Privacy Policy

Last updated: April 21, 2026

Overview

ConnectionFinder provides a secure connection layer that allows users to link their Google account to applications that use our service. This policy describes what data we collect, how we use it, and your rights.

Who operates ConnectionFinder

ConnectionFinder is operated by XCOR, LLC, a California limited liability company. When you connect your Google account through ConnectionFinder, you are authorizing XCOR, LLC to process your data solely for the purposes described in this policy.

Today, ConnectionFinder is the only product where you interact with the data we process from your Google account — you can view your signals, manage connections, and delete your data at connectionfinder.net/connected.

XCOR, LLC may in the future introduce additional products that use derived signals generated from the data you authorize through ConnectionFinder. Before any additional product receives your signals, we will (1) update this privacy policy to name that product, (2) notify existing users, and (3) give you the option to opt out before any data is shared. Products operated by entities other than XCOR, LLC are not part of ConnectionFinder and cannot receive your data through this service.

What data we collect

When you connect your Google or Microsoft account through ConnectionFinder, we may access the categories of data you authorize. Depending on the app and the scopes it requests, this may include:

• Gmail or Outlook messages and metadata (gmail.readonly, gmail.metadata)
• Google or Outlook Contacts data (contacts.readonly)
• Google or Outlook Calendar data (calendar.readonly)
• Sending email on your behalf (gmail.send) — used only when you explicitly invite a specific contact from an application built on ConnectionFinder. We never send email without your direct, per-recipient action. We never send bulk or automated email.

We also collect basic account information (such as your email address) to associate your connection with your user account.

Separately, ConnectionFinder may store access-restricted third-party identity records that are used only to improve recommendations in applications that you choose to use. These records consist of one-way cryptographic hashes of identifiers (such as email addresses and phone numbers) and are compared locally against your account at signup. See "Third-party identity enrichment" below.

How we use your data

We use this data only to provide and improve user-facing features in the apps that you choose to use, such as:

• Relationship discovery — finding people you already know
• Contact matching and enrichment
• Personalized product functionality
• Recommendations based on your network

Third-party identity enrichment

Status: Not currently active. The description below is provided for transparency about planned functionality. We will update this policy before this feature is activated and before any enrichment data provider is engaged.

ConnectionFinder is designed as the centralized boundary for third-party data processing for XCOR, LLC. In addition to OAuth-based connections, we plan to maintain an access-restricted dataset of pre-ingested identity records licensed from third-party data providers. When you sign up to any XCOR, LLC-operated application, we may check whether your hashed email address or phone number matches a record in this dataset.

The lookup will work as follows:

• We compute a one-way cryptographic hash of the email address or phone number you provide at signup.
• We compare those hashes against the pre-loaded dataset inside ConnectionFinder.
• If there is a match, we pass a third-party entity identifier to the Serendipity Engine so that the applications you use can surface more relevant recommendations from day one.
• If there is no match, nothing happens and no record of the check is retained.

We will not:

• Share your raw email, phone number, or other identifiers with the third-party data provider. The match is performed locally against a dataset we have licensed.
• Use this process for advertising, profiling, cold outreach, or any purpose outside of recommendation personalization inside XCOR, LLC-operated services.
• Use data received from Google APIs (such as Gmail content) as an input to this enrichment process. Google API data remains governed separately by the Limited Use requirements described below.
• Sell your personal information.

Opt-out. You may opt out of third-party enrichment at any time by emailing lance@xcor-cto.com with the subject line "Opt out of enrichment". Your identifiers will be added to a suppression list so that the check is not performed, and any enrichment records associated with you will be deleted within 30 days. Opting out does not affect your ability to use any XCOR, LLC-operated application.

The enrichment dataset will be isolated from the OAuth-connected data described above. Only a single probe function inside ConnectionFinder will be able to read it, and every probe will be audited.

Google User Data

ConnectionFinder's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What ConnectionFinder never does with your Google data:

• We do not sell your Google user data.
• We do not transfer your Google user data, or any signal derived from it, to advertisers, data brokers, or any entity outside XCOR, LLC.
• We do not use your Google user data, or any signal derived from it, to train, develop, or improve general-purpose artificial intelligence or machine learning models.
• We do not use your Google user data for advertising, ad targeting, or ad measurement.
• We do not allow humans to read your Gmail content except: (a) with your affirmative prior consent for specific messages, (b) when necessary for security purposes or to investigate abuse, (c) to comply with applicable law, or (d) for limited internal operations where the data has been aggregated and anonymized and cannot be associated with an individually identifiable user.
• We do not use your Google user data for any purpose other than to provide and improve user-facing features that are visible and prominent in ConnectionFinder's user interface.

Information derived from Google APIs. Information we generate or derive from Gmail, Contacts, or Calendar data — including aggregated statistics, relationship scores, quality dimensions, and anonymized signals — is treated as Google user data and is governed by the same Limited Use commitments above. Aggregation or anonymization does not change how we handle this information.

Per-scope use:

• gmail.readonly — read message bodies, headers, and attachment metadata to score relationship strength (who you interact with, how often, on what topics). Bodies are processed in memory, retained in encrypted form for at most 30 days for signal extraction, then deleted. Bodies are never transmitted outside ConnectionFinder.
• gmail.metadata — when a user opts for headers-only, we read sender, recipient, subject, and date to compute interaction frequency without ever accessing bodies.
• gmail.send — send invitation emails you explicitly initiate from an app built on ConnectionFinder. Never used for bulk, automated, marketing, or system-initiated email. Every send requires a user action and a specific recipient.
• calendar.readonly — read event titles, times, and attendees to identify co-attendance as a relationship signal.
• contacts.readonly — read contact names, emails, phones, and notes to disambiguate and enrich contact records across services.

Data sharing

We do not share your data with third parties except:

• With the specific app you authorized to receive the data
• With the sub-processors listed below, who process data on our behalf to power features you use
• When required by law or legal process
• To protect the security of our service or investigate abuse

Sub-processors

We use the following third-party vendors to process your data:

• Anthropic (Claude) — LLM-based analysis of your email content to power relationship and signal extraction features. Email content is redacted to remove obvious personal identifiers (phone numbers, payment numbers, addresses) before transmission. Anthropic does not train on this data and discards it within 30 days. Anthropic Privacy Policy.
• Railway — Compute and infrastructure hosting. Encrypted-at-rest storage only.
• MongoDB Atlas — Primary database. All sensitive content is application-level encrypted with AES-256-GCM before being written.

The complete and current sub-processor list is maintained in our compliance docs. We will update this policy before engaging any additional sub-processor that will process Google user data or data derived from it.

Data retention and deletion

We retain your data for as long as your account connection is active. When you disconnect your account or request deletion:

• Your OAuth tokens are revoked immediately at Google (and Microsoft, where applicable)
• Your stored data is queued for erasure
• Erasure is completed within 30 days

Step-by-step instructions for managing or deleting your data are at Delete your data.

Your rights

You have the right to:

• Disconnect your account at any time from the app where you connected it
• Request a copy of the data we hold about you
• Request deletion of your data
• Revoke access via your Google Account permissions

Security

All data is encrypted in transit using TLS. OAuth tokens and sensitive content are encrypted at rest using AES-256-GCM with versioned key rotation. Access to user data is restricted to automated systems; human access requires explicit authorization and is logged.

Contact

For privacy-related questions or data requests, contact us at lance@xcor-cto.com.