Privacy Policy

Last Updated: November 9, 2025

1. Introduction

Curiosity Engine ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and Chrome extension.

2. Information We Collect

2.1 Information You Provide

  • Email address and name (via Google or Microsoft OAuth)
  • Profile information and preferences you set in the application
  • LinkedIn profile data you choose to analyze
  • Email drafts and content you create using our AI tools

2.2 Information Collected Automatically

  • Usage data and analytics
  • Browser type and version
  • Device information
  • Log data and error reports

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Authenticate your identity via OAuth
  • Send emails on your behalf (only when you explicitly request it)
  • Generate AI-powered LinkedIn analysis and email drafts
  • Improve and optimize our services
  • Respond to your requests and provide customer support
  • Send you technical notices and updates

4. OAuth and Third-Party Integrations

4.1 Google Workspace (Gmail & Calendar)

When you connect Google Workspace, we request permission to:

  • Gmail - Send emails: We send emails only when you explicitly click "Send" in our application
  • Gmail - Create drafts: We create email drafts when you use the AI draft feature
  • Gmail - Search emails: We search your emails only when you explicitly request it (e.g., "find emails from John")
  • Gmail - Access settings: We retrieve your default email signature to append to drafted emails
  • Calendar - Read events: We read your calendar events to provide meeting context and scheduling assistance
  • Calendar - Create events: We create calendar events only when you explicitly request it
  • Profile access: We access your basic profile information (name, email) for authentication

We do not read the content of your emails, monitor your inbox, or access your data without explicit user action.

4.2 Microsoft 365 (Outlook & Calendar)

When you connect Microsoft 365, we request permission to:

  • Mail.Send: Send emails on your behalf when you click "Send"
  • Mail.ReadWrite: Create email drafts and search emails when requested
  • Calendars.Read & Calendars.ReadWrite: View and create calendar events
  • User.Read: Access your basic profile for authentication

4.3 Salesforce CRM

When you connect Salesforce, we access:

  • Contacts & Leads: Search and create records to enhance email personalization
  • Notes & Tasks: Log activities and set follow-up reminders when requested
  • API Access: Read and write access to your Salesforce data as needed for CRM operations

All Salesforce access is on-demand based on your explicit requests. We do not continuously sync or monitor your CRM data.

4.4 Revoking Access

You can revoke any integration's access at any time through:

  • Curiosity Engine dashboard → Connectors → Disconnect button
  • Your Google Account → Security → Third-party apps
  • Your Microsoft Account → Permissions
  • Your Salesforce → Setup → Connected Apps

5. Data Storage and Security

We store your data securely using Supabase and implement industry-standard security measures including encryption at rest and in transit. OAuth tokens are stored securely and are never exposed to the client-side application.

6. Third-Party Services

We use the following third-party services to provide and enhance our platform:

  • Google OAuth, Gmail & Calendar APIs: For authentication, email drafting/sending, and calendar integration. We only access your Gmail and Calendar data when you explicitly authorize these integrations and request specific actions.
  • Microsoft OAuth & Graph API: For authentication, Outlook email drafting/sending, and calendar integration. We only access your Outlook and Calendar data when you explicitly authorize these integrations.
  • Salesforce API: For CRM data synchronization when you connect your Salesforce account. We access only the data necessary to search contacts, create leads, and enhance email drafting.
  • SambaNova Cloud: For AI-powered content generation and intelligent response generation. Your prompts and conversations are processed through SambaNova's LLM API to provide AI assistance.
  • Tavily Search API: For web search capabilities when you request current information or research. Search queries are sent to Tavily to retrieve relevant web results.
  • Supabase: For secure database storage, user authentication, and data management.
  • Vercel: For application hosting, deployment, and serverless function execution.

Each third-party service has its own privacy policy and data handling practices. We carefully select partners that meet high security and privacy standards.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Revoke OAuth permissions at any time via your Google or Microsoft account settings
  • Export your data
  • Opt-out of marketing communications

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You may request deletion of your account and data at any time by contacting us.

9. Children's Privacy

Our services are not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: hello@curiosityengine.io
Website: www.curiosityengine.io

12. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR). We process your data lawfully based on your consent and our legitimate business interests.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information.

← Back to Home