Privacy Policy

Account Information

When you create an account, we collect your name, email address, company/organization name, and account credentials. If you sign in via Google or Microsoft OAuth, we receive your profile information (name, email, avatar) from those providers. We also store session data including JWT tokens, device type, browser, and approximate location for security purposes.

Platform Integration Data

Gazillion CRI connects to third-party platforms via OAuth to deliver its core functionality. When you connect an integration, we collect and process the following:

• Slack: Channel message history (public and private channels, DMs, and group messages) to detect communication failures such as missed tasks, vague ownership, and unanswered questions. We use Slack bot tokens to send intervention DMs to relevant users when issues are detected.
• Microsoft Teams: Channel and chat messages via Microsoft Graph subscriptions (real-time change notifications). Calendar events from Microsoft 365 calendars to identify and auto-join meetings.
• Google Calendar: Calendar events including meeting titles, times, participants, and agenda descriptions. This data is used to detect meeting patterns, auto-join meetings for analysis, and identify meetings that could have been an email.
• Zoom: Meeting metadata, participant lists, and cloud recordings. Recordings are fetched and transcribed for meeting analysis, action item extraction, and communication pattern detection.
• Jira: Project and issue data. Gazillion CRI creates Jira tickets automatically from action items detected in meetings and communication channels.

Meeting Content

When your organization enables meeting analysis, Gazillion CRI may join calendar meetings using automated bots (via Recall.ai) to capture audio and generate transcripts. These transcripts are analyzed by AI to extract action items, detect communication issues, and calculate the cost of meetings.

AI-Processed Data

Communication data from connected platforms is processed using large language models (LLMs) to generate detections (communication failures), meeting summaries, cost analyses, and nudge messages. The AI analyzes message patterns, meeting transcripts, and calendar data to identify issues such as: redundant meetings, tasks without clear owners, unanswered questions, scheduling conflicts, and communication bottlenecks.

Automatically Collected Data

We collect device information, browser type, IP address, usage patterns, and interactions with platform features to maintain security, debug issues, and improve the product.

• Analyzing communication patterns across Slack, Teams, and email to detect failures and inefficiencies
• Auto-joining and recording calendar meetings to generate transcripts and summaries
• Extracting action items from meetings and creating Jira tickets automatically
• Sending intervention DMs via Slack when communication issues are detected
• Sending meeting nudges to organizers about potential issues (no agenda, excessive duration, low participation)
• Calculating and displaying the financial cost of meetings and recovered value from interventions
• Providing real-time detection feeds via WebSocket to your organization's dashboard
• Generating analytics on communication health, meeting costs, and team coordination
• Authenticating users, managing sessions, and enforcing multi-tenant data isolation
• Sending transactional emails (verification, password reset, sign-in alerts, team invitations)

Gazillion CRI implements the following security measures:

• All data in transit is encrypted via TLS. OAuth tokens and integration credentials are stored encrypted at rest.
• Custom JWT authentication with short-lived access tokens and long-lived refresh tokens, with session tracking and revocation.
• TOTP-based two-factor authentication (2FA) available for all user accounts.
• HMAC-signed CSRF protection for OAuth state parameters.
• Rate limiting on authentication endpoints and API routes.
• Audit logging of security-sensitive actions (sign-ins, password changes, 2FA, session management).
• PII filtering in logs to prevent accidental exposure of sensitive data.
• Multi-tenant data isolation — every database query is scoped to the authenticated organization.
• Webhook signature verification (HMAC) for inbound Slack and Zoom events.
• Account lockout after repeated failed login attempts.

We request only the minimum OAuth scopes required for each integration:

• Google: Read-only calendar access and email identification (openid, email, calendar.readonly)
• Microsoft: User profile, read-only calendar, Teams channel and chat message reading, and offline refresh
• Zoom: Meeting reading, meeting listing, cloud recording access, and user profile reading
• Slack: Channel/group/DM message history, chat write (for intervention DMs), user reading, and DM channel creation
• Jira: Read and write access to Jira work items and user data for automatic task creation

You can disconnect any integration at any time from the Integrations page. Disconnecting removes our access tokens and stops all data collection from that platform.

Gazillion CRI does not sell personal information or organizational data. Data may be shared with:

• LLM providers (Groq): Communication data and transcripts are sent to AI models for analysis. We do not permit providers to train on your data.
• Recall.ai: Meeting audio for transcription when meeting auto-join is enabled.
• Email delivery (Mailtrap): Email addresses for transactional email delivery only.
• Hosting infrastructure: Our backend runs on dedicated servers; data is stored in PostgreSQL with pgvector.

Information may also be disclosed when required by law, legal process, or to protect the safety, rights, or integrity of Gazillion CRI, its users, or the public.

Gazillion CRI enforces configurable data retention policies. By default, communication data, detections, and meeting records are automatically purged after 90 days. Organizations can customize this from their dashboard settings.

Automated nightly purge processes permanently delete expired data. Account data (user profiles, organization settings) is retained while the account is active. Upon account deletion, all associated data is permanently removed.

Depending on applicable laws (including GDPR and CCPA), you may have the right to:

• Access personal data we hold about you
• Correct inaccurate information
• Request deletion of your data
• Withdraw consent for data processing
• Export your data in a portable format
• Disconnect any integration and stop data collection

To exercise any of these rights, contact us at the address below.

Gazillion CRI integrates with Slack, Microsoft Teams, Google Calendar, Zoom, and Jira. Each platform operates under its own privacy policy. We encourage you to review them.

Gazillion CRI uses AI (large language models) to analyze communication data. Automated decisions include:

• Classifying messages and conversations as potential communication failures
• Scoring the severity and financial impact of detected issues
• Deciding whether to send intervention DMs or nudge messages
• Extracting and categorizing action items from meeting transcripts
• Determining whether a meeting could have been an email

These decisions are advisory. All detections are visible on the dashboard for human review. We do not use your organization's data to train AI models.

We may update this Privacy Policy to reflect changes in our services or legal requirements. We will notify users of material changes via email or in-app notification.

If you have questions about this Privacy Policy, contact us at: Legal@gazillioncri.com