Delete your data

Last updated: April 21, 2026

You're in control of the data you connected through ConnectionFinder. ConnectionFinder is operated by XCOR, LLC. This page walks you through every option for managing or deleting your data.

The fastest way: disconnect from your ConnectionFinder dashboard

The fastest way to remove all your data is to disconnect from your ConnectionFinder dashboard. When you disconnect:

• Your Google or Microsoft access is revoked immediately at the provider, not just in our system. If you check Google Account Permissions, the connection will be gone.
• Your stored data is wiped within 24 hours of disconnect — emails, contacts, calendar events, and the relationship signals derived from them.
• An audit event is recorded so we can prove the deletion happened if you ever need to verify.

You can disconnect at any time, for any reason, with no penalty.

Revoke at Google directly

If you want to remove access at Google's end first (before deleting our copy), visit:

https://myaccount.google.com/permissions

Find "ConnectionFinder" in the list and click "Remove access." Google will:

• Invalidate all OAuth tokens we hold for your account.
• Stop us from being able to read any new data from your account.

After revoking at Google, also disconnect from your ConnectionFinder dashboard so we can clean up the data we've already stored. If you skip this step, your encrypted data will sit dormant until automatic retention purges it (default: 30 days).

Microsoft equivalent

If you connected a Microsoft account, the equivalent page is:

https://account.live.com/consent/Manage

Same flow: remove ConnectionFinder, then disconnect from your ConnectionFinder dashboard.

Direct deletion request

If you prefer to request deletion directly from us, email lance@xcor-cto.com.

Include:

• The email address you used to connect
• A short statement that you want all your data deleted

We will:

1. Verify you control the email address (we'll send a confirmation).
2. Run our internal erasure process: revoke upstream tokens, delete stored content, pseudonymize audit logs, suppress your user ID against re-ingestion.
3. Confirm completion to you within 30 days.
4. Provide an evidence hash you can keep as proof of deletion.

What about the LLM (Claude)?

When you use a feature that relies on signal extraction, we send redacted versions of your emails to Anthropic's Claude API for analysis. Anthropic discards prompt and response data within 30 days and does not train on it. You can read their privacy policy for the full details.

If you specifically want us to flag your historical content as "do not send to LLM," email lance@xcor-cto.com and we will add a do-not-extract marker to your consent record.

Frequently asked questions

How long does deletion actually take?

Disconnect → upstream revoke is immediate (single API call to Google/Microsoft). Local data wipe runs on the next retention purge tick, typically within 24 hours. The sub-processor (Claude) discards data on its own 30-day cycle.

Can I get a copy of my data before deleting?

Yes — request a Data Subject Access Request (DSAR) by emailing lance@xcor-cto.com. We will provide a JSON export of everything we hold within 30 days.

What happens to my data if I just stop using ConnectionFinder without disconnecting?

Your OAuth tokens stay valid until they expire. Your data sits encrypted under our keys until the retention window passes. We strongly recommend explicitly disconnecting if you no longer want the connection active.

I see "ConnectionFinder" in my Google permissions but I never connected — what should I do?

That should never happen. Email lance@xcor-cto.com immediately and we will investigate as a potential security incident.

Related

• Privacy Policy
• Terms of Service