Last updated: 15 September 2025

1. Overview Content Compass (“we”, “our”, “us”) provides tools to index your content, power assistants, and draft communications. This Privacy Policy explains what we collect, why we collect it, and how we protect it.
2. What we collect

• Account information
  • Name, email address, company details you provide.
• Service data you choose to connect
  • Website pages you index and documents you upload.
  • Assistant usage (e.g., interactions, timestamps, feature flags).
• Email Assistant (optional)
  • If you connect Gmail, we store OAuth tokens to send emails on your behalf and (if enabled later) to read limited metadata strictly for the features you choose to use.
• Technical
  • Basic diagnostics and security logs (IP, user agent), and essential cookies for authentication and session continuity.

3. How we use data

• Provide and improve the Service (assistants, drafts, indexing, syncs).
• Enforce plan limits and overage, protect against abuse, and diagnose issues.
• Communicate service updates and support matters.

We do not sell personal data.

4. Gmail and Google APIs

• Scope and purpose
  • If you connect Gmail, we currently request gmail.send to send messages you authorise from your account.
• Limited use
  • Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
• Control
  • You can disconnect Gmail in the portal at any time or revoke access via your Google Account security settings.

5. Legal basis (where applicable)

• Contract (to provide the Service you use).
• Legitimate interests (security, service reliability, analytics to improve).
• Consent (for optional features like Gmail connection).

6. Data sharing

• Service providers under contract (cloud hosting, storage, logging) who must protect data and use it only to deliver their services to us.
• Legal requests where required by law.
• We do not sell or rent your data.

7. Security

• We apply administrative, technical, and organisational safeguards appropriate to the sensitivity of the data, including secure credential handling and restricted access.
• No method is 100% secure; please keep your account credentials safe and notify us of any suspected compromise.

8. Retention

• We retain data for as long as needed to provide the Service, meet legal obligations, or resolve disputes.
• You may request deletion of your account data; some records (e.g., logs, invoices) may be retained where legally required or for legitimate interests (e.g., fraud prevention).

9. International transfers

• We may process and store data in countries other than your own. Where we transfer data, we implement appropriate safeguards consistent with New Zealand law and other applicable data protection requirements.

10. Your rights

• Access, correction, deletion, and portability (subject to applicable law).
• Objection or restriction to certain processing.
• Withdrawal of consent for optional features (e.g., Gmail) at any time.

11. Cookies

• We use essential cookies for login, sessions, and portal functionality. We may use limited analytics to improve performance and reliability.

12. Children’s privacy

• The Service is not directed to children under 13. We do not knowingly collect personal data from children.

13. Changes to this policy

• We may update this policy to reflect changes to our practices. Material changes will be communicated by email or in-product. Continued use of the Service indicates acceptance.

14. Contact

• Email: hello@contentcompass
• Website: https://contentcompass.io