transcribed

5.3 Data Shared with Fireflies.ai

Meeting audio recordings
Calendar event metadata (meeting title, participants, time)
Meeting-related context from your email and calendar

6. Data Storage and Security

6.1 Local Storage (Browser)

User data or analysis is retrieved from the server and displayed on the plugin for the first time.
For later calls, they are made incrementally to the server for new data to be displayed via the plugin, based on cache frequency settings within the application; user data is invalidated periodically.
This data remains on your device and is encrypted by Chrome’s built-in security mechanisms
Local data is automatically removed when you uninstall the extension

6.2 Backend Storage

Server Location: Our backend servers are hosted on Google Cloud Platform (GCP) infrastructure located in Mumbai, India.

Data Processing Jurisdiction: User data is processed on servers located in India. However, data may be transferred to and processed in other countries (including the United States) when using third-party AI service providers (OpenAI, Anthropic, Fireflies.ai).

Security Measures: We implement industry-standard security practices including:

Encrypted data transmission: All data in transit is protected using HTTPS/TLS encryption
Encryption at rest: Data stored on our servers is encrypted at rest
Secure authentication: OAuth 2.0 protocols with token-based authentication
Access controls: Limited access to authorized personnel only (currently Sales Representatives and Sales Managers within your organization)
GCP Security: We leverage Google Cloud Platform’s default security infrastructure and compliance certifications
Regular monitoring: Ongoing security monitoring and logging

6.3 Backup and Redundancy

Backup frequency: Monthly backups are performed
Backup retention: Backups are retained according to operational requirements
Data recovery: Backups enable data recovery in case of system failures

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. Your data may be shared only in the following circumstances:

7.1 Within the Organization

Organization Administrators: Sales Representatives and Sales Managers within your organization may have access to user data for legitimate business purposes (sales management, CRM operations, team coordination)
Individual User Data Visibility: Organization admins can view individual user data as necessary for business operations

7.2 Service Providers

We share data with the following third-party service providers necessary for the extension’s functionality:

Google (Gmail, Calendar APIs): For accessing your email and calendar data
OpenAI and Anthropic: For AI-powered analysis and insights generation
HubSpot: For CRM synchronization and sales management
Fireflies.ai: For meeting recording, transcription, and analysis

These service providers are bound by their own privacy policies and data processing agreements.

7.3 Legal Requirements

We may disclose your information when required by:

Law, regulation, or legal process
Court order or subpoena
Government or regulatory authority requests
Enforcement of our terms of service or protection of rights

7.4 Security & Protection

To protect the rights, property, or safety of SpurIQ, our users, or others, including fraud prevention and abuse detection.

8. Data Retention and Deletion

8.1 Active User Data

We retain your data for as long as:

You actively use the SpurIQ extension
Your organization maintains an active account with SpurIQ
Required for legitimate business purposes or legal compliance

8.2 Data Deletion Upon Uninstall

When you uninstall the SpurIQ extension:

Local browser data is automatically removed by Chrome
Backend data is deleted in accordance with our data retention schedule
AI-generated insights associated with your account are removed

8.3 Data Deletion Requests

You may request immediate deletion of your data by:

Email: [email protected]
Subject Line: “Data Deletion Request – SpurIQ”
Timeline: We will process deletion requests according to standard service level agreements based on your organization’s plan
Scope: Deletion includes all personal data, email/calendar content, AI insights, and associated metadata

8.4 Backup Data

Monthly backups may retain deleted data for operational and disaster recovery purposes
Backup data is subject to the same security and access controls as active data
Backup data is eventually purged according to our retention schedule

8.5 Logs and System Data

System logs and operational data are not retained for longer than 90 days
Logs may contain metadata but not full email/calendar content

9. Your Rights and Choices

As a user of SpurIQ, you have the following rights:

9.1 Access to Your Data

Right to Access: Request access to the personal data we have collected about you
How to Request: Email [email protected]
Response Time: We respond to access requests according to standard SLAs based on your organization’s plan
Format: Data can be viewed within the extension interface; while there is no explicit export function, you can copy and paste content

9.2 Data Correction

Right to Correction: Request correction of inaccurate or incomplete data
Process: Contact [email protected] with details of the correction needed

9.3 Data Deletion

Right to Deletion: Request deletion of your personal data (see Section 8.3 above)
Timeline: Deletion is processed according to your organization’s SLA

9.4 Revoke Permissions

You can revoke SpurIQ’s access to your Gmail and Calendar at any time:

Go to your Google Account settings: https://myaccount.google.com/permissions
Find “SpurIQ” in the list of connected apps
Click “Remove Access”
Note: This will prevent the extension from functioning until permissions are re-granted

9.5 Uninstall the Extension

You can remove SpurIQ from your browser at any time:

Go to Chrome extensions page: chrome://extensions/
Find “SpurIQ”
Click “Remove”
Local data will be automatically deleted; backend data deletion follows our retention policy

9.6 Control Meeting Recordings

Manually remove the Fireflies.ai recording agent from meetings you do not wish to record
Contact your organization administrator to adjust Fireflies.ai integration settings

10. Google API Services User Data Policy Compliance

SpurIQ’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10.1 Limited Use Commitment

We commit to the following principles:

Purpose Limitation: Gmail and Calendar data is used solely for providing AI-powered insights, CRM synchronization, and productivity features directly visible and useful to you within SpurIQ
No Advertising: We do not use Google user data for serving advertisements
No Unauthorized Transfers: We do not transfer Google user data to third parties except:
- To service providers (OpenAI, Anthropic, Fireflies.ai, HubSpot) necessary for providing features
- With your explicit consent
- For security purposes (fraud/abuse detection)
- When required by law
Human Access Restrictions: Humans (Sales Representatives and Sales Managers) may access your Gmail/Calendar data only:
- When necessary for legitimate business purposes within your organization
- For security and abuse prevention
- When required by law
- We do not allow humans to read your data for marketing or unauthorized purposes

10.2 OAuth Scopes Requested

SpurIQ requests the following Google OAuth scopes:

Gmail Scopes:

https://www.googleapis.com/auth/gmail.readonly — Read email messages and search
https://www.googleapis.com/auth/gmail.compose — Compose and manage draft emails
https://www.googleapis.com/auth/gmail.send — Send emails on your behalf
https://www.googleapis.com/auth/gmail.modify — Move emails, manage labels, and organize
https://www.googleapis.com/auth/gmail.settings.basic — View and manage email settings and filters

Calendar Scopes:

https://www.googleapis.com/auth/calendar — Full calendar access for creating, updating, and managing calendars and events
https://www.googleapis.com/auth/calendar.events — Manage individual calendar events

10.3 Justification for Scopes

Each scope is necessary for core SpurIQ functionality:

Read emails: Generate AI summaries and insights from your communications
Compose/send emails: Enable AI-assisted email composition and sending features
Modify emails: Organize emails based on AI-generated categories and insights
Email settings: Integrate with your existing email workflow and filters
Calendar access: Sync meeting data with CRM, generate scheduling insights, and coordinate with Fireflies.ai for meeting intelligence

11. Chrome Extension Permissions

SpurIQ requires the following Chrome permissions to function properly:

11.1 Required Permissions and Justifications

Permission	Justification
identity & identity.email	Secure Google OAuth 2.0 authentication and user identification
storage	Store user preferences, authentication tokens, and temporary state data locally in your browser
scripting	Inject scripts to read email content from Gmail interface and provide AI insights within the Gmail UI
activeTab	Access the active Gmail tab to extract contextual information for AI processing
sidePanel	Display AI-generated insights in a dedicated browser side panel for easy access
alarms	Schedule trigger-based background synchronization tasks for email, calendar, and CRM data

11.2 Host Permissions

SpurIQ requires access to the following domains:

Host	Purpose
https://mail.google.com/*	Access Gmail interface to read emails and inject AI insights
https://www.googleapis.com/*	Communicate with Google APIs for Gmail and Calendar data
https://calendar.google.com/*	Access Google Calendar interface and data
https://api.openai.com/*	Send data to OpenAI for AI processing
https://api.anthropic.com/*	Send data to Anthropic for AI processing
https://api.hubapi.com/*	Sync data with HubSpot CRM
https://fireflies.ai/*	Integrate with Fireflies.ai for meeting recordings
[SpurIQ Backend Server]	Communicate with our secure backend for data storage and synchronization

12. Security Incident Response

12.1 Data Breach Notification

In the event of a data breach or security incident:

Detection and Response:

We maintain monitoring systems to detect potential security incidents
Our team will investigate and assess the scope and impact of any breach

User Notification:

Timeline: We will notify affected users via email within 72 hours of confirming a breach that affects personal data
Notification Method: Email notification to your registered Google account email address
Content: Notification will include the nature of the breach, affected data, steps we’re taking, and recommended actions for users

Regulatory Notification:

We will notify relevant regulatory authorities as required by applicable data protection laws

Remediation:

Immediate steps to contain and remediate the breach
Investigation to prevent future incidents
Enhanced security measures as appropriate

12.2 User Responsibility

Users should:

Keep their Google account credentials secure
Report suspicious activity immediately to [email protected]
Enable two-factor authentication on their Google accounts

13. Background Operations and Data Synchronization

13.1 Trigger-Based Synchronization

SpurIQ uses trigger-based (event-driven) background synchronization rather than fixed intervals
Background tasks activate based on specific events (new emails, calendar updates, CRM changes)
Synchronization is not time-based and occurs only when relevant changes are detected

13.2 Data Accessed During Background Sync

The following data may be accessed during background operations:

Email data: New messages, updates to existing threads
Calendar data: Event changes, new meetings, cancellations
CRM data: Updates to Deals, Leads, and Contacts in HubSpot

13.3 User Control

Users cannot manually control background sync frequency as it is event-driven
Background synchronization is essential for core functionality and cannot be disabled while using the extension
To stop background operations, uninstall the extension or revoke OAuth permissions

14. International Data Transfers

14.1 Current Geographic Scope

Current Users: SpurIQ currently serves users primarily in India
EU/EEA Users: We do not currently have users in the European Union or European Economic Area
California Users: We do not currently have users in California (USA)
Other Jurisdictions: We do not currently have users in other regions with specific data protection laws (e.g., UK, Brazil, Canada)

14.2 Data Transfer Notice

While our primary servers are located in Mumbai, India, your data may be transferred to and processed in other countries when using third-party services:

United States: OpenAI, Anthropic, and Fireflies.ai may process data on servers in the US
Other Locations: Service providers may use servers in various global locations

14.3 Future International Operations

If we expand to serve users in the EU, California, or other jurisdictions with specific data protection requirements:

We will implement appropriate data transfer mechanisms (Standard Contractual Clauses, etc.)
This privacy policy will be updated to reflect compliance with applicable laws (GDPR, CCPA, etc.)
Users will be notified of any material changes

15. Children’s Privacy

15.1 Age Restrictions

SpurIQ is intended for use by business professionals and authorized members of organizations
We do not knowingly collect information from individuals under the age of 18
No Age Verification: We do not currently enforce age verification mechanisms as the extension is designed for internal organizational use with authorized adult users

15.2 Parental Notice

If we become aware that a user under 18 has provided personal information, we will take steps to delete such data
Parents or guardians who believe their child has used SpurIQ should contact us at [email protected]

15.3 COPPA Compliance

We do not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA)

16. Analytics, Cookies, and Tracking

16.1 Analytics

Google Analytics: We do not use Google Analytics or similar third-party analytics platforms
Usage Tracking: We do not collect detailed usage analytics, telemetrics, or behavior tracking
Error Reporting: We do not use automated error tracking services (e.g., Sentry, Rollbar)

16.2 Cookies

Browser Cookies: SpurIQ does not use HTTP cookies
Tracking Technologies: We do not use web beacons, pixels, or similar tracking technologies

16.3 Local Storage

We use Chrome’s built-in storage API for storing:

User preferences and settings
OAuth authentication tokens
Temporary session state

This data is stored locally on your device and is not used for tracking or analytics.

17. Data Controller and Processor

17.1 Data Controller

SpurIQ acts as the Data Controller for personal data collected through the extension
We determine the purposes and means of processing your personal data

17.2 Data Processors

The following third parties act as Data Processors on behalf of SpurIQ:

Google Cloud Platform: Infrastructure and hosting services
OpenAI: AI processing services
Anthropic: AI processing services
HubSpot: CRM data processing
Fireflies.ai: Meeting transcription services

17.3 Data Processing Agreements

We maintain data processing agreements with third-party processors where appropriate
These agreements ensure processors handle your data in compliance with applicable privacy laws

18. Legal Basis for Processing (GDPR Context)

While we do not currently serve EU users, for transparency regarding potential future operations:

18.1 Legal Bases

If GDPR were to apply, our processing would be based on:

Consent: Your explicit consent when authorizing OAuth permissions and using the extension
Legitimate Interests: Our legitimate business interests in providing productivity and CRM integration services
Contract Performance: Processing necessary to provide the services you’ve requested

18.2 Right to Withdraw Consent

Users can withdraw consent at any time by:

Revoking OAuth permissions through Google Account settings
Uninstalling the extension
Requesting data deletion via [email protected]

19. California Privacy Rights (CCPA Context)

While we do not currently serve California residents, for transparency:

19.1 CCPA Rights (If Applicable)

California residents would have the right to:

Know what personal information is collected
Know whether personal information is sold or disclosed
Say no to the sale of personal information
Access their personal information
Request deletion of personal information
Not be discriminated against for exercising privacy rights

19.2 Do Not Sell My Personal Information

We do not sell personal information to third parties
We do not share personal information for monetary or other valuable consideration

20. Changes to This Privacy Policy

20.1 Policy Updates

We may update this privacy policy from time to time to reflect:

Changes in our data practices
New features or functionality
Legal, operational, or regulatory requirements
User feedback and privacy best practices

20.2 Notification of Changes

When we make material changes to this privacy policy:

The “Last Updated” date at the top will be revised
Email Notification: Significant changes will be communicated via email to your registered address
Continued Use: Your continued use of SpurIQ after changes take effect constitutes acceptance of the updated policy

20.3 Review Frequency

We review this privacy policy periodically to ensure accuracy and compliance
Users are encouraged to review this policy regularly

20.4 Version History

Previous versions of this privacy policy may be available upon request
Contact [email protected] to request historical versions

21. Compliance and Regulatory Information

21.1 Current Compliance

SpurIQ is committed to compliance with applicable data protection laws and regulations, including:

India: Information Technology Act, 2000 and related rules
Google Policies: Google API Services User Data Policy and Chrome Web Store Developer Program Policies

21.2 Future Compliance

Should we expand operations to new jurisdictions, we commit to compliance with:

GDPR: General Data Protection Regulation (EU)
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act
UK GDPR: United Kingdom data protection laws
Other Regional Laws: Applicable privacy laws in jurisdictions where we operate

21.3 Data Protection Officer

Current Status: We do not currently have a designated Data Protection Officer (DPO)
Future Designation: If required by law (e.g., GDPR for EU operations), we will appoint a DPO and update this policy with contact information

22. Third-Party Links and Services

22.1 External Links

SpurIQ may contain links to external websites or services (Google, HubSpot, Fireflies.ai, etc.)
We are not responsible for the privacy practices of these third-party sites
Users should review the privacy policies of any third-party services they interact with

22.2 Third-Party Privacy Policies

Please review the privacy policies of our integrated services:

Google: https://policies.google.com/privacy
OpenAI: https://openai.com/privacy
Anthropic: https://www.anthropic.com/privacy
HubSpot: https://legal.hubspot.com/privacy-policy
Fireflies.ai: https://fireflies.ai/privacy

23. Transparency and User Control

23.1 Data Visibility

Users can view AI-generated insights within the SpurIQ extension interface
While there is no dedicated data export dashboard, users can copy and paste content they wish to retain
For comprehensive data access, contact [email protected]

23.2 User Preferences

Extension settings allow you to customize your SpurIQ experience
Preferences are stored locally and synced to our backend for cross-session consistency

23.3 Transparency Commitment

We are committed to transparency about our data practices:

This privacy policy provides comprehensive information about data collection and use
Users can contact us with questions or concerns at any time
We will respond to inquiries according to standard SLAs

24. Dispute Resolution and Governing Law

24.1 Governing Law

This privacy policy and any disputes arising from it shall be governed by the laws of India
Any legal proceedings shall be subject to the exclusive jurisdiction of courts in Mumbai, India

24.2 Dispute Resolution Process

For privacy-related disputes or concerns:

Contact Us First: Email [email protected] with details of your concern
Good Faith Resolution: We will work with you in good faith to resolve the issue
Escalation: If unresolved, disputes may be subject to formal legal proceedings under Indian law

24.3 EU Users (Future)

If we serve EU users in the future:

EU users will have the right to lodge a complaint with their local supervisory authority
This will be clearly stated in an updated privacy policy

25. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or the handling of your personal data, please contact us:

25.1 General Inquiries and Support

Email: [email protected]
Subject Line: Include “Privacy Inquiry – SpurIQ” for faster routing

25.2 Data Rights Requests

For access, correction, or deletion requests:

Email: [email protected]
Subject Line: “Data Rights Request – SpurIQ”
Include: Your registered email address and specific request details

25.3 Security Concerns

To report security vulnerabilities or incidents:

Email: [email protected]
Subject Line: “Security Issue – SpurIQ”
Urgent Issues: Mark as high priority

25.4 Mailing Address

SpurIQ
A 3501, Alpine Tower 1
Samta Nagar, Nr Thakur College
Kandivali (E), Mumbai
Maharashtra 400101
India

25.5 Extension Details

Extension Name: SpurIQ
Version: 1.0.0
Platform: Google Chrome Browser Extension

26. Acknowledgment and Consent

By installing and using SpurIQ, you acknowledge that:

You have read and understood this privacy policy
You consent to the collection, use, and processing of your data as described herein
You understand your rights and how to exercise them
You authorize SpurIQ to access your Gmail, Calendar, and related data as specified
You understand that data may be processed by third-party AI service providers

You can withdraw your consent at any time by uninstalling the extension or revoking OAuth permissions through your Google Account settings.

This privacy policy is effective as of May 6, 2026, and applies to all users of the SpurIQ Chrome extension.

Document Information

Document Version: 2.0
Last Reviewed: May 6, 2026
Next Scheduled Review: August 6, 2026 (Quarterly)
Effective Date: May 6, 2026

For questions about this policy or to request previous versions, contact [email protected].