CollabScannercollabscannerGo to App

Privacy Policy

Last Updated: February 7, 2026

CollabScanner (“we,” “our,” or “us”) operates the CollabScanner service available at app.collabscanner.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication, communication, and account identification)

We do not collect your name, phone number, or physical address during registration.

1.2 Email Account Data

When you connect a Gmail or Microsoft Outlook account to scan for creator outreach:

  • Email metadata: Sender name, email address, subject line, date received, thread identifiers
  • Email content: Body text of emails in your inbox, which is analyzed to identify creator collaboration requests
  • Account identifiers: Your connected email address, display name, and provider type (Google or Microsoft)

Important:

  • Email content is sent to our AI provider (OpenAI) for analysis but is not permanently stored in our database. Only the extracted creator information (see Section 1.3) is stored.
  • We scan emails from the last 30 days in your inbox.
  • We do not access drafts, sent emails, spam, trash, or attachments.

1.3 Creator Information Extracted

From emails identified as creator outreach, our AI extracts and stores:

  • Creator name and contact email address
  • Social media handles and follower/subscriber counts
  • Engagement rates and average view counts
  • Collaboration rates and pricing information
  • Collaboration type preferences (UGC, paid, gifted)
  • Content niches and categories
  • Media kit and portfolio URLs
  • Previous brand collaborations mentioned
  • Agency or talent manager information
  • Geographic location (as stated in their email)

1.4 Campaign and Workflow Data

When you use the Service to manage campaigns, we store:

  • Campaign names, descriptions, deadlines, and budgets
  • Creator assignments to campaigns
  • Proposed and negotiated rates
  • Deliverable descriptions, due dates, and content links
  • Workflow stage assignments
  • Activity log entries (notes you write and system-generated events)
  • Task labels and completion status

1.5 Payment Information

When you subscribe to a paid plan:

  • Payment is processed entirely by Stripe. We do not receive, process, or store your credit card number, CVV, or full billing details.
  • We store only your Stripe customer ID, subscription ID, plan type, subscription status, and billing period dates.

1.6 Team and Organization Data

If you create or join a team:

  • Organization name
  • Member email addresses and roles (owner, admin, member)
  • Invitation records

1.7 Technical Data

We automatically collect:

  • Session identifiers (stored as HTTP-only cookies)
  • IP address (for rate limiting and security; not permanently logged)
  • Timestamps of actions (scans, logins, status changes)

We do not use third-party analytics trackers, advertising pixels, or behavioral tracking tools.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Scan your email inbox, extract creator information, and display it in your dashboard
  • Process payments: Manage your subscription through Stripe
  • Enforce plan limits: Track scan usage, email account connections, and team member counts per your subscription tier
  • Maintain security: Authenticate sessions, validate input, rate-limit requests, and detect unauthorized access
  • Send transactional emails: Account confirmation, password reset, and critical service notifications
  • Improve the Service: Identify bugs and improve functionality based on aggregated, non-identifiable usage patterns
  • Comply with legal obligations: Respond to lawful requests and enforce our Terms of Service

We do not use your data for advertising, marketing profiling, selling to third parties, or training AI models.

3. Third-Party Services

We use the following third-party services to operate. Each acts as a data processor on our behalf:

3.1 Supabase

  • Purpose: Database hosting (PostgreSQL) and user authentication
  • Data processed: All Service data stored in our database; user email and password hash for authentication
  • Location: Cloud-hosted in the United States (AWS us-east-2)

3.2 Unipile

  • Purpose: Email account connection via OAuth and email fetching
  • Data processed: OAuth tokens for Gmail/Outlook access; email metadata and content during scanning

3.3 OpenAI

  • Purpose: AI-powered analysis to identify creator emails and extract structured information
  • Data processed: Email sender, subject, and body text are sent to OpenAI's GPT-4o-mini API for analysis
  • Note: We use the OpenAI API, which does not use submitted data to train models by default.

3.4 Stripe

  • Purpose: Subscription billing and payment processing
  • Data processed: Your email address, selected plan, and payment method (handled entirely by Stripe)
  • Note: CollabScanner never receives or stores your full credit card details.

3.5 Railway & Vercel

  • Purpose: Backend application hosting (Railway) and frontend hosting (Vercel)

4. Data Retention

Data TypeRetention Period
Account dataUntil you delete your account
Connected email account recordsUntil you disconnect or delete your account
Email content scannedNot permanently stored; processed in memory only
Extracted creator dataUntil you delete your account
Campaign and workflow dataUntil you delete your account
Session dataExpires automatically (typically 24 hours)
Payment records (Stripe IDs)Until account deletion; Stripe retains per their policy
Trial usage trackingRetained indefinitely to prevent trial abuse

5. Data Deletion

5.1 Account Deletion

You can delete your account at any time through the Service settings. Upon deletion, all your data is immediately and permanently deleted from our database, including creators, campaigns, deliverables, tasks, activity logs, email account connections, and your user record. Your connected email accounts are disconnected from Unipile and your authentication account is removed.

Exception: Trial usage records are retained to prevent abuse (email hash only, no personal data).

5.2 Email Account Disconnection

You can disconnect individual email accounts through the Service settings. You can also revoke access directly through your Google account permissions or Microsoft account permissions.

5.3 Automatic Cleanup

We automatically disconnect inactive email account integrations for expired trial accounts, canceled subscriptions, and accounts inactive for 60+ days.

6. Data Security

We implement the following security measures:

  • Encryption in transit (HTTPS/TLS) and at rest (via Supabase infrastructure)
  • HTTP-only, secure cookies with SameSite protection
  • Parameterized SQL queries to prevent injection attacks
  • Input validation on all user-submitted data
  • URL sanitization to prevent XSS attacks
  • Rate limiting on authentication, API, and billing endpoints
  • Security headers (Content-Security-Policy, X-Frame-Options, etc.)
  • CORS restrictions limiting API access to authorized origins
  • Cryptographic verification of Stripe webhook signatures

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

  • Access: View all your data through the Service dashboard
  • Export: Growth and Pro plan users can export creator and campaign data
  • Correction: Update your data directly through the Service
  • Deletion: Delete your account and all associated data at any time
  • Disconnection: Disconnect email accounts at any time
  • Subscription: Cancel your subscription at any time via the Stripe billing portal

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information. To exercise these rights, contact us at collabscannerofficial@gmail.com.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights to access, rectify, erase, restrict, and port your personal data, as well as to object to processing and lodge complaints with your local data protection authority.

Legal Basis for Processing: Contract performance (providing the Service), legitimate interests (security, fraud prevention), and consent (connecting your email account).

Data Transfers: Your data may be transferred to and processed in the United States. We rely on standard contractual clauses and data processing agreements of our third-party providers.

To exercise these rights, contact us at collabscannerofficial@gmail.com.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access Gmail data necessary to provide the Service, do not use it for advertising, do not sell it, and do not use it to train AI models.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you by posting the updated policy, updating the “Last Updated” date, and sending email notification for material changes. Your continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

CollabScanner
Email: collabscannerofficial@gmail.com