← Back to OptikLabsPrivacy Policy
Last updated: March 2026
OptikLabs ("we", "us", "our") provides an AI-powered marketing platform for service businesses. This privacy policy explains how we collect, use, and protect your information when you use OptikLabs.
1. What We Collect
Data we collect directly from you (business owners)
- Account information: name, email address, business name, website URL
- Billing information: processed and stored by Stripe (we do not store credit card numbers)
- Brand brain data: AI-analyzed business identity, services, audience, voice, and marketing strategy generated from your website
- OAuth tokens: encrypted connection tokens for Gmail and social media integrations
- Content and calendar data: AI-generated marketing content and publishing schedules
- SEO audit results: website analysis data and recommendations
Data entered by you about your clients (CRM)
- Client names, email addresses, phone numbers
- Inquiry details, preferences, appointment information, notes
- Status and communication history
Data accessed through Gmail integration
- Email sender, subject line, and body text from your inbox (last 7 days only)
- AI-generated classifications: category, priority, suggested action
- AI-generated draft responses
We do not access sent mail, drafts, contacts, or any Gmail data beyond inbox messages.
2. How We Use Your Data
- Account data: to provide and maintain your OptikLabs account
- Brand brain data: to generate personalized marketing content and SEO recommendations
- CRM data: to help you manage client relationships and inquiries
- Email data: to classify incoming emails by priority and suggest responses using AI
- Billing data: to process subscription payments through Stripe
- Usage data: to improve OptikLabs features and fix issues
We do not sell your personal information to third parties.
3. AI Processing Disclosure
OptikLabs uses AI (Anthropic Claude) to power several features:
- Content generation: Your brand brain data is sent to Anthropic's API to generate marketing content
- Email triage: Email content from your connected Gmail is sent to Anthropic's API for classification and draft response generation
- SEO audit: Your website content is analyzed using AI to generate SEO recommendations
- Brand brain generation: Your website is scraped and analyzed using AI to build your business profile
Anthropic processes data according to their privacy policy and does not use API inputs to train their models.
OptikLabs does not use any data received from Gmail APIs for training artificial intelligence or machine learning models. Email content processed through our Email Inbox feature is used solely to generate real-time suggestions for the authenticated user and is not stored for training purposes. Email bodies are automatically purged after 90 days.
Google API Services User Data Policy Compliance: OptikLabs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. Third-Party Services (Sub-Processors)
We use the following services to operate OptikLabs:
| Service | Purpose | Data Accessed |
|---|
| Anthropic (Claude API) | AI content generation, email triage, SEO analysis | Brand brain content, email content, website data |
| Stripe | Payment processing | Billing information |
| MailerSend | Transactional emails | Your email address |
| Railway | Database hosting | All stored data |
| Vercel | Application hosting | Session data, client-side data |
| Cloudflare | CDN and security | Request data |
| Google (Gmail API) | Email access | Your Gmail inbox content (with your permission) |
5. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account cancellation
- Brand brain data: retained while your account is active
- CRM client data: retained while your account is active
- Email data: email body content is automatically purged after 90 days; classifications and draft responses are retained while your account is active
- SEO audit results: retained while your account is active
- Billing records: anonymized records retained for financial compliance
6. Your Rights
You can:
- Export your data — Request a full export of all data OptikLabs holds about your business (coming soon)
- Delete your account — Request complete deletion of your account and all associated data
- Disconnect integrations — Revoke Gmail access at any time in your dashboard Settings
- Contact us — For any privacy questions or requests, email support@optiklabs.ca
7. Email Sender Privacy
When you connect your Gmail to OptikLabs, emails sent to you by third parties are processed by our AI to help you manage your inbox. We process this data on your behalf as a data processor, under your legitimate business interest in efficient inbox management.
Email senders can request deletion of their data from our systems by contacting you (the business owner) or by emailing support@optiklabs.ca.
8. Security
- All data encrypted in transit (TLS) and sensitive data encrypted at rest
- OAuth tokens encrypted using Fernet encryption
- Parameterized SQL queries throughout (no SQL injection risk)
- Rate limiting on all API routes
- HttpOnly cookies with SameSite protection
- Cloudflare bot protection
- Regular security reviews
9. Security Incident Response
OptikLabs maintains a formal Incident Response Plan to detect, contain, and recover from security incidents. In the event of a confirmed data breach that affects your personal information:
- Notification timeline: We will notify affected users within 72 hours of confirming a breach, in accordance with GDPR and PIPEDA requirements.
- Notification method: Notifications will be sent via email to your registered address and posted on our website.
- Information provided: We will describe the nature of the breach, the data affected, steps we have taken, and recommended actions for you.
- Security contact: Report security vulnerabilities to security@optiklabs.ca
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email. Continued use of the platform after notification constitutes acceptance of the updated policy.
© 2026 OptikLabs. All rights reserved.