Privacy Policy

Last Updated: July 2, 2026

Introduction

Welcome to CleaningMetrics. We value your privacy and are committed to protecting your business data. This policy explains how our web application collects, uses, stores, and protects your information.

Google API Services and Gmail Integration

CleaningMetrics OS optionally allows business owners to connect their Google account so that transactional emails (booking confirmations, payment receipts, password resets, appointment reminders) are sent from the owner's own domain rather than our platform's shared sender.

Scopes we request

When an owner connects their Google account, we request only these two OAuth scopes:

  • https://www.googleapis.com/auth/gmail.send, to send email on the owner's behalf via the Gmail API.
  • https://www.googleapis.com/auth/userinfo.email, to capture and display which Google account the owner connected.

What we do NOT do

We do notread, list, modify, archive, label, delete, or otherwise access any messages in the user's Gmail mailbox. The gmail.send scope permits sending only. No inbox access of any kind.

Use of Google user data

CleaningMetrics OS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use the data we obtain from Google APIs only to provide and improve the Gmail send-as feature described above. We do not use this data for serving advertisements, do not transfer it to third parties for purposes other than providing or improving the integration, and do not allow humans to read this data (except where required by law, where the user gives explicit consent, or where it is necessary for security investigations).

Refresh token storage and security

When you grant CleaningMetrics OS access to your Google account, Google issues us a refresh token. We encrypt this refresh token with AES-256-GCM before storing it in our managed Supabase database. The encryption key is held separately from the database. We never log the plaintext token.

We mint short-lived access tokens on demand from the refresh token each time the integration sends an email. Access tokens are not persisted.

How to revoke access

You can disconnect the Gmail integration at any time:

  1. In CleaningMetrics OS, navigate to Settings → Integrations and click Disconnect Gmail. We will immediately call Google's /oauth2/revoke endpoint to invalidate the refresh token, and we will delete the encrypted token from our database.
  2. Independently, you can revoke our access in your Google Account at https://myaccount.google.com/permissions. Removing CleaningMetrics OS from that list invalidates the token on Google's side. Our app will detect the revoked token on the next send attempt and clear it from our database.

Marketing campaigns

Marketing campaigns (bulk customer outreach) are sent through our shared transactional email provider, Resend, not through your connected Gmail account. This is by design: it preserves your Google account's send quota and reputation. If you do not connect Gmail, all transactional emails also fall back to Resend with your organization's name in the From header.

Meta (Facebook & Instagram) Advertising Integration

CleaningMetrics optionally allows business owners to connect their Meta (Facebook and Instagram) advertising account so we can show their marketing return on investment: connecting ad spend and campaign performance to the leads, bookings, and revenue those campaigns generate inside CleaningMetrics. This integration is entirely optional and is only ever activated when an owner explicitly connects their own ad account.

Permissions we request

When an owner connects their Meta account, we request only the permissions needed for read-only reporting:

  • ads_read, to read ad spend, clicks, impressions, and campaign performance (insights) from the ad accounts you grant access to, so we can calculate cost-per-lead, cost-per-acquisition, and return on ad spend.
  • business_management, to list the ad accounts and business assets you choose to connect, so you can select which account to report on.

What we do NOT do

  • We do not create, edit, publish, pause, or otherwise manage your ad campaigns.
  • We do not access your personal Facebook or Instagram profile, messages, friends, photos, or posts.
  • We do not use your advertising data to serve our own ads, build advertising profiles, or sell or transfer it to third parties.

Use of Meta data

CleaningMetrics's access to and use of information received through the Meta Marketing API adheres to the Meta Platform Terms and Developer Policies. We use this data only to provide the marketing ROI reporting described above.

Token storage and security

When you connect your Meta account, Meta issues us an access token. We encrypt this token with AES-256-GCM before storing it in our managed Supabase database. The encryption key is held separately from the database, and we never log the plaintext token.

How to revoke access

You can disconnect the Meta integration at any time:

  1. In CleaningMetrics, navigate to Settings → Integrations and click Disconnect Meta. We will delete the encrypted token from our database.
  2. Independently, you can remove CleaningMetrics from your Meta Business settings under Business settings → Connected apps / Business Integrations at business.facebook.com/settings. Removing CleaningMetrics there invalidates the token on Meta's side.

Artificial Intelligence (AI) Features

CleaningMetrics offers an optional AI Business Analyst that lets a business owner ask plain-language questions about their own business performance. This feature is powered by a third-party AI provider, Anthropic (the Claude family of models), accessed through Anthropic's API.

What the AI does and does not receive

  • AI features receive data only from your own CleaningMetrics account. Depending on the feature you use, this can include your business metrics (such as revenue, profit, margin, client retention, labor, and month-over-month trends) and, when you ask for an AI summary of a customer's communications, that customer's name and the content of their calls and text messages captured through your connected Quo phone number.
  • We do not send any Google or Gmail data, Google Ads or Local Services Ads data, or Meta advertising data to Anthropic or any other AI provider.
  • Data obtained through Google APIs (including the Gmail and Google Ads / Local Services scopes) is used solely for the features described in the sections above and is never transferred to an AI or machine-learning system.
  • We do not use your data (or any data received through Google APIs) to train, fine-tune, or improve any AI or machine-learning model.

Data We Collect

  • Account information (email address, name, company name) when you register for an account
  • Business data you enter into the application, including bookings, customers, service providers, expenses, and revenue
  • Payment information processed securely through Stripe; we never store your card details on our servers
  • Usage data (such as feature usage and session activity) to help us improve the service

How We Use Your Data

  • To provide and maintain the CleaningMetrics service, including your dashboard, reports, and analytics
  • To calculate your business metrics such as revenue, profit, churn rate, and client retention
  • To process subscription payments through Stripe
  • To send transactional emails, including account confirmations and billing notifications
  • We do not use your data for our own advertising, profiling, or resale. Where you connect a third-party advertising account, that data is used only to show your marketing ROI as described above

Data Storage & Security

  • Your data is stored securely on Supabase (hosted on AWS) with encryption at rest
  • All connections between your browser and our servers use HTTPS/TLS encryption
  • Access to your data is protected by authentication and row-level security policies, ensuring that each account's data is fully isolated
  • No other user or account can access your business data

Third-Party Services

We use the following third-party services to operate CleaningMetrics:

  • Stripe: payment processing
  • Supabase: database and authentication
  • Vercel: application hosting
  • Anthropic: AI features (your own account's business data, and, for the customer-communication summary, customer names and Quo call and text content; no Google, Gmail, advertising, or Meta data is sent to it)

We do not sell, share, or monetize your data with any third party.

Data Retention

  • Your data is retained for as long as your account remains active
  • Upon account cancellation, your data is retained for 30 days and then permanently deleted
  • You may request a full data export or immediate deletion at any time by contacting us

Your Rights

  • Access your data at any time through the CleaningMetrics application
  • Request a complete export of all your data
  • Request deletion of your account and all associated data
  • Opt out of non-essential communications

Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at support@cleaningmetrics.com.

CleaningMetrics does not sell, share, or monetize user data under any circumstances.