1. Introduction
Electrac Fundraising ("Electrac," "we," "us," or "our") is a CRM and campaign management platform that helps political organizations track donors, manage contributions, and run data-driven fundraising campaigns. This Privacy Policy explains how we collect, use, store, and share your information, including information obtained through integrations such as Google APIs, when you use our application hosted at https://electrac.com.
We do not use your data for advertising, profiling, or data brokerage.
2. Information We Collect
2.1 Account Information
When you create an account or sign in, we collect your username and securely stored authentication credentials (such as hashed passwords) necessary to operate the service.
2.2 Google User Data
If you choose to link a Google account, we request the following permissions (scopes) and collect the corresponding data:
| Scope | Data Collected | Purpose |
|---|---|---|
auth/userinfo.email | Your primary Google Account email address | Identify which Google account is linked and display it in the app |
auth/userinfo.profile | Your publicly available profile information (e.g., name) | Display your name within the application |
auth/gmail.send | Permission to send email on your behalf (no read access) | Send emails you compose in Electrac through your Gmail account |
We also receive and store OAuth tokens (access token and refresh token) provided by Google during the authorization flow. These tokens are required to maintain your linked account and perform the actions described above.
2.3 Automatically Collected Information
When you use Electrac, we automatically collect certain technical information such as your IP address, browser type, device information, and usage data (e.g., pages visited, actions taken). This information is used to maintain the security and operation of the platform.
2.4 Cookies
We use essential cookies to keep you logged in, maintain session state, and ensure the security of your account. We do not use cookies for advertising or cross-site tracking.
3. How We Use Your Information
We use your information to:
- Provide and operate the Electrac platform
- Authenticate users and manage accounts
- Send emails on your behalf when requested
- Maintain security and prevent fraud
- Respond to support requests
4. How We Use Google User Data
We use information received from Google APIs solely to:
- Display your linked email address within the Electrac interface so you can see which Google account is connected.
- Send emails on your behalf using the Gmail API when you explicitly compose and send an email from within Electrac.
We do not:
- Read, scan, index, or mine your Gmail inbox or message content
- Use Google user data for advertising or marketing purposes
- Use Google user data to train machine learning or AI models
- Use Google user data for any purpose other than those listed above
5. How We Store Google User Data
When you link your Google account, we store the following in our database, associated with your Electrac user account:
- Your Google email address
- OAuth access token and refresh token (encrypted at rest)
- Token expiry timestamp
- The scopes you granted
- The date you linked your account
All OAuth tokens are encrypted before storage and are only decrypted server-side when needed to make authorized API calls on your behalf. Tokens are scoped to the minimum permissions required to provide the service.
7. Third-Party Services
We use third-party service providers to operate the platform, such as hosting infrastructure (e.g., Azure) and email integrations (e.g., Google and Microsoft). These providers are contractually obligated to process data only as necessary to provide their services.
8. Google API Services: Limited Use Disclosure
Electrac's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
9. Revoking Access
You can disconnect your Google account from Electrac at any time through the Settings panel in the application by clicking "Unlink." When you unlink:
- We revoke our OAuth token with Google so it can no longer be used.
- We permanently delete your stored Google email address, access token, refresh token, and all related metadata from our database.
You may also revoke Electrac's access directly from your Google Account permissions page.
10. Data Retention and Deletion
We retain your Google user data only for as long as your Google account remains linked in Electrac. Once you unlink your Google account, all associated Google data (email, tokens, scopes, and metadata) is deleted immediately. If your Electrac account is deleted, all associated data, including any linked Google data, is removed as well.
We retain general account and usage data only for as long as necessary to provide the service and maintain security, or as required by law.
11. Security
We implement industry-standard security measures to protect your data, including:
- Encryption of OAuth tokens at rest
- HTTPS for all data in transit
- CSRF protection during the OAuth authorization flow
- Secure, httpOnly cookies for session and OAuth state management
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: tech@c-esystems.com