Privacy Policy
Last updated: 25 Apr 2026
Introduction
Donna CRM ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services.
Information We Collect
We collect information you provide directly to us, information we receive when you connect Google services, and information collected automatically when you use the Service, including:
- Account information (name, email address)
- Organization and subscription information (plan and billing status)
- CRM data you create (contacts, pipelines, tasks, notes, comments, and email templates)
- Emails you compose or schedule through Donna (for example, campaign content and outbox records)
- Usage and diagnostic data (such as feature usage, log data, and browser/device information)
Google user data (Gmail & Calendar)
Donna CRM integrates with Google Workspace to help you manage relationships inside Gmail. We access Google user data only after you grant permission, and we request the minimum scopes needed for each feature.
- Gmail identifiers: we store minimal identifiers such as Gmail thread IDs, message IDs, and label identifiers to link CRM activity to email threads, support automations, and enable deep-linking back to Gmail.
- Gmail content processing: when you use AI features (like summaries or suggested replies), we may process limited email content (such as subject/snippet or message text) to generate outputs. We design our systems to avoid persisting full email bodies in long-lived CRM tables, and fetch display metadata from Gmail at runtime when possible.
- Calendar data: if you schedule meetings through Donna, we may create and manage events in your Google Calendar. We may store event identifiers and basic metadata (such as title, start/end time, and attendees) to support this feature.
- OAuth tokens: we store Google OAuth tokens (for example, a refresh token) in encrypted form to provide server-side access where required. You can revoke access at any time in your Google Account settings.
Donna CRM’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Email engagement tracking
If you enable email engagement tracking, we may add a tracking pixel and/or tracked links to emails sent through Donna. When a recipient opens an email or clicks a link, our servers receive a request and we record engagement events (such as open/click timestamps) associated with a tracking token. Our servers may also receive standard request metadata (such as IP address and user-agent) for security and abuse prevention.
Cookies & analytics (website)
Our marketing website may use cookies and similar technologies to help us understand how the site is used and measure marketing performance. This includes:
- Google Analytics 4 (GA4) for usage analytics
- Google Ads conversion tracking for install intent measurement
We do not load these optional analytics/marketing tags until you provide consent. You can update your preferences anytime via the “Cookie preferences” link in the site footer.
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate users and manage accounts
- Provide CRM features (pipelines, tasks, contact management) and run automations you configure
- Send emails you draft/schedule through Donna and measure engagement when tracking is enabled
- Provide AI features (such as summaries and suggested replies) and enforce usage limits
- Process payments and manage subscriptions (via our payment processor)
- Send technical notices, updates, and support messages
- Respond to your comments and questions
- Analyze usage patterns to improve user experience and reliability
AI features and model providers
Donna CRM includes AI-powered features (for example, onboarding analysis, email thread summaries, and reply suggestions). When you use these features, we may send the text you provide and relevant context to a third-party AI model provider (such as OpenAI or Google) to generate results.
We may store AI session history (your prompts, the assistant’s responses, and related context) to allow you to view past results and continue conversations. We also log AI usage metrics (such as model, token counts, and estimated cost) for rate limiting and billing/usage enforcement.
Data retention
We retain data only as long as needed to provide the Service and for legitimate business purposes. Our default retention approach includes:
- Derived Google data (such as AI session content, onboarding analysis, email tracking records, and Gmail-derived timeline events) is retained for up to 90 days and then deleted on a regular cadence.
- Minimal Google linkage identifiers (for example, thread/message IDs) are retained while your account is active and removed when your organization is deleted.
- Core CRM data (contacts, pipelines, tasks, templates, and notes) is retained while your account is active, unless you delete it earlier.
- If you request deletion of your organization/account, we complete deletion within 90 days.
Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit using TLS and at rest using industry-standard encryption.
Data Sharing
We do not sell your personal information. We may share information with service providers who help us operate the Service, only as needed to provide functionality. This may include providers for cloud hosting and data storage, analytics, AI processing, and payment processing (for example, Razorpay). We may also disclose information if required to comply with applicable laws or to protect the security and integrity of the Service.
Your Rights
You have the right to:
- Access and receive a copy of your personal data
- Rectify inaccurate personal data
- Request deletion of your personal data
- Withdraw consent and revoke Google account access
Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@donnacrm.com.