PRIVACY POLICY

Effective: May 25, 2026

What we collect

When you connect a data source, ContactGraph accesses the data you authorize. Sources may include:

• Email (e.g. Gmail) — message metadata such as sender, recipient, subject, and date.
• Contacts (e.g. Google Contacts, Apple Contacts / VCF files) — names, emails, phone numbers, organizations, and other contact fields.
• Calendar (e.g. Google Calendar) — event metadata including attendees, titles, and times.
• File uploads — contact data you export and upload directly (CSV, VCF, etc.).

For email sources we access headers only; we do not read or store email body content or attachments. For all sources we collect only the metadata and contact fields needed to build your graph.

How we use it

Data from connected sources is processed to build your private contact graph — people, organizations, relationship strength, and employment signals. This graph is queryable only by you (or an AI agent acting on your behalf via MCP).

Storage & retention

Data is stored in a PostgreSQL database. OAuth tokens are encrypted at rest. You may delete your account and all associated data at any time by contacting support@basebase.com.

Third-party services

ContactGraph may call external APIs (e.g. OpenAI, Exa) to enrich public profile information. Only non-sensitive identifiers (names, public URLs) are sent — never email content, OAuth tokens, or uploaded files.

Sharing

We do not sell, rent, or share your personal data with third parties except as required by law.

Contact

Questions? Email support@basebase.com.