Privacy Policy

Last Updated: May 29, 2026

Introduction

Welcome to CleaningMetrics. We value your privacy and are committed to protecting your business data. This policy explains how our web application collects, uses, stores, and protects your information.

Google API Services and Gmail Integration

CleaningMetrics OS optionally allows business owners to connect their Google account so that transactional emails (booking confirmations, payment receipts, password resets, appointment reminders) are sent from the owner's own domain rather than our platform's shared sender.

Scopes we request

When an owner connects their Google account, we request only these two OAuth scopes:

  • https://www.googleapis.com/auth/gmail.send, to send email on the owner's behalf via the Gmail API.
  • https://www.googleapis.com/auth/userinfo.email, to capture and display which Google account the owner connected.

What we do NOT do

We do not read, list, modify, archive, label, delete, or otherwise access any messages in the user's Gmail mailbox. The gmail.send scope permits sending only. No inbox access of any kind.

Use of Google user data

CleaningMetrics OS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use the data we obtain from Google APIs only to provide and improve the Gmail send-as feature described above. We do not use this data for serving advertisements, do not transfer it to third parties for purposes other than providing or improving the integration, and do not allow humans to read this data (except where required by law, where the user gives explicit consent, or where it is necessary for security investigations).

Refresh token storage and security

When you grant CleaningMetrics OS access to your Google account, Google issues us a refresh token. We encrypt this refresh token with AES-256-GCM before storing it in our managed Supabase database. The encryption key is held separately from the database. We never log the plaintext token.

We mint short-lived access tokens on demand from the refresh token each time the integration sends an email. Access tokens are not persisted.

How to revoke access

You can disconnect the Gmail integration at any time:

  1. In CleaningMetrics OS, navigate to Settings → Integrations and click Disconnect Gmail. We will immediately call Google's /oauth2/revoke endpoint to invalidate the refresh token, and we will delete the encrypted token from our database.
  2. Independently, you can revoke our access in your Google Account at https://myaccount.google.com/permissions. Removing CleaningMetrics OS from that list invalidates the token on Google's side. Our app will detect the revoked token on the next send attempt and clear it from our database.

Marketing campaigns

Marketing campaigns (bulk customer outreach) are sent through our shared transactional email provider, Resend, not through your connected Gmail account. This is by design: it preserves your Google account's send quota and reputation. If you do not connect Gmail, all transactional emails also fall back to Resend with your organization's name in the From header.

Data We Collect

  • Account information (email address, name, company name) when you register for an account
  • Business data you enter into the application, including bookings, customers, service providers, expenses, and revenue
  • Payment information processed securely through Stripe — we never store your card details on our servers
  • Usage data (such as feature usage and session activity) to help us improve the service

How We Use Your Data

  • To provide and maintain the CleaningMetrics service, including your dashboard, reports, and analytics
  • To calculate your business metrics such as revenue, profit, churn rate, and client retention
  • To process subscription payments through Stripe
  • To send transactional emails, including account confirmations and billing notifications
  • We do not use your data for advertising, profiling, or resale

Data Storage & Security

  • Your data is stored securely on Supabase (hosted on AWS) with encryption at rest
  • All connections between your browser and our servers use HTTPS/TLS encryption
  • Access to your data is protected by authentication and row-level security policies, ensuring that each account's data is fully isolated
  • No other user or account can access your business data

Third-Party Services

We use the following third-party services to operate CleaningMetrics:

  • Stripe — payment processing
  • Supabase — database and authentication
  • Vercel — application hosting

We do not sell, share, or monetize your data with any third party.

Data Retention

  • Your data is retained for as long as your account remains active
  • Upon account cancellation, your data is retained for 30 days and then permanently deleted
  • You may request a full data export or immediate deletion at any time by contacting us

Your Rights

  • Access your data at any time through the CleaningMetrics application
  • Request a complete export of all your data
  • Request deletion of your account and all associated data
  • Opt out of non-essential communications

Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at support@cleaningmetrics.com.

CleaningMetrics does not sell, share, or monetize user data under any circumstances.