Privacy Policy

A. Account Information: When you sign in with Google, we collect your email address, Google profile name, and subscription tier (Free or Subscriber).

B. Property Information: Property addresses you add, canonical property names (auto-generated), and details like lease dates or rent amounts.

C. Gmail Data (via gmail.readonly scope): When you connect your Gmail account, we request read-only access. We cannot send, delete, or modify your emails.

What we READ from Gmail: Email subject lines, email body content, sender name and email address, recipient information, date sent, Thread ID and Message ID, and PDF attachments (text extracted for analysis).

What we STORE in our database: AI-generated summaries (1-2 sentences, not the full email body), email snippets (first ~200 characters), sender information, email date, AI-classified category (e.g., 'Maintenance', 'Turnover'), AI-extracted tags (e.g., 'HVAC', 'Plumbing'), extracted cost amounts, Gmail thread and message identifiers, a link back to the original email in Gmail, and attachment metadata (file names and sizes only).

What we DO NOT store: Full email body text, email HTML content, original PDF files (text is extracted then the file is discarded), or emails unrelated to your properties.

D. Device & Usage Data: We automatically collect information about how you interact with our service, including IP address (used to derive approximate geographic location), browser type and version, device type, pages visited, features used, session duration, and referring URLs. This data helps us improve the user experience and troubleshoot issues.

A. Core Service Functionality: We scan your Gmail for property management emails, use AI to extract summaries, costs, and vendor information, cluster related emails into 'cases' for easy tracking, and identify turnover events and maintenance issues.

B. AI Processing (Google Gemini): We send email subject lines, sender information, email body snippets (limited length), and property context to Google Gemini AI for analysis. Gemini returns category classifications, cost extractions, vendor identification, and summary generation. Per Google's policies, data sent to Gemini may be retained for up to 55 days for abuse monitoring purposes, but is NOT used to train AI models. We do not use your email data to train any AI models. Important: AI analysis is probabilistic and may occasionally produce errors. Automated summaries and extracted data (including cost amounts) should be verified before making financial or legal decisions.

C. Quality Improvement (Opt-In): To improve our clustering algorithms and service quality, we may request your consent to review AI-extracted case data. This review is entirely optional and requires your explicit opt-in. You can withdraw consent at any time by contacting support@thecontrolsurface.com.

D. Service Communications: We use your contact information to send account notifications, feature updates, and onboarding assistance.

E. Service Optimization & Recommendations: We may use aggregated metrics from your usage (such as case volume or property count) to provide personalized recommendations on how to better utilize the Service's features. We may contact users who start but don't complete onboarding to offer assistance. We do not use email content for third-party advertising. You can opt out of these communications at any time.

F. Analytics & Product Improvement: We analyze usage patterns to improve our service, develop new features, fix bugs, and optimize performance. Analytics data is aggregated and does not include your email content.

G. Legal Compliance: We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests.

The Control Surface's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

Our specific commitments: We only use Gmail data to provide and improve the property management features described in this policy. We do not use Google data for advertising. We do not sell Google user data. We do not use Google data to train generalized AI or machine learning models. We only share data with service providers necessary to operate the app. Human access to user data is limited to investigating security incidents, complying with legal requirements, or when you explicitly request support assistance.

Service Providers: We share data with the following providers to operate our service: Google Gemini AI (for real-time email analysis and summarization - receives email snippets, subjects, and sender info), Anthropic Claude AI (for internal quality assurance of our case clustering - receives case titles, property names, and email summaries), Google Cloud Run (application hosting - all application data, encrypted), Vercel (frontend hosting - web traffic and geographic filtering), Supabase (database hosting - all stored data, encrypted), PostHog (anonymized product analytics only), and Stripe (payment processing - billing information only, when applicable).

Analytics Providers: We use analytics services to understand how users interact with our platform. These services may collect pages visited, clicks, session duration, and device information. Some services may record anonymized session replays to help us identify usability issues. Analytics data does not include your email content or Gmail data.

Email Communications: We may use email marketing services (such as Loops) to send service notifications, onboarding sequences, and marketing communications. These services receive your email address and subscription status only.

Important: Your email data is primarily processed within Google's ecosystem. Real-time email analysis flows from Gmail to Google Gemini - both Google services. For quality assurance of our clustering algorithms, case summaries may also be evaluated using Anthropic's Claude AI.

Professional Advisors: We may share information with our lawyers, accountants, auditors, and other professional advisors as necessary for business operations, under confidentiality obligations.

Business Transfers: If The Control Surface LLC is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

Cookies & Tracking Technologies: Our marketing website may use cookies, pixels, and similar technologies to analyze traffic, measure advertising effectiveness, and deliver targeted advertisements. These technologies do NOT have access to your Gmail data or email content. You can manage cookie preferences through your browser settings. Note: Gmail data is never used for advertising purposes in compliance with Google's Limited Use requirements.

We do NOT: Sell your data to third parties, use Gmail data for advertising purposes, or provide data to data brokers.

Legal Disclosure: We may disclose data if required by law, court order, governmental request, or to protect our legal rights, safety, or property.

Third-Party Services: Our service integrates with third-party services (such as Google, Stripe, and analytics providers) that have their own privacy policies. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before using their services through our platform.

Active Accounts: Email data is retained as long as your account is active. You can delete your entire account at any time.

Account Deletion: When you delete your account, all email logs are permanently deleted, all cases and properties are deleted, all contacts and turnover events are deleted, your Google OAuth tokens are revoked, and anonymized usage statistics are retained for aggregate analysis (using a salted cryptographic hash of your email that cannot be reversed - your actual email address is not stored).

Deletion Timeline: Account deletion is processed immediately, and primary data is removed from our active databases. Residual copies in encrypted backups and system logs are purged in accordance with our standard retention lifecycle, typically within 30 days.

Technical Measures: All data is encrypted in transit using TLS/SSL. Our database is encrypted at rest (Supabase). Google OAuth tokens are encrypted at the application level using AES-256-GCM before storage (we hold the encryption keys). We implement rate limiting on authentication endpoints. We use CORS restrictions to limit API access.

Access Controls: You can only access your own data. Admin access is limited to authorized personnel and protected by strict access controls. We do not support shared accounts.

Vulnerability Disclosure: Security researchers may report vulnerabilities to security@thecontrolsurface.com. We acknowledge receipt within 5 business days and work to resolve confirmed vulnerabilities promptly. We do not pursue legal action against researchers who act in good faith.

No Guarantee: While we implement commercially reasonable security measures to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Access: You can view all data we store about you in the dashboard.

Deletion: You can delete your entire account via Settings → Delete Account, which removes all data immediately. You can also revoke our Gmail access at any time via Google Security Settings (https://myaccount.google.com/permissions).

Portability: Contact us at support@thecontrolsurface.com to request a data export.

Correction: You can update property information directly in the dashboard.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You can request deletion of your personal information. You can exercise this right via Settings → Delete Account, which removes all your data immediately.

Right to Opt-Out of Sale: We do not sell your personal information to third parties. We do not sell Gmail data or any data derived from your emails.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected: Identifiers (email address, name), commercial information (subscription status), internet activity (pages visited, features used), and geolocation data (approximate location from IP address).

To exercise your rights, contact us at support@thecontrolsurface.com or use the self-service deletion option in Settings. We will respond to verifiable requests within 45 days.

This service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

Data Location: Our application is hosted on Google Cloud (us-central1, USA). Our database is hosted on Supabase. Our frontend is hosted on Vercel with geographic filtering limited to North America.

If you are located outside the United States, your data will be transferred to and processed in the United States.

We will notify you of material changes via email notification, in-app notification, and an updated 'Last Updated' date at the top of this policy. We encourage you to review this policy periodically.

For privacy questions, data requests, or concerns, please contact us at:

The Control Surface LLC

4212 Woodhead Street Unit #2014, Houston, TX 77098

Email: support@thecontrolsurface.com