Legal

Privacy Policy

Effective Date: March 19, 2026

Blue Reef AI ("Blue Reef," "we," "us," or "our") operates the bluereefai.com website and the Blue Reef platform. This Privacy Policy describes how we collect, use, store, and protect your information — including data accessed through Google API integrations — when you use our services.

1. Information We Collect

Account Information

When you register, we collect your name, email address, company name, job title, and authentication credentials.

Google API Data

With your explicit authorization via OAuth, we may access the following Google data:

  • Gmail: Email messages, metadata (sender, recipient, subject, timestamps), and thread information — used to log deal-related communications, generate follow-up drafts, and update deal plans.
  • Google Calendar: Calendar events, attendees, meeting times, and event metadata — used to generate meeting prep sheets, schedule follow-ups, and track deal activity.
  • Profile Information: Basic profile data (name, email, profile photo) for account setup and display.

Usage Data

We collect information about how you interact with the platform, including pages visited, features used, and performance metrics.

CRM & Integration Data

When you connect third-party CRMs (e.g., Salesforce, HubSpot), we access deal records, contact information, and pipeline data as authorized by you.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Blue Reef platform, including AI agent deal management, call prep, coaching, and pipeline analytics
  • Generate meeting prep sheets, coaching debriefs, and deal plans based on your communications and calendar
  • Sync data bi-directionally with your CRM
  • Deliver morning briefings and pipeline reports
  • Improve and develop new features based on aggregated, anonymized usage patterns
  • Provide customer support and respond to inquiries
  • Comply with legal obligations

We do not use your data for advertising, marketing to third parties, or any purpose unrelated to providing the Blue Reef platform.

3. Google API Services User Data Policy Compliance

Blue Reef AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure

In accordance with Google's Limited Use requirements, we commit to the following:

  • 1.We only use Google user data to provide and improve user-facing features that are visible and prominent in the Blue Reef platform — specifically deal management, call prep, coaching, and pipeline analytics.
  • 2.We do not transfer Google user data to third parties except as necessary to provide or improve our services, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets with prior notice to users.
  • 3.We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • 4.We do not allow humans to read Google user data unless (a) we have the user's affirmative agreement for specific content (e.g., for technical support), (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

4. Data Storage & Security

We implement industry-standard security measures including:

  • Encryption at rest using AES-256 for all stored data
  • Encryption in transit using TLS 1.3 for all data transmission
  • Workspace isolation — tenant data is logically separated and never shared between workspaces
  • Role-based access controls with the principle of least privilege
  • Audit logging — every agent action is logged with timestamps
  • Regular security assessments and vulnerability testing

For more details on our security practices, visit our Security page.

5. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Account data is retained until you delete your account or request deletion
  • Google API data is retained only as long as necessary to provide the features you authorized and is deleted within 30 days of OAuth revocation or account deletion
  • Usage logs are retained for up to 12 months for security and improvement purposes

You can request deletion of your data at any time by emailing privacy@bluereefai.com or through your account settings. When you revoke Google OAuth access or delete your account, all associated Google data is queued for permanent deletion within 30 days.

6. Third-Party Data Sharing

We do not sell your data to any third party.

We may share data with third parties only in the following circumstances:

  • Service providers that help us operate the platform (e.g., cloud hosting, AI model providers) — bound by data processing agreements
  • Your CRM and connected integrations — only data you explicitly authorize us to sync
  • Legal compliance — when required by law, subpoena, or court order
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with prior notice to affected users

7. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate data
  • Deletion — request that we delete your data
  • Portability — request your data in a structured, machine-readable format
  • Revoke OAuth access — disconnect Google integrations at any time through your account settings or through your Google Account permissions
  • Opt out — of non-essential communications

To exercise any of these rights, contact privacy@bluereefai.com. We respond to all requests within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact privacy@bluereefai.com.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, our legal basis for processing your data is: (a) your consent when you authorize OAuth integrations, (b) contractual necessity to provide the services you requested, and (c) our legitimate interest in improving the platform. You have the right to withdraw consent, lodge a complaint with a supervisory authority, and exercise all rights listed in Section 7 above.

10. Cookies

We use essential cookies to maintain your session and authentication state. We use analytics cookies to understand how users interact with the platform. You can control cookie preferences through your browser settings.

11. Children's Privacy

Blue Reef AI is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Blue Reef AI

Email: privacy@bluereefai.com

Security issues: security@bluereefai.com