Privacy Policy
Effective Date: 13July2026
Critical Mass Consulting ("Critical Mass Consulting," "Company," "we," "our," or "us") provides consulting services and software integrations that connect with third-party platforms, including LinkedIn and HubSpot. We are committed to protecting your privacy and handling personal information responsibly, transparently, and in accordance with applicable privacy laws.
This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you visit our website, use our services, or authorize our application to access third-party services.
1. Scope
This Privacy Policy applies to:
Visitors to our website
Customers and prospective customers
Users of our software and integrations
Individuals whose information is processed through our integrations with LinkedIn, HubSpot, and other authorized third-party services
2. Information We Collect
Information You Provide
We may collect:
Name
Business email address
Employer
Job title
Telephone number
Billing information
Communications with our support team
Information submitted through forms
Automatically Collected Information
When you use our website or applications, we may collect:
IP address
Browser type
Device identifiers
Operating system
Log files
Usage analytics
Cookie identifiers
Session information
3. Information Obtained Through Third-Party APIs
Our application only accesses information after you explicitly authorize access using OAuth or another secure authorization method provided by the applicable platform.
LinkedIn Data
Subject to the permissions you approve, we may receive:
Basic profile information
Name
Profile photo
Email address (if authorized)
Organization or Company Page information
Organization administration information
Content management permissions
Other information explicitly approved during authorization
We only request the minimum permissions necessary for the features you choose to use.
LinkedIn member data is never used to create unrelated marketing databases, sold to third parties, or used for advertising unrelated to the services you requested.
HubSpot Data
Depending on the permissions granted, we may access:
Contacts
Companies
Deals
Tickets
Products
Custom Objects
CRM properties
Owners
Pipelines
Marketing assets
Metadata required for synchronization
We access only the CRM objects and scopes necessary to provide the requested functionality.
4. API Scope Disclosure
Our application requests only the permissions required to provide the services you enable.
Examples may include:
Reading contact information
Updating CRM records
Reading organization information
Synchronizing customer records
Creating or updating records on your behalf
Reading account configuration necessary for integration
We do not request permissions unrelated to the services we provide.
Should additional permissions become necessary in future releases, users will be required to authorize those permissions before they are used.
5. How We Use Information
We use personal information to:
Deliver consulting services
Operate our software platform
Synchronize authorized data between systems
Authenticate users
Provide customer support
Improve our products
Maintain system security
Detect fraud or misuse
Meet contractual obligations
Comply with applicable laws
We process personal information only where we have a lawful basis under applicable privacy laws.
6. Legal Basis for Processing (GDPR)
For individuals located in the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring a lawful basis for processing, we process personal data under one or more of the following legal bases:
Performance of a contract
User consent
Legitimate business interests
Compliance with legal obligations
Protection of vital interests where applicable
Where processing relies on consent, consent may be withdrawn at any time.
7. Data Minimization
We follow the principles of data minimization by collecting and processing only the information reasonably necessary to provide our services.
We do not intentionally collect information unrelated to the authorized functionality.
8. Data Sharing
We do not sell personal information.
We may disclose information only to:
Cloud infrastructure providers
Hosting providers
Security monitoring providers
Analytics providers
Customer support vendors
Professional advisors
Government authorities where legally required
All service providers are contractually required to maintain appropriate confidentiality and security measures.
9. Subprocessors
To operate our services, we may engage trusted subprocessors that process data on our behalf.
Examples include providers of:
Cloud hosting
Database infrastructure
Monitoring services
Email delivery
Customer support
Logging and security monitoring
Backup and disaster recovery
Subprocessors receive only the information necessary to perform their contracted services and are bound by confidentiality and data protection obligations.
A current list of subprocessors is available upon request.
10. Data Retention
We retain information only for as long as necessary to:
Provide requested services
Maintain customer accounts
Resolve disputes
Meet contractual obligations
Comply with legal requirements
When data is no longer required, it is securely deleted or anonymized.
11. Security
We maintain administrative, technical, and organizational safeguards designed to protect personal information.
Security measures include, where appropriate:
Encryption in transit using TLS
Encryption at rest
Multi-factor authentication for administrative access
Role-based access controls
Audit logging
Continuous monitoring
Security patch management
Least-privilege access principles
Secure software development practices
Although we employ commercially reasonable safeguards, no electronic system can be guaranteed to be completely secure.
12. Breach Notification
If we become aware of a security incident involving personal information that we process, we will investigate promptly and, where required by applicable law or contractual obligations, notify affected customers and appropriate regulatory authorities without undue delay.
Notifications will include available information regarding:
Nature of the incident
Categories of affected information
Likely consequences
Measures taken to mitigate harm
Recommended actions where appropriate
13. International Data Transfers
Information may be processed in countries outside your jurisdiction.
Where required under GDPR or similar laws, we implement appropriate safeguards for international data transfers, including:
Standard Contractual Clauses (SCCs), where applicable
Contractual data protection obligations
Appropriate technical and organizational safeguards
14. Your Rights
Depending on your jurisdiction, you may have the right to:
Access your personal information
Correct inaccurate information
Delete personal information
Restrict processing
Object to processing
Receive a copy of your information
Withdraw consent
Lodge a complaint with a supervisory authority
We respond to verified privacy requests within the timeframes required by applicable law.
15. Data Deletion Requests
You may request deletion of your personal information by:
Contacting us using the information below
Disconnecting our application from LinkedIn or HubSpot
Requesting account deletion
Upon receiving a verified deletion request, we will:
Delete personal information that is no longer required for legal or contractual purposes
Remove stored API tokens where applicable
Stop future synchronization with connected services
Delete or anonymize retained information unless retention is required by law
Certain information may be retained to comply with legal obligations, resolve disputes, or enforce agreements.
16. Revoking API Access
You may revoke our application's access to LinkedIn or HubSpot at any time through your account settings on those platforms.
Once authorization is revoked:
API access tokens become unusable
Future synchronization stops
We will no longer access new information from your account
Previously synchronized data will be handled according to this Privacy Policy and applicable legal requirements
17. Cookies
Our website may use cookies and similar technologies to:
Maintain authenticated sessions
Improve website performance
Measure usage
Analyze traffic
Remember preferences
You may disable cookies using your browser settings.
18. Children's Privacy
Our services are intended for business users and are not directed to children under 13 years of age.
We do not knowingly collect information from children.
19. Third-Party Services
Our application integrates with third-party platforms including LinkedIn and HubSpot.
Your use of those platforms remains subject to their own privacy policies and terms of service.
We are not responsible for the privacy practices of third-party services that are outside our control.
20. Compliance with LinkedIn and HubSpot Requirements
Critical Mass Consulting is committed to responsible use of third-party platform data.
Accordingly, we:
Request only the API permissions required for approved functionality.
Process platform data solely for the purposes authorized by the user.
Do not sell, rent, or broker platform-derived data.
Do not use platform data to build independent commercial databases.
Maintain commercially reasonable security safeguards.
Respect user requests to revoke authorization.
Honor applicable deletion requests.
Cooperate with platform compliance and security reviews where required.
Regularly review our data handling practices to ensure ongoing compliance with applicable platform policies and privacy laws.
21. Changes to This Privacy Policy
We may revise this Privacy Policy periodically.
The Effective Date above indicates when this policy was last updated.
Material changes will be communicated through appropriate means before becoming effective where required by law.
22. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:
Critical Mass Consulting
Privacy Officer
Email: privacy@criticalmass-consulting.com
Website: https://www.criticalmass-consulting.com
Address:
1999 Harrison St
18th Floor #03018
Oakland CA 94612
If you are located in the European Economic Area or the United Kingdom, you may also contact us regarding GDPR-related requests using the contact information above.