Rendeal LogoRendeal
Console Login

Privacy Policy

Last Updated: May 22, 2026

🔒 Google API Services User Data Policy Compliance

Rendeal AI Deal Creator’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

This Privacy Policy describes how Pure Identity Ltd(“Rendeal”, “we”, “our”, or “us”) collects, uses, processes, discloses, and safeguards information in connection with the Rendeal AI Deal Creator Gmail Add-on and related services available through Rendeal.co (collectively, the “Services”).

Rendeal AI Deal Creator enables users to analyze email content within Gmail and create or synchronize structured deal and CRM records with supported third-party platforms such as HubSpot, Zoho CRM, and Zendesk Sell.

We are committed to handling customer information responsibly, minimizing data collection where reasonably possible, and maintaining appropriate technical and organizational safeguards designed to protect personal and business information.

1. Information We Collect

A. Google Account and Gmail Information

Subject to your authorization, the Services may access certain Gmail content and Google account information necessary to provide the functionality of the Gmail Add-on.

Depending on the permissions granted, this may include:

  • Email subject lines
  • Email body content
  • Sender and recipient information
  • Message metadata and contextual event data
  • Google account email address
  • Locale and language settings

Gmail content is accessed solely to provide user-initiated deal extraction, CRM synchronization, and related workflow automation features.

Detailed Google OAuth Scopes & Data Usage:

Google OAuth ScopeUser Data CollectedFunctional Purpose
gmail.addons.executeGmail contextual event metadata.Renders the AI Deal Creator contextual panel dynamically in your Gmail sidebar interface.
gmail.addons.current.message.readonlyCurrently open email body, subject line, sender, and recipient headers.Analyzed in-memory using secure multi-model AI mesh to identify deal stakeholders, intent, and estimated transaction values.
script.external_requestNone. Outbound network capability.Enables the secure outbound transmission of parsed deal records directly to your designated CRM endpoint (e.g., HubSpot).
userinfo.emailYour Google Workspace or Gmail email address.Used to uniquely identify your Rendeal account, verify billing plans, and authenticate your session.
openidGoogle identifier tokens.Establishes secure, federated single-sign-on (SSO) authentication.
script.localeBrowser language and locale settings.Ensures dates, numbers, currencies (e.g., ₦), and language rules fit your local region configurations.

B. CRM Integration Information

Where you choose to connect a third-party CRM platform, we may process information necessary to create, search, update, or synchronize CRM records.

This may include:

  • Contact records (name, title, email, phone)
  • Company records (domain, industry, size)
  • Deal or pipeline information (stage, value, closing date)
  • OAuth access credentials and refresh tokens (secured via AES-256 encryption at rest)

Supported integrations include **HubSpot CRM**, **Zoho CRM**, and **Zendesk Sell**. We request only the scopes necessary to verify if contacts already exist in your directory and to securely write or update pipeline records.

C. Account and Billing Information

We may collect limited account and subscription information, including:

  • Name and email address
  • Organization or workspace information
  • Subscription and billing status
  • Customer identifiers provided by payment processors

Subscription payments are handled completely and securely by Stripe, Inc. Rendeal never sees, records, processes, or stores your raw credit card numbers or security codes. Payment processing is completely sandboxed via Stripe Elements in compliance with Payment Card Industry Data Security Standard (PCI-DSS Level 1) standards.

2. How We Use Information

We use information processed through the Services for the following purposes:

  • Providing, operating, and maintaining the Services
  • Authenticating users and managing accounts
  • Analyzing email content to generate structured deal data
  • Creating or updating CRM records at the user’s direction
  • Providing customer support
  • Improving service reliability, security, and performance
  • Detecting fraud, abuse, or unauthorized activity
  • Complying with legal and regulatory obligations

We do not use Google Workspace API data to develop, improve, or train generalized artificial intelligence or machine learning models.

3. Google API Data Handling and Limited Use

Rendeal’s use of information received from Google APIs is limited to providing or improving user-facing features that are visible and directly relevant to the user’s use of the Services.

We do not:

  • Sell Google user data to third parties
  • Use Google user data for advertising purposes (including personalized or interest-based ads)
  • Create advertising profiles based on Gmail content
  • Transfer Google user data to data brokers or information resellers
  • Use Gmail content for generalized AI model training

Access to Gmail data is limited to authorized functionality requested by the user.

4. Zero-Retention Ephemeral AI Processing & Data Retention

Rendeal is designed to minimize retention of email content wherever reasonably practicable.

We protect your commercial transaction secrets with strict ephemeral processing: we do not store, write to disk, or persist the contents of your email body, email metadata, or email thread text.

All email parsing calculations are processed entirely in-memory using secure, high-speed RAM buffers. Once the AI analysis is completed and returned to your Gmail sidebar, the email content is instantly and permanently purged from our RAM buffers. We generally do not store email content after processing, except where temporary retention is necessary for:

  • Security monitoring and abuse prevention
  • Error detection and operational debugging
  • Service reliability and telemetry
  • Legal or compliance obligations

Account metadata (emails, domains, seat counts), integration credentials (encrypted CRM refresh tokens), and subscription records are retained securely for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

5. Third-Party Service Providers & AI Sub-processors

We may engage trusted third-party service providers to support the operation of the Services, including:

A. Artificial Intelligence Sub-processors

To extract high-fidelity fields, stakeholders, and pipeline estimates, Rendeal routes raw email text ephemerally to private, commercial AI model sub-processors under strict enterprise-grade agreements:

  • Google Gemini via API: Transactions are processed on secure, isolated instances. Google is contractually prohibited from using, scanning, or persisting your text to train any public Gemini models.
  • OpenAI Enterprise & Anthropic Claude (via private API tunnels): Outbound queries are routed over encrypted HTTPS channels. Zero text payload is stored or used for secondary training.

All AI sub-processors operate on transient, RAM-only execution boundaries. Payloads are discarded immediately upon returning the structured JSON deal object to your active session.

B. Infrastructure and Core Services

Our application backend, APIs, and databases are hosted on enterprise-grade cloud networks under strict operational security audits:

  • Vercel, Inc. (Hosting Platform): Manages our Next.js edge routing, protected by enterprise Web Application Firewalls (WAF) and active DDoS shielding.
  • Secure PostgreSQL Database: Holds SaaS account metadata (emails, domains, seat counts, and encrypted CRM refresh tokens). Access is restricted to authorized servers with multi-factor authentication (MFA) and automated visual audits.
  • Stripe, Inc. (Payment Processing): Secure B2B payment gateway operating under Level 1 PCI-DSS compliance.

These providers process information solely on our behalf and under contractual obligations designed to protect confidentiality and security. Third-party providers maintain their own independent privacy policies and practices, and users are encouraged to review those policies directly.

6. Security Measures

We implement commercially reasonable administrative, technical, and organizational safeguards intended to protect information against unauthorized access, disclosure, alteration, or destruction.

Such safeguards include:

  • Encryption of data in transit using the TLS 1.3 protocol
  • Encryption at rest of sensitive credentials (such as CRM OAuth refresh tokens using military-grade **AES-256 encryption**)
  • Access controls, Multi-Factor Authentication (MFA), and administrative authentication mechanisms
  • Active monitoring, logging, and security auditing systems
  • Security patching and automated vulnerability management procedures

No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

7. International Data Transfers

Your information may be processed or stored in jurisdictions outside your country of residence where our service providers or infrastructure providers operate (including the United States and European Union).

Where required by applicable law, we implement appropriate safeguards designed to protect personal information transferred internationally.

8. Your Rights, Choices, and Deletion

Subject to applicable law, users may have rights to:

  • Access personal information held by us
  • Correct inaccurate or incomplete information
  • Request deletion of account information
  • Withdraw consent for CRM integrations
  • Object to certain processing activities
  • Request export of certain account information

Methods to revoke and manage your credentials:

  • Data Deletion Requests: You can request full deletion of all saved account metadata at any time by contacting us at privacy@rendeal.co. We process all valid requests within 3 business days, destroying all metadata entries and encrypted refresh tokens.
  • CRM Disconnection: You can instantly revoke Rendeal's access to your HubSpot, Zoho CRM, or Zendesk Sell accounts directly from your admin console dashboard, deleting all encrypted keys from our systems.
  • Add-on De-authorization: You can completely disconnect Rendeal's access to your Google account at any time by visiting your Google Account Permissions portal and removing Rendeal AI Deal Creator.

9. Children’s Privacy

The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, or business operations.

Updated versions will be posted on this page together with the revised effective date.

11. Contact Information

Company: Pure Identity Ltd (RC - 9001342)

Email: privacy@rendeal.co

Address: Rendeal HQ, 94 Odunsi St, Off St-Finbarrs College Road, Lagos, Nigeria