Privacy Policy

Last Updated: 2025-10-02

What Pesto Does

Pesto helps freelancers and independent professionals build better client relationships and grow their business. We connect with your email to automatically organize your contacts, track opportunities, and suggest next steps - so you can focus on doing great work instead of managing spreadsheets.

Information We Collect

Information You Provide Directly

  • Your profile, services, and rates
  • Notes about clients and projects
  • Tags and custom fields you create
  • Project status and proposal tracking
  • Account details (name, email, subscription info)

Information From Email Integrations

When you connect your email account (Gmail or other providers), we collect:

  • Email metadata (sender, recipient, subject lines, timestamps)
  • Contact information extracted from your communications
  • Communication patterns and relationship history
  • Email classification tags (e.g., "meeting request", "proposal mention")

Important: We access email content via API only for real-time analysis to generate insights and tasks. The full email body is immediately discarded and never stored on our servers. Only encrypted snippet previews and classification tags are retained.

Usage Information

  • Features you use and how you interact with Pesto
  • Anonymized analytics (which features you use, not what data you put in them)
  • Performance and error logs to improve the product

How We Use Your Information

Core Contact Management

  • Automatically organize contacts from your email communications
  • Track communication history and relationship strength
  • Identify follow-up opportunities based on email patterns
  • Display email context when viewing contacts
  • Provide reminders and task suggestions

Optional AI Features (You Choose to Enable)

If you enable our AI tools, we use third-party AI services (like Google's Gemini API) to:

  • Smart todo suggestions - "Follow up on that proposal John mentioned"
  • Email drafts - Generate professional responses based on your conversation history
  • Outreach insights - Suggest how to position your services to different prospects

AI Model Training Disclosure: Your email content and user data is NOT used to train AI models. When you use our AI features, data is processed in real-time through secure third-party APIs and immediately discarded. No persistent storage occurs.

Service Improvement

  • Analyze anonymized usage patterns to improve features
  • Monitor performance and fix bugs
  • Develop new functionality based on user needs

What We Do NOT Do

  • We do not sell, rent, or trade your data
  • We do not use your data for advertising, marketing, or profiling purposes
  • We do not share your client list or contacts with other users or businesses
  • Your competitive advantage stays yours

How We Share Your Information

We share your information only in these limited circumstances:

Third-Party Service Providers

  • Cloud Hosting (AWS): Email metadata and contact data are stored on secure Amazon Web Services servers with enterprise-grade encryption. Full email bodies are never stored.
  • AI Processing: When you enable AI features, email content is temporarily processed in real-time through third-party AI APIs (such as Google Gemini) to generate suggestions. Content is not stored by the AI provider or by Pesto.
  • Landing Page Analytics (Amplitude): Pseudonymized usage data only, including features used, button clicks, and session duration to improve the product. No email content, client data, or personally identifiable contact information is shared.
  • In-app Product Analytics (LogRocket): Diagnostic data to identify bugs and improve product performance. Email content and sensitive data is automatically sanitized. Non-US and California users are prompted for consent upon login.
  • Customer Support (Intercom): Live chat and email support. Basic account information (name, email, last login) is shared with Intercom to provide support. Support agents cannot access your email content, contacts, or CRM data.
  • Security Monitoring (New Relic, AWS CloudWatch): System performance and security monitoring for anomaly detection. No user email content or personal data is sent to these services - only system metrics and error logs.

Legal Requirements

We may disclose information if required by law, legal process, or government request.

Business Transfers

If Pesto is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before this happens.

We do not sell your information. Ever.

Data Security

Security Measures

  • Encryption at rest: AES-256 encryption for all stored data
  • Encryption in transit: Bank-grade TLS encryption for all data transmission
  • Secure infrastructure: AWS cloud hosting with enterprise-grade security - the same standards used by banks and Fortune 500 companies
  • Access controls: Role-based access limiting who on our team can view system data
  • Security monitoring: Continuous monitoring via New Relic and AWS CloudWatch for anomaly detection and threat prevention

Email Privacy Safeguards

  • Email content accessed via API only for real-time analysis
  • Full email bodies immediately discarded after processing
  • Only encrypted snippet previews and classification tags retained
  • No permanent storage of sensitive email content

Your Data Rights and Controls

Email Connection Controls

  • Connect your email: Choose to connect read-only email access for automatic contact import
  • Manual entry: Prefer to manually add contacts without email integration
  • Disconnect anytime: Remove email access through your email provider's account settings or through Pesto's "Disconnect All Services" section

AI Feature Controls

  • Enable or disable: Turn AI-powered todo generation and email assistance on or off anytime
  • Works without AI: Core contact management functions fully without AI features enabled

Data Export and Deletion

  • Export your data: Request your complete contact list in CSV format by emailing privacy@pesto.to - we'll provide it within 30 days
  • Delete contacts or companies: When you delete a contact or company, all associated data is permanently removed, including email snippets, tasks, and activity logs
  • Delete your account: Delete your account and all associated data with one click from Settings → Account
  • No lock-in: Your data is portable and you can leave anytime

How to Request Data Deletion

  1. Log into your Pesto account
  2. Go to Settings → Account
  3. Click "Delete Account and All Data"
  4. Confirm deletion
  5. All data permanently removed within 90 days (backup retention period)

Or email privacy@pesto.to and we'll process your deletion request within 30 days.

Data Retention

  • Contact data: Retained while you have an active account (needed for CRM functionality). When you delete a contact or company, all associated data (email snippets, tasks, activity logs) is immediately and permanently removed.
  • Email metadata: Retained for up to 2 years to track relationship history and communication patterns. Actively purged when no longer needed for relationship scoring or when you delete the associated contact.
  • Full email bodies: Never stored - immediately discarded after real-time processing
  • Account information: Retained until you delete your account
  • Backups: Permanently deleted 90 days after account deletion

Google Services Integration

Google API Services User Data Policy Compliance

This section provides detailed information about how Pesto accesses, uses, stores, and shares data when you connect your Google account (Gmail, Google Calendar). Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Data We Access

When you connect Google services, we request access to:

Google Sign-In (Required for Google SSO):

  • userinfo.email - To verify your identity and create your Pesto account
  • userinfo.profile - To personalize the app with your name and profile picture

Gmail (Optional - You Control When to Connect):

  • gmail.readonly - To read email messages for contact extraction, relationship tracking, and todo generation
  • gmail.send - To send emails you compose through Pesto on your behalf

Google Calendar (Optional - You Control When to Connect):

  • calendar.events - View and edit events on your calendars
  • calendar.readonly - View calendars to show your availability when creating meetings

Incremental Authorization: We use least-privilege access. You only grant permissions for features you actually use. You're never required to connect Gmail or Calendar to use Pesto - these are optional features.

How We Use Your Google Data

Contact Extraction & Relationship Management:

  • Extract names, email addresses, and company information from people in your email communications
  • Track when you last communicated with each contact and communication frequency
  • Identify patterns suggesting follow-up opportunities (e.g., mentions of projects, proposals, introductions)

Todo Generation:

  • Analyze email conversations to suggest action items and follow-ups
  • Surface time-sensitive opportunities requiring your attention

Email Composition (When You Request It):

  • Generate draft responses based on conversation context when you click "Draft with AI"
  • Send emails on your behalf when you use Pesto's email composition features

Calendar Integration:

  • Display your availability when scheduling meetings
  • Show upcoming meetings with contacts in your CRM

What We Do NOT Do:

  • We do NOT use your Google user data for advertising
  • We do NOT use your Google user data for marketing purposes
  • We do NOT use your Google user data for profiling
  • We do NOT sell or transfer your Google user data to third parties for their own use
  • We do NOT use your email content to train AI models

How We Store Your Google Data

Email Content Storage:

  • Full email bodies are NEVER stored on our servers
  • Email content is accessed in real-time via API for analysis only
  • Content is immediately discarded after processing
  • Only encrypted email snippet previews (first ~150 characters) are retained
  • Classification tags (e.g., "proposal", "meeting request") are stored

Email Metadata Storage:

  • Sender and recipient information
  • Subject lines
  • Timestamps
  • Stored securely on AWS servers with AES-256 encryption
  • Retained for up to 2 years for relationship history tracking

Contact Information Storage:

  • Names, email addresses, company names extracted from emails
  • Stored securely with AES-256 encryption
  • Retained as long as you maintain your account

How We Share Your Google Data

Google Gemini AI (When You Enable AI Features):

  • Email content is temporarily processed in real-time to generate AI suggestions
  • Processing occurs within Google's secure infrastructure
  • Content is NOT stored by Gemini or by Pesto
  • Used only for immediate response generation

AWS (Amazon Web Services):

  • Email metadata and contact data stored on secure servers
  • Full email bodies are never stored
  • Subject to AWS's enterprise security standards

No Other Sharing:

  • Your Google user data is not shared with any other third parties
  • We do not sell, transfer, or use your Google data for purposes beyond those explicitly stated above

How to Revoke Google Access

You can revoke Pesto's access to your Google data at any time:

Option 1: Through Google

  1. Go to your Google Account Permissions
  2. Find "Pesto" in your connected apps
  3. Click "Remove Access"

Option 2: Through Pesto

  1. Log into Pesto
  2. Go to Settings → Connected Services
  3. Click "Disconnect" next to Gmail or Google Calendar

Option 3: Delete Your Account

  • Go to Settings → Account → Delete Account
  • All Google data and access is permanently removed

Data Retention After Disconnection

When you disconnect Google services:

  • Contact data extracted from emails remains in your Pesto account (this is your CRM data)
  • Email metadata is retained per our standard retention policy (up to 2 years)
  • All access to new Google data immediately stops
  • To remove all existing data, use the "Delete Account" option

When you delete your account:

  • All data is permanently removed
  • Backups are purged within 90 days

Security Measures for Google Data

All Google user data is protected with:

  • AES-256 encryption at rest
  • Bank-grade TLS encryption in transit
  • Role-based access controls limiting internal access
  • Continuous security monitoring and anomaly detection
  • Secure AWS infrastructure with enterprise-grade protections

Cookies and Tracking Technologies

We use cookies and similar technologies to make Pesto work and improve your experience:

Essential Cookies (Required):

  • Authentication tokens to keep you logged in
  • Session management for app functionality
  • Security tokens to prevent unauthorized access

Analytics Cookies (Optional):

  • Feature usage tracking via Amplitude
  • Performance monitoring to identify bugs
  • User experience analytics to optimize design

Your Cookie Choices:

  • Essential cookies cannot be disabled (required for app functionality)
  • Opt out of analytics cookies in your browser settings
  • We don't use advertising or social media tracking cookies

Cookie Duration:

  • Session cookies expire when you close your browser
  • Persistent cookies expire after 1 year maximum
  • Clear cookies anytime through browser settings

Your Privacy Rights

For All Users

  • Access: See what data we have about you
  • Correction: Update inaccurate information
  • Deletion: Delete your account and all data
  • Portability: Export your data in CSV format
  • Objection: Object to certain processing activities

Additional Rights for EU, UK, and California Users

GDPR (EU/UK) Rights:

  • Right to restriction of processing
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authority

CCPA (California) Rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of sale of personal information (note: we don't sell data)
  • Right to non-discrimination for exercising privacy rights

To Exercise Your Rights: Contact privacy@pesto.to or use the in-app controls in Settings.

International Data Transfers

Your data may be processed in the United States (AWS servers). For users outside the US, we provide appropriate safeguards:

  • Standard Contractual Clauses (SCCs) for EU/UK users
  • Adequate security measures as required by GDPR and data protection laws
  • Compliance with applicable cross-border transfer regulations

Children's Privacy

Pesto is designed for working professionals. We do not knowingly collect information from anyone under 16 years of age. If we learn we have collected information from a child under 16, we will delete it promptly.

Changes to This Privacy Policy

We'll email you about any major changes to this privacy policy. Minor updates will be posted here with the updated "Last Updated" date at the top.

Your continued use of Pesto after changes are posted constitutes acceptance of the updated policy.

Contact Us

Questions? Concerns? Want to exercise your privacy rights?

Email: privacy@pesto.to
Founder: Connor (he actually reads these emails)

For data protection inquiries or to exercise your rights, contact us at privacy@pesto.to and we'll respond within 30 days.

Bottom line: We built Pesto to help freelancers succeed. That means keeping your client relationships private, secure, and always under your control.

© 2025 Teamhaus Co, DBA Basil and Pesto. All rights reserved.

Pesto Links
OverviewPricingJoin Waitlist
Legal
Terms of ServicePrivacy Policy
© 2025 Teamhaus Co, DBA Basil™ and Pesto™. All rights reserved.