Privacy Policy

Last updated: March 15, 2026

DMtheBoss ("we", "our", "us") is a web application that helps job seekers find relevant contacts at companies and draft personalized cold emails. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account information: When you sign in with Google, we receive your name, email address, and profile information from your Google account. We store your email address and display name to operate your account.

Google OAuth tokens: We securely store your Google OAuth access and refresh tokens on our server to create email drafts in your Gmail account on your behalf. These tokens are never exposed to the client or shared with third parties.

Campaign data: When you create an outreach campaign, we store the company name, role, team, and location you provide. We also store the contacts discovered by our AI and the email drafts generated for each campaign.

Waitlist: If you join our waitlist on the landing page, we store your email address for the sole purpose of notifying you when we launch.

2. How We Use Your Information

To authenticate you and maintain your session
To search for relevant contacts at companies you specify
To generate personalized email drafts
To create drafts in your Gmail account (drafts are not sent automatically — you must review and send them yourself)
To display your outreach history and campaign results
To sign your outreach emails with your display name

3. Google API Services — Limited Use Disclosure

DMtheBoss uses Google API Services, specifically the Gmail API, to create email drafts in your Gmail account. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only request the minimum permissions necessary to create Gmail drafts on your behalf.
We do not read, scan, or access your existing emails, contacts, or any other Gmail data.
We do not use your Google data for advertising, market research, or any purpose unrelated to providing the DMtheBoss service.
We do not sell, lease, or share your Google data with third parties, except as necessary to provide the service (see Section 5).
Gmail drafts are only created when you explicitly initiate an outreach campaign. Emails are never sent automatically.

4. Third-Party AI Services

We use the following AI and search services to power our contact discovery and email generation features:

Anthropic (Claude) — Used to analyze company information and structure contact search results. We send company names, roles, team names, and publicly available search results. We do not send your personal information (email, name, or Google data) to this service.
Google Gemini — Used to generate personalized email drafts. We send company names, roles, contact names/titles, and your display name (for the email signature). We do not send your email address or Google data to this service.
SerpAPI — Used to perform Google web searches for company information and LinkedIn profiles. Search queries contain only company names and role descriptions, not your personal data.

These services process data according to their own privacy policies. We do not control how they handle data after we send it, but we minimize the personal information shared with them.

5. Data Storage and Security

Your data is stored in a Supabase (PostgreSQL) database. Google OAuth tokens are stored server-side and are never exposed to the browser. All data is transmitted over HTTPS. All database operations are scoped to your user account — you can only access your own data.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at the email address below. Upon account deletion, we will remove all your data from our systems, including campaigns, contacts, email drafts, and stored OAuth tokens.

7. Your Rights

You can view and edit your display name at any time from the Profile page.
You can revoke DMtheBoss's access to your Google account at any time via your Google Account permissions page.
You can request a copy of your data or request deletion by contacting us.

8. Cookies

We use a single authentication cookie to maintain your login session. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Children's Privacy

DMtheBoss is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: rajat@astav.tech