Threecus

Privacy Policy

Last updated: April 15, 2026

Overview

Threecus ("we", "us", "our") is a CRM tool for independent professionals. This policy explains what data we collect, why we collect it, and how you can control it.

Information we collect

  • Your name and email address when you create an account
  • Client records, bookings, invoices, and notes that you enter into the app
  • If you connect Gmail: your Google account email, profile information, and OAuth access and refresh tokens used to send email on your behalf
  • Basic usage data via Google Analytics (page views, sessions)

How we use Google user data

When you connect your Gmail account, Threecus requests a single Google OAuth scope:

  • gmail.send — to send emails to your clients automatically on your behalf (booking confirmations, invoices, follow-ups, and other messages triggered by your CRM workflows)

We do not read, access, store, index, or analyze the content of your inbox or existing emails. The gmail.send scope only permits sending new messages — it does not grant access to read any email in your account.

We store your OAuth access token and refresh token in our database solely to send emails on your behalf as described above.

We do not share your Google data with any third parties. We do not use your Gmail data for advertising or any purpose beyond sending emails you've configured.

Threecus's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Disconnecting Gmail

You can disconnect your Gmail at any time from Settings → Integrations. This immediately deletes your stored tokens from our database and revokes our access to your Google account. You can also revoke access directly from your Google account permissions page.

Data retention and deletion

Your account data is retained as long as your account is active. You may request deletion of your account and all associated data by emailing us at the address below. OAuth tokens are deleted immediately upon disconnecting Gmail or deleting your account.

Security

Passwords are hashed using argon2id. OAuth tokens are stored in an encrypted-at-rest database. We use HTTPS for all data in transit.

Contact

Questions about this policy? support@threecus.com