Privacy Policy

Last updated: April 1, 2025

1. Introduction

Kasar places the utmost importance on privacy, data security, and compliance with the General Data Protection Regulation (GDPR). This policy details how your personal data is managed, collected, and used when you use our services.

2. What data do we collect?

We only collect the information necessary for Kasar services to operate properly, including:

• Account information: name, email, password (encrypted)
• Usage data and technical logs (IP addresses, device, browser, interactions, etc.)
• Data from integrations (see next section)
• No sensitive data within the meaning of the GDPR (origin, health, opinions, etc.) is processed

3. Integrations and extensions

Kasar lets you connect various third-party services to enrich your CRM experience (Gmail, WhatsApp, LinkedIn, Chrome extension, browser, etc.). When you enable these integrations, we may collect the following depending on your action:

• Information from emails (addresses, metadata, content based on permissions)
• Contacts and profiles from LinkedIn
• Information from WhatsApp conversations (content, contacts, subject to your explicit authorization)
• Items captured via our Chrome extension (page data when the user performs an action such as "Add to CRM")
• Events and metadata from Google Calendar (see dedicated section below)

All such data is collected only at your express initiative and is used solely to provide the requested functionality.

4. Kasar CRM Chrome extension

The Kasar CRM Chrome extension complements the platform by letting you import contacts and sync your conversations directly from your browser. Here are the specifics of the extension:

4.1 Data collected by the extension

All data is sent exclusively to your personal Kasar CRM workspace via the kasar.app API. No data is shared with third parties.

• Contact information: names, email addresses, job titles, company names, profile URLs, phone numbers — extracted from LinkedIn, Gmail, and WhatsApp
• Conversations: LinkedIn and WhatsApp messages synced to your CRM, only at your initiative
• Transcripts: content of Google Meet meetings, recorded to your CRM at your request

4.2 Permissions used

• storage: local storage of your preferences (language, side panel position)
• tabs: broadcasting authentication state changes across your tabs
• cookies: reading the kasar.app session cookie to authenticate your API requests
• scripting: injecting content scripts on supported platforms
• Host access: LinkedIn, Gmail, Google Meet, WhatsApp Web, and kasar.app only

4.3 Local storage

The extension stores only your interface preferences (language, panel position) locally via chrome.storage.local. No password, session token, or sensitive personal data is kept locally. Uninstalling the extension removes these preferences but does not delete data already synced to your CRM.

4.4 Remote code

The extension does not execute any remote code. All code is included in the extension package.

5. Google Calendar integration

Kasar lets you connect your Google Calendar account to centralize your events within the CRM. This section precisely details which Google data we access, how it is used, stored, and shared.

5.1 Data accessed

When you authorize the Google Calendar connection, Kasar accesses the following data:

• List of your calendars (names, identifiers)
• Events from your calendars (title, description, dates/times, location, attendees, confirmation status, recurrence)
• Associated metadata (event identifiers, creation/modification dates, time zones)

5.2 Use of the data

Google Calendar data is used solely to:

• Display your events in the Kasar CRM calendar interface
• Allow creating and updating events from Kasar to Google Calendar
• Associate events with your CRM contacts and opportunities

Data use is strictly limited to the visible and essential features of the application. No secondary processing is performed.

5.3 Storage and retention

Data from Google Calendar is stored in your dedicated workspace within the Kasar infrastructure (encrypted database hosted by Supabase). It is retained as long as your Google Calendar integration is active. Disconnecting the integration triggers deletion of the synced data.

5.4 Data sharing

Google Calendar data is not shared with any third party. It is only accessible to members of your Kasar organization, according to the permissions defined in your workspace.

5.5 What Kasar does NOT do with your Google data

• Kasar does not sell or transfer your Google data to advertising platforms, data brokers, or any other information reseller
• Kasar does not use your Google data to serve ads, targeting, or ad retargeting
• Kasar does not use your Google data to determine creditworthiness or for lending purposes
• Kasar does not use your Google data to train general artificial intelligence or machine learning models (outside of personalization specific to your account)
• Kasar does not allow humans to read your Google data, except (a) with your explicit consent, (b) for security purposes (investigating abuse), (c) to comply with a legal obligation, or (d) when data is aggregated and anonymized for internal operations

5.6 Compliance with the Google API Services User Data Policy

6. Use of artificial intelligence providers

For certain advanced operations (classification, summarization, text generation, etc.), Kasar offers the use of third-party AI services (e.g. US-based providers). Any data processed by these services goes through a zero-retention layer: these providers do not store or reuse your information for any other purpose. Transfer to these services is encrypted and limited to what is strictly necessary.

7. Security, storage, and international transfers

Kasar implements advanced security measures:

• End-to-end encryption during transfer and storage of data
• Strong authentication and strict access control
• No retention beyond the time needed to provide the service
• Some data may transit outside the EU (notably for AI), exclusively under adequate safeguards (standard contractual clauses, zero-retention layers, providers certified under the EU-US Privacy Framework, etc.)

8. Your rights over your data

In accordance with applicable regulations, you have rights that are accessible directly within the Kasar interface:

• Access, export, and portability of all your data
• Modification or rectification of your information
• Permanent deletion of your account and your data ("right to be forgotten")
• Fine-grained management of consents and integrations (opt-in / opt-out at any time)

For any specific request, you may also contact us directly.

9. Contact and policy updates

For any question about privacy or the exercise of your rights:

Kasar reserves the right to update this policy from time to time to reflect regulatory, technical, or service changes. Any material update will be notified on the platform and the revision date will be adjusted accordingly.

marceau@kasar.app