This Privacy Policy explains how Candango ("we", "us") collects, uses, and protects information when you use our sales CRM and website. (Draft — to be finalized with counsel.)
Information we collect
- Account data: name, email, organization, role.
- Customer-relationship data you enter: contacts, deals, activities, notes.
- Integration data you authorize: Google (email & calendar) and QuickBooks (estimates & invoices).
- Usage and device data, and payment metadata processed by Stripe (we never store card numbers).
How we use it
To provide and improve the service, sync your authorized integrations, process billing, and secure your workspace.
Google API Services — Limited Use disclosure
Candango's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data (Gmail and Google Calendar) solely to provide user-facing features within Candango, do not transfer or use it for advertising, and do not allow humans to read it except with your consent, for security, or as required by law. (Required verbatim-equivalent for Google verification — keep this section.)
Data sharing
We share data only with subprocessors that run the service (e.g. hosting, Stripe for payments, Brevo for transactional email, Google and Intuit for the integrations you connect). We do not sell personal data.
Your rights
Depending on your region (GDPR, CCPA/CPRA, LGPD) you may access, correct, export, or delete your data. Contact us to exercise these rights.
Data retention & security
We retain data while your workspace is active and apply tenant isolation, encryption of integration tokens, and role-based access controls.
Contact
Questions about this policy: contact us.