Overview
BridgeKit ("we", "our", or "us") is a professional integration platform that connects productivity tools like Gmail, Google Calendar, Google Docs, Google Sheets, Google Drive, Fathom, Instantly, Bison, and Meta Ads. This Privacy Policy explains how we collect, use, and protect your information.
- We only access your data when you explicitly request it
- Your credentials are encrypted with 256-bit encryption
- We do not sell or share your data with third parties
- You can delete your account and all data at any time
Information We Collect
Account Information
When you create an account, we collect:
- Email address - Used for account identification and communication
- Password - Stored securely using industry-standard hashing (bcrypt)
OAuth Tokens
When you connect third-party services (Google, Fathom, Instantly, Bison), we store:
- OAuth access tokens - Encrypted at rest using Fernet (AES-128-CBC)
- OAuth refresh tokens - Encrypted at rest using Fernet (AES-128-CBC)
We never store your Google password or third-party service passwords. OAuth tokens allow us to access your data on your behalf without knowing your credentials.
API Keys
If you provide API keys for services like Fathom, these are:
- Stored encrypted at rest
- Only used when you explicitly request actions through our platform
How We Use Your Information
We use your information solely to:
- Provide the service - Access your connected platforms when you request it
- Authenticate you - Verify your identity when you log in
- Send important updates - Account-related emails (password resets, security alerts)
We only access your connected services (Gmail, Calendar, etc.) when you explicitly request an action. We do not perform background scanning, automated reading, or data harvesting.
Data Storage and Security
Encryption
- All sensitive data (OAuth tokens, API keys) encrypted with Fernet (AES-128-CBC)
- Passwords hashed with bcrypt (one-way encryption)
- All data transmitted over HTTPS (TLS 1.2+)
Data Isolation
- Each user's data is completely isolated from other users
- Per-user encryption keys where applicable
- No cross-user data access possible
Infrastructure
- Hosted on Railway (secure cloud infrastructure)
- Database hosted on Supabase with encryption at rest
- Rate limiting on all authentication endpoints
Third-Party Services
BridgeKit integrates with the following third-party services:
- Google Workspace (Gmail, Calendar, Docs, Sheets) - Subject to Google's Privacy Policy
- Fathom - Meeting transcription service
- Instantly - Email campaign platform
- Bison - Data analysis platform
- Stripe - Payment processing (subject to Stripe's Privacy Policy)
Your Rights and Controls
You have full control over your data:
- Access - View all data we store about you in your dashboard
- Revoke - Disconnect any third-party service at any time via OAuth revocation
- Delete - Delete your account and all associated data instantly
- Export - Request a copy of your data by contacting support
Data Retention
- Active accounts - Data retained while your account is active
- Deleted accounts - All data permanently deleted within 30 days
- OAuth tokens - Deleted immediately when you disconnect a service
Cookies
We use only essential cookies for:
- Session management (keeping you logged in)
- Security (CSRF protection)
We do not use advertising cookies or tracking cookies.
Children's Privacy
BridgeKit is not intended for users under 18 years of age. We do not knowingly collect information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website.
Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email: [email protected]
Last updated: January 2025
← Back to BridgeKit