ux-lab-icon copy.png

Andy&Co.
Privacy Policy

Effective Date: 1st June 2025

Andy&Co. is a trading style of AC Brittain Ltd - a company registered in England & Wales with registration no: 07950353. Andy&Co. / AC Brittain Ltd (henceforth referred to as "we", "our", or "us") respects your privacy and is committed to protecting the personal information you share with us through our digital platforms.

This Privacy Policy explains what data we collect, how we use it, and your rights in relation to that data. Our goal is to be fully transparent and compliant with data privacy regulations, as well as the requirements of third-party platforms such as Google and Microsoft.

---

## 1. Information We Collect

When you use Andy & Co, we may collect the following data:

### a. OAuth Authentication Data

- **Google**: When you sign in with your Google account, we access your email address and request permission to send emails on your behalf via the `gmail.send` scope.

- **Microsoft**: When you sign in with your Microsoft account, we access your basic user profile (`User.Read`) and request permission to send mail via the `Mail.Send` scope.

We do **not** access, read, store, or analyse your inbox content, email body text, calendar, contacts, or files.

### b. Contact List Data

If you upload a list of professional contacts to use with the platform, we store:

- Name

- Email address

- Company or role (if provided)

We do **not** enrich or scrape third-party data about your contacts.

---

## 2. How We Use Your Information

We use your data solely to provide the core features of the platform, including:

- Authenticating your identity using OAuth

- Sending personalised emails from your connected account

- Allowing you to view and manage email activity in the platform

We do **not** use your data for advertising, resell it, or share it with third parties except as required by law.

---

## 3. Data Security and Storage

- OAuth tokens are stored securely using encryption and are not accessible to unauthorised parties.

- All data transmission is protected using TLS encryption.

- We retain your data only as long as necessary to operate the platform or as required by law.

---

## 4. Google and Microsoft Compliance

We comply with:

- Google's [API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including its **Limited Use** requirements.

- Microsoft’s [API Terms of Use](https://learn.microsoft.com/en-us/legal/microsoft-apis/terms-of-use)

Our access and use of data obtained from Google and Microsoft APIs is strictly limited to the purposes described above.

---

## 5. Your Rights

You may request to:

- View or delete the data we have stored about you

- Disconnect your Google or Microsoft account at any time via your account settings or by revoking access from your account directly

If you delete your account, all associated data (including OAuth tokens and contact data) will be permanently deleted from our systems within 30 days.

---

## 6. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the content or privacy practices of those third parties.

---

## 7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will notify users via email or in-app notification and post the updated version on our website.

---

## 8. Contact Us

If you have any questions, email us at andy@acbrittain.co.uk