PRIVACY POLICY
Google Integration (Gmail API)
This Privacy Policy explains how Prima Law – Legal Case Management accesses, uses, stores, protects, and shares Google user data obtained through Google API Services, in full compliance with the Google API Services User Data Policy, including all Limited Use requirements.
1. Types of Google User Data We Access
Our application uses OAuth 2.0 so each user can connect their own Gmail account. We only access the data strictly required for our legal case management workflows.
a) email
• User’s primary email address.
b) profile
• First and last name.
c) Gmail Read-Only — https://www.googleapis.com/auth/gmail.readonly
We access:
• Messages and threads (messageId, threadId)
• Headers: From, To, Cc, Bcc, Subject, timestamps
• Technical headers: Message-ID, In-Reply-To, References, conversationId
• Body content (HTML or text)
• Attachment metadata and content when selected by the user
• Gmail history data (historyId)
We do not modify, delete, or move emails inside Gmail.
d) Gmail Send — https://www.googleapis.com/auth/gmail.send
Used exclusively to send emails on behalf of the authenticated user:
• Sender
• Recipients chosen by the user
• Subject and body
• User-selected attachments
• Sent message identifiers (messageId, threadId)
2. How We Use the Data
a) Authentication & Identification
We use email and profile data to:
• Identify the user within the tenant
• Link the Gmail account
• Display their name in the interface
We do not use this data for advertising or analytics.
b) Reading and Synchronizing Emails (gmail.readonly)
Purpose:
Provide communication traceability for contacts and legal cases.
Processing:
• Receive Gmail → Pub/Sub notifications
• Fetch messages from Gmail
• Process headers, body, and user-selected attachments
• Match to contacts and cases
• Store metadata and content
• Rebuild full conversation threads
c) Sending Emails (gmail.send)
Purpose:
Allow attorneys to send emails directly from a case.
Processing:
• User drafts the email
• We generate the MIME message
• Send via Gmail API
• Store a copy for thread continuity
We do not send marketing or automated emails.
3. Data Sharing
We do not sell, share, or disclose Gmail data to external third parties.
Email content, attachments, metadata, and tokens are never used for advertising or profiling.
We fully comply with Google API Services – Limited Use.
4. Token and Security Management
• All data is encrypted in transit (HTTPS) and at rest.
• Tokens are encrypted, isolated, and never shared with third parties.
• If access is revoked, we stop Gmail access, revoke tokens, and stop Pub/Sub processing.
5. Data Storage
All user data is stored exclusively in secure data centers located in the United States.
This includes email metadata, message bodies, and attachments chosen by the user.
6. Data Retention and Deletion
• Emails are retained until the tenant administrator requests deletion.
• Upon request or account closure, data is deleted or anonymized within 30 days.
• Backups may temporarily retain encrypted fragments for disaster recovery only.
7. User Rights: Access, Export, and Deletion
Users or tenant administrators may request:
• Deletion of email threads
• Removal of Gmail integration
• Full tenant data deletion
• Export of data in JSON format
Requests: [email protected]
Processed within 30 days.
8. Policy Updates and Contact
Any significant updates will be communicated after login inside the platform.
For questions or privacy concerns:
[email protected]
Google Integration (Google Calendar API)
This Privacy Policy explains how Prima Law – Legal Case Management accesses, uses, stores, protects, and shares Google user data obtained through Google Calendar API Services, in compliance with the Google API Services User Data Policy, including all Limited Use requirements.
1. Types of Google Calendar User Data We Access
Our application uses OAuth 2.0 so each user can connect their own Google account. We only access the data strictly required for calendar scheduling and case management workflows.
a) email
User’s primary email address.
b) profile
First and last name.
c) Calendar Free/Busy
Availability information (free/busy time blocks).
d) Calendar Events
We may access and/or manage, only as needed by the user:
Events data: title, start/end time, timezone, description, location, attendees (if applicable)
Calendar metadata: calendarId, calendar name, timezone
Timestamps/IDs required for syncing (eventId, updated time)
We do not use Google Calendar data for advertising, we do not sell it, and we do not access more data than necessary. Users can disconnect Google access at any time.