Back to Brace

Privacy Policy

Last Updated: June 9, 2026

Brace (“we,” “our,” or “us”) operates the Brace personal CRM platform, including a web application, a browser extension, and optional integrations with your Google Account (Gmail and Google Calendar). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Brace, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

Google User Data: Gmail and Google Calendar

If you choose to connect your Google Account, Brace uses Google APIs to power its relationship features. This section describes exactly what Google data we access, how we use, store, and share it, and how you can revoke access. It supplements the numbered sections below, which also apply.

Google scopes we request and why

AccessWhat it lets Brace do, and why
Read your email
gmail.readonly, gmail.metadata		Identify the people you communicate with and generate relationship insights — conversation recency, contacts you've lost touch with, and suggested follow-ups — shown back to you in Brace.
Send email
gmail.send		Send follow-up and outreach emails from your own account that you compose or explicitly approve in Brace. Brace does not send email autonomously or in bulk on your behalf.
Read, create, and update calendar events
calendar.events		Detect meetings with your contacts to enrich relationship history and trigger timely follow-ups, and create or update events when you schedule a meeting or follow-up from within Brace.
List calendars and availability
calendar.readonly		Choose the correct calendar to write to and suggest meeting times for scheduling features you initiate.
Identify your account
openid, userinfo.email		Associate the connected Google account with your Brace account and display the connected address.

How we access it

We access your Google data only after you explicitly connect your account through Google's OAuth consent screen, and only for the scopes you grant. You can disconnect at any time (see below).

How we store and protect it

Your Google OAuth refresh token is encrypted at rest and used only to perform the actions above. We process the content and metadata of your messages and calendar events to generate the insights and features described, and store the derived data (and the message/event content necessary to provide those features) on our secure servers. All data is transmitted over HTTPS (TLS 1.2+) and access to production systems is restricted and logged.

How we use and share it

We use your Google data only to provide and improve the user-facing features described above, and only for the account that granted access. We do not sell it and do not use it for advertising. We share it only with sub-processors that help us operate these features (for example, the large-language-model providers in Section 4.1), strictly to deliver the features to you and under contractual data-protection terms. We do not allow humans to read your Gmail or Calendar data, except (a) with your explicit consent for specific items, (b) where necessary for security or to comply with applicable law, or (c) where the data has been aggregated and anonymized for internal operations. We do not use your Google data to develop, improve, or train generalized or non-personalized artificial-intelligence or machine-learning models.

Retention and how to revoke access

You can disconnect your Google Account at any time from your Brace settings, or revoke Brace's access directly at myaccount.google.com/permissions. When you disconnect, or when you delete your Brace account, we delete your stored Google refresh token and the Google-derived data associated with your account within 30 days, except where retention is required by law.

Google API Services Limited Use Disclosure

Brace's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Brace does not (i) use Google user data for serving advertisements; (ii) transfer or sell Google user data to third parties except as necessary to provide or improve the user-facing features, to comply with applicable law, or as part of a merger or acquisition with notice to you; (iii) allow humans to read Google user data except for the limited purposes stated above; or (iv) use Google user data to develop, improve, or train generalized or non-personalized AI/ML models.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, and profile information when you create a Brace account
  • Authentication Data: Login credentials and authentication tokens for accessing our services
  • User Preferences: Your settings and preferences within the Brace application
  • Payment Information: If you subscribe to our paid services, we collect payment information through our payment processor, DODO Payments.

1.2 Information Collected Automatically

When you use the Brace browser extension with automation enabled, we may collect:

  • LinkedIn Profile Data: Your LinkedIn profile information (name, headline, profile URL)
  • Connection Data: Information about your LinkedIn connections that you choose to sync
  • Message Data: LinkedIn messages and conversation metadata for contacts you manage in Brace
  • Activity Data: Feed posts and engagement data relevant to your network
  • Session Information: Authentication tokens required to perform actions on your behalf

1.3 Technical Information

  • Device Information: Browser type, operating system, and device identifiers
  • Usage Data: How you interact with our services, features used, and timestamps
  • Log Data: IP addresses, error logs, and diagnostic information

1.4 Analytics and Session Recordings

We use third-party analytics tools, including PostHog, to collect information about your use of the Service. This helps us understand user behavior, improve our Service, and optimize user experience.

We use PostHog to record user sessions, which may include:

  • Your clicks, scrolls, and mouse movements
  • Pages you visit and features you interact with
  • Text you enter (except for sensitive fields like passwords)

These recordings help us understand how users interact with our Service, identify usability issues, and improve user experience.

1.5 Google Account Data (Gmail and Google Calendar)

If you connect your Google Account, we collect and process the Google data you authorize, which may include:

  • Gmail messages and metadata: message content, headers, and labels, used to surface relationship insights and follow-ups
  • Sent messages: emails you compose or approve in Brace and choose to send from your account
  • Google Calendar events: event details (titles, times, attendees) we read, and events you create or update through Brace
  • Google account identity: the email address of the connected account, and an encrypted OAuth refresh token used to perform the actions you authorize

See the “Google User Data” section near the top of this policy for exactly how this data is accessed, used, stored, shared, retained, and revoked.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Provide Services: Sync your LinkedIn network to your Brace CRM, display contacts and conversations, and execute actions you initiate
  • Maintain Functionality: Authenticate your sessions, process your requests, and ensure service reliability
  • Improve Services: Analyze usage patterns to enhance features and user experience
  • Communicate: Send service-related notifications, updates, and respond to your inquiries
  • Security: Detect, prevent, and address technical issues and security threats

We Do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising purposes
  • Share your data with third parties for their marketing purposes
  • Use your data for creditworthiness determination or lending purposes
  • Use Google user data, or your personal content, to develop, improve, or train generalized or non-personalized AI/ML models

Google API Services Limited Use Disclosure:

Brace's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The complete disclosure, including how this applies to Gmail and Google Calendar data, appears in the “Google User Data” section near the top of this policy.

3. Data Storage and Security

3.1 Where We Store Data

  • Local Browser Storage: Session data, preferences, and authentication tokens are stored locally in your browser
  • Brace Servers: CRM data is stored on our secure servers (backend.brace.so) for synchronization across devices

3.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • All data transfers use HTTPS encryption (TLS 1.2+)
  • Authentication tokens are securely stored and transmitted
  • Access to production systems is restricted and logged
  • Regular security assessments and monitoring

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4. Data Sharing and Disclosure

We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating our services (hosting, analytics, authentication), bound by confidentiality obligations
  • Payment Processors: Payment information is processed by our Merchant of Record, DODO Payments
  • Analytics Providers: We use PostHog for analytics and session recording to improve our Service
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety and Rights: To protect the safety, rights, or property of Brace, our users, or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice provided to you
  • With Your Consent: When you explicitly authorize us to share specific information

4.1 Large Language Model (LLM) Providers

We use third-party LLM providers to process data and generate insights. These providers include:

  • Google (Gemini)
  • Anthropic (Claude)
  • OpenAI (GPT)

When you use our Service, your data may be processed by these LLM providers according to their respective terms of service and privacy policies. Please note:

  • We only share data necessary for the performance of our Service
  • The data shared with LLM providers is subject to their respective privacy policies
  • Our agreements with these providers include appropriate data protection provisions

Google user data (Gmail and Calendar): Where content from your Gmail or Google Calendar is processed by these LLM providers, it is used solely to provide the user-facing Brace features you have enabled. Our agreements and configurations with these providers prohibit them from using your Google user data to train or improve their models, and this processing adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google (Gemini)

Anthropic (Claude)

OpenAI (GPT)

5. Browser Extension Permissions

The Brace browser extension requests the following permissions:

PermissionPurpose
cookiesDetect LinkedIn login status to determine when sync is possible
storageStore user preferences, settings, and session data locally
tabsManage LinkedIn tabs for data synchronization operations
scriptingExecute data sync scripts on LinkedIn pages when automation is enabled
webRequestCapture session tokens necessary for API access
alarmsSchedule periodic data synchronization tasks

Host Permissions

DomainPurpose
*.linkedin.comAccess LinkedIn to sync your network data to Brace CRM
*.brace.soCommunicate with Brace backend services

6. Your Rights and Controls

6.1 User Controls

  • Toggle Automation: Enable or disable automation at any time via the extension popup
  • Account Settings: Update your profile and preferences at app.brace.so
  • Uninstall: Remove the browser extension to delete all locally stored data

6.2 Data Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a portable, machine-readable format
  • Objection: Object to certain processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@brace.so.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • We process your data under legal bases including: consent, contract performance, legitimate interests, and legal obligations
  • You have the rights described in Section 6.2 above
  • You may lodge a complaint with your local data protection authority
  • Brace acts as the Data Controller for your personal information

10. CCPA Compliance (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt-out of the “sale” of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@brace.so or use the controls in your account settings.

11. Cookies and Tracking

Our extension uses essential cookies and local storage to:

  • Maintain your authentication session
  • Store your preferences and settings
  • Enable core functionality

We do not use third-party advertising or tracking cookies in the browser extension.

12. Children's Privacy

Brace is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 18, we will delete that information promptly.

13. Third-Party Services

Our services may integrate with third-party platforms (such as LinkedIn). Your use of these platforms is governed by their respective privacy policies. We encourage you to review:

Important: You are responsible for ensuring your use of Brace complies with LinkedIn's Terms of Service. Brace provides tools for personal network management, and users should use these tools responsibly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the “Last Updated” date
  • Sending an email notification for significant changes

Your continued use of Brace after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

© 2026 Brace. All rights reserved.