UP1
Sign in

UP1 · Brightside Revenue Company

Privacy Policy

Last updated: May 2026

UP1 is a product brand of Brightside Revenue Company("we," "us," or "our"). This Privacy Policy describes how we collect, use, and protect information when you use the UP1 platform and connected features (including Email OS).

What we collect

  • Account and workspace information (name, email, role, organization settings).
  • CRM data you enter or import (leads, deals, tasks, documents, communications metadata).
  • Connected mailbox data when you authorize Gmail or Microsoft 365 (subject, participants, message bodies or snippets, dates, attachment metadata).
  • Usage and audit metadata needed to operate the service (sync times, errors, send confirmations).

Connected email (Gmail / Microsoft)

When you connect a mailbox, we access provider data only to provide Email OS features you use, including:

  • Syncing CRM-relevant inbox threads that match lead email addresses.
  • Displaying thread detail and message history inside the CRM.
  • Creating and editing reply drafts you review before any send.
  • User-triggered AI summaries, reply drafts, and risk labels (never auto-sent).
  • Importing attachments only when you explicitly choose to import to Document AI.

We do not use connected email data for advertising, and we do not sell your data. We do not use Gmail or Microsoft mailbox content to train general-purpose AI models.

Google user data (Gmail)

If you connect Gmail, our use of Google user data is limited to:

  • Displaying and syncing CRM-relevant threads and messages.
  • Creating user-approved drafts and sending only after your explicit confirmation (when send scope is granted).
  • Summarizing threads and classifying risk when you run those actions.
  • Importing user-selected attachments into your CRM document workflow.

See also our How UP1 uses Google user data page.

OAuth tokens and security

Provider OAuth tokens are stored on our servers only (not in your browser). They are used solely to perform connected-account features on your behalf. You or an admin can disconnect a provider at any time, which stops further API access using that connection.

Encrypted token vault storage and bring-your-own-key (BYOK) options for enterprise customers are planned before broad commercial rollout; they are not represented as fully implemented in this policy.

Retention and deletion

We retain CRM and communication records according to your organization's use of the product and applicable business needs. When you disconnect a mailbox, we stop fetching new provider data; existing CRM records already imported may remain until deleted by your organization according to your internal policies.

Your choices

  • Disconnect Gmail or Microsoft in Email OS provider settings.
  • Review AI-generated drafts before sending; sending requires explicit confirmation.
  • Contact your workspace admin for access or data questions within your organization.

Contact

Privacy questions: privacy@brightsiderevenue.com

Related: Terms of Service