Privacy Policy

Last updated: May 2026

CPM Copilot is built by a construction PM. We know what is in your project emails. We treat your data the way we would want ours treated: locked down, private, and under your control.

What We Collect

Account information. Your name, email address, and password when you sign up.

Project communications. Emails and meeting transcripts from accounts you connect via OAuth (Outlook or Gmail). We only access what you connect. We never ask for your email password.

Extracted data. Commitments, risks, decisions, and action items that CPM Copilot finds in your communications. This is the paper trail the product builds for you.

Payment information. Stripe handles all payment processing. We never see or store your credit card number, CVV, or expiration date. We only store your Stripe customer ID, plan type, and payment status.

Usage data. Which features you use and when. This helps us improve the product.

How We Use Your Data

We use your project communications to do one thing: run CPM Copilot for you. That means:

• Extracting commitments, risks, and decisions from your emails and transcripts
• Building your searchable paper trail
• Sending you daily briefings
• Drafting email replies with your project context
• Powering search across your project history

That is it. We do not use your data for anything else.

AI Processing

CPM Copilot uses Google Gemini (paid API) to read your communications and extract commitments, risks, and decisions. Here is how it works:

• Your communications are sent to the Gemini API for processing
• Google does not use paid API data to train their AI models
• The extracted results are stored in your CPM Copilot account
• We do not share your data with any other AI provider

What We Never Do

• We never sell your data
• We never share your data with third parties for marketing
• We never use your communications to train AI models
• We never let other users see your project data
• We never access your email without your OAuth connection

Data Storage and Security

Your data is stored on Google Cloud Platform in the United States. All data is encrypted both in transit (TLS) and at rest (AES-256). Each user account is isolated. Other users cannot access your projects or communications.

Third-Party Services

CPM Copilot uses these services to operate:

• Google Cloud Platform -- hosting, database, and file storage
• Google Gemini API -- AI processing to extract commitments and draft emails
• Stripe -- payment processing (they handle all card data)
• Google Analytics -- anonymous page view tracking on the landing page only (not inside the app)

We do not use any other third-party services that access your project data.

Cookies

Inside the app, we use one cookie to keep you logged in. No tracking cookies. No advertising cookies.

On the landing page (cpmcopilot.com), Google Analytics sets a cookie to count anonymous page views. No personal information is collected.

Your Rights

You are in control of your data:

• Disconnect. You can disconnect your email accounts at any time. We stop reading new messages immediately.
• Export. You can export your data -- commitments, risks, decisions, and project history.
• Delete. You can delete your account at any time. When you do, we delete everything immediately. All emails, all extracted data, all project history. Nothing is kept.

Data Breach

If we ever discover that your data was accessed without authorization, we will notify all affected users within 72 hours. We will tell you what happened, what data was involved, what we did to fix it, and what you should do.

Children

CPM Copilot is not for anyone under 18. We do not knowingly collect data from minors. If we learn that a user is under 18, we will delete their account immediately.

Changes to This Policy

If we change this privacy policy, we will notify you by email before the changes take effect. Continued use of CPM Copilot after changes means you accept the updated policy.

Questions about your data? Reach us at [email protected].