Privacy Policy

Last updated: January 15, 2026

FastoGT ("we", "our", or "us") operates the FastoLead application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

When you use FastoLead, we may collect the following types of information:

• Account Information: When you connect third-party services (Google Forms, Gmail, HubSpot, JivoChat), we receive OAuth tokens that allow us to access your data on those platforms.
• Lead Data: Contact information, form responses, email threads, and chat histories from your connected sources.
• Business Context: Company information you provide for AI analysis (company name, products, target customers).
• Usage Data: How you interact with the application.

2. How We Use Your Information

We use the collected information to:

• Import and display leads from your connected sources
• Analyze leads using AI to provide scoring and insights
• Identify potential duplicate contacts for merging
• Improve our services and user experience

3. Data Storage

FastoLead stores data in the following locations:

3.1 Server-Side Storage (SQLite Database)

The following data is stored on the server in a SQLite database:

• Client Accounts: User ID, email address, subscription tier, lead limits, AI/search request limits and usage counters
• Plugin Configurations: Connected source configurations including:
  • HubSpot: OAuth refresh tokens
  • Gmail: OAuth refresh tokens
  • JivoChat: Authentication credentials (email/password)
  • Google Forms: OAuth tokens and selected form IDs
• Business Context: Company name, industry, description, target customers, products (for AI analysis)
• AI Settings: Your AI provider preferences and API keys (Claude, Groq, or Ollama configuration)
• Search Settings: Brave Search API key (if configured)
• Chat Conversations: AI sales coach chat conversations including message history, lead associations (lead_source + lead_id), and conversation metadata (stored in chat_conversations and chat_messages tables)
• Training Data: Human-reviewed lead analysis samples for AI model fine-tuning (includes contact data, analysis results, outcomes, and ground truth labels)

3.2 Browser Storage (localStorage)

The following data is stored in your browser:

• JWT Token: Authentication token for API access
• Google Forms Tokens: Temporary OAuth tokens for form access
• UI Preferences: Application state and user preferences

3.3 Temporary/Cache Storage

During sync operations, lead data is temporarily cached in server memory for processing. This cache is cleared when:

• You click "Clear Sync Cache"
• The server restarts
• A new sync is initiated

3.4 What We Do NOT Store

• Your Google/HubSpot passwords (we use OAuth tokens)
• Full email content from Gmail (only headers and metadata)
• Chat message content from JivoChat (only contact information)
• Lead data after sync cache is cleared

3.5 Billing and Usage Data

For paid subscriptions and usage tracking, we store:

• Subscription Tier: Your current plan (Free, Starter, Pro, Business, or Enterprise)
• Usage Limits: Lead limits, AI request limits, and search request limits for your tier
• Usage Counters: Number of leads synced, AI requests made, and web searches performed
• Package Purchases: Records of any add-on packages purchased to increase limits

We do NOT store payment card information. All payment processing is handled by secure third-party payment processors.

4. Third-Party Services

We integrate with the following third-party services:

4.1 Data Sources (Import Only)

• Google Forms API: We request read-only access to your forms and form responses. Data flows FROM Google TO our application.
• Gmail API: We request read-only access to email headers (From, To, Subject, Date). We do NOT read email body content during sync. Data flows FROM Gmail TO our application.
• HubSpot API: We request access to contacts and form submissions. Data flows FROM HubSpot TO our application.
• JivoChat API: We access client/contact information from your chat history. Data flows FROM JivoChat TO our application.

4.2 AI Analysis Services (Data Sent OUT)

Important: When you use AI features, lead data is sent to external services for processing:

• Ollama (Local): If configured, AI processing happens locally on your server. No data leaves your infrastructure.
• Claude API (Anthropic): If configured, lead names, emails, company names, and context are sent to Anthropic's servers for analysis. See Anthropic's Privacy Policy.
• Groq API: If configured, lead data is sent to Groq's servers for analysis. See Groq's Privacy Policy.

4.3 Web Search Services (Data Sent OUT)

When you use the "Research Lead" feature:

• SearXNG (Self-hosted): If configured, search queries stay within your infrastructure.
• Brave Search API: If configured, lead names and company names are sent to Brave's servers. See Brave's Privacy Policy.

5. Google API Services User Data Policy

Our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to data necessary for the application's functionality
• We do not sell your Google user data to third parties
• We do not use Google user data for advertising purposes
• We do not allow humans to read your data unless you give explicit consent, it's required for security purposes, or required by law

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only:

• With AI providers (when using cloud AI) for analysis purposes
• When required by law or legal process
• To protect our rights or the safety of users

7. Data Security

We implement appropriate security measures to protect your data:

• OAuth 2.0 for secure authentication with third-party services
• HTTPS encryption for data in transit
• Token-based authentication without storing passwords

8. Your Rights

You have the right to:

• Access your personal data stored in the application
• Request deletion of your data
• Revoke access to connected services at any time
• Export your data

9. Data Retention

For self-hosted installations, you control data retention. You can clear all data at any time through the application settings.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

• Email: support@fastogt.com
• Website: https://fastogt.com