FlameOS · B2B Growth Systems

Privacy Policy

Last updated: June 12, 2026

This Privacy Policy explains how B2B Growth Systems ("we," "us," "our") collects, uses, stores, and protects information in connection with FlameOS — our AI business operating system: a self-hosted CRM, marketing-automation, and workflow platform (the "Service"). It also explains, in detail, how the Service handles Google user data accessed through Google OAuth.

Privacy Policy Terms of Service

1 Scope of This Policy

FlameOS is designed to be self-hosted: in most deployments the Service runs on infrastructure controlled by you (the operator or customer), and your data stays on your own servers. This policy describes the data practices of the FlameOS software and of B2B Growth Systems as the provider of the Service, including any connections you authorize (such as Google accounts) and any components we operate on your behalf.

Where you deploy FlameOS to serve your own clients or end-users, you act as the data controller for that data and FlameOS / B2B Growth Systems acts as a data processor. A separate Data Processing Agreement governs that relationship — see Section 8.

2 Information We Access

We access only the data needed to operate the features you turn on. This includes:

  • Account & profile data — name, email address, and login credentials you create for your FlameOS workspace.
  • Workspace content — the CRM records, contacts, companies, messages, documents, campaigns, and automation workflows you create or import.
  • Connected-service data — data from third-party accounts you explicitly connect via OAuth (for example Google Gmail and Google Calendar), used only to power the features you enable.
  • Technical/operational data — logs, error reports, and diagnostic information needed to keep the Service running and secure.

We do not require, and do not intentionally collect, special categories of personal data. Please don't store data in FlameOS that you are not authorized to process.

3 Google User Data Accessed via OAuth

When you connect a Google account to FlameOS, you authorize the Service — through Google's standard OAuth consent screen — to access specific Google data on your behalf. We request the narrowest scopes needed for the features you enable. Typical scopes and their purpose:

Google dataWhy FlameOS accesses it
Gmail (read / send / modify messages and labels) To let you read, classify, draft, send, and organize email from inside your FlameOS workspace and email-automation workflows — only the mailboxes you connect.
Google Calendar (events) To show, create, and update calendar events for scheduling, follow-ups, and meeting coordination you initiate inside FlameOS.
Basic profile (email, name) To identify the connected account and display which mailbox/calendar a given action belongs to.

You can review and revoke FlameOS's access at any time from your Google Account at myaccount.google.com/permissions. Revoking access stops further data access; see Retention for what happens to data already processed.

4 How We Use Your Data

We use the data described above solely to operate your own workflows and provide the Service you requested. Specifically:

  • To deliver the CRM, email, calendar, automation, and AI-assistant features you enable.
  • To run the automations and AI tasks you explicitly trigger or schedule.
  • To maintain, secure, troubleshoot, and improve the reliability of the Service.

We do not:

  • Sell, rent, or trade your data, or Google user data, to anyone.
  • Use your data — or Google user data — for advertising or to build advertising profiles.
  • Use Google user data to train, fine-tune, or improve generalized/AI/ML models.
  • Allow humans to read your Google user data, except in the narrow cases required by Google's Limited Use policy (see below).
Google API compliance

5. Limited Use & Google API Services User Data Policy

FlameOS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, Google user data obtained via Google APIs is:

  • Used only to provide or improve user-facing features that are prominent in the FlameOS interface and that the user has enabled;
  • Not transferred to or sold to third parties for advertising, market research, or other purposes, except as necessary to provide the Service, to comply with applicable law, or as part of a merger/acquisition with appropriate notice;
  • Not used to serve advertisements;
  • Not read by humans unless (a) we obtain the user's explicit consent for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized and used to maintain or improve the Service.

6 Where & How Data Is Stored

FlameOS is a self-hosted platform. In a self-hosted deployment, your workspace data, CRM records, messages, and any data retrieved from connected services (including Google data) are stored on your own infrastructure — the servers you control — not in a shared multi-tenant cloud operated by us.

OAuth tokens used to connect Google and other services are stored encrypted within your deployment and are used only to make the API calls needed for your enabled features. Where B2B Growth Systems operates managed components on your behalf, data is held on access-controlled, secured infrastructure under the same principles.

7 Data Retention

  • Workspace data is retained for as long as your account/workspace is active, or until you delete it.
  • Connected-service data (e.g., Google data) is retained only as long as needed to provide the feature that uses it, and is refreshed from the source rather than stockpiled where practical.
  • On revocation or disconnection of a Google account, FlameOS stops accessing that account and deletes the associated OAuth tokens. Cached copies created to deliver a feature are deleted on your request or within a reasonable period.
  • On account closure, your data is deleted or returned according to your instructions, subject to legal retention obligations.

8 Sharing & Sub-processors

We do not sell your data. We share data only with service providers ("sub-processors") strictly necessary to operate features you enable, and only to the extent required. Depending on which features you turn on, these may include:

  • Google LLC — when you connect Gmail / Google Calendar.
  • Infrastructure / hosting providers — for the servers on which a managed deployment runs.
  • AI model providers — when you use AI-assistant features, the specific content you submit to that feature may be processed by the configured model provider solely to return your result; it is not used to train their models where their terms allow opt-out, which we elect.

For client/customer personal data that you process using FlameOS, B2B Growth Systems acts as your processor under a Data Processing Agreement (DPA). Contact us to put a DPA in place before processing such data.

9 Your Rights & Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to erasure").
  • Export your data in a portable format.
  • Withdraw consent or disconnect any connected service at any time.

To exercise any of these rights, email james@b2bgrowth.systems. You can disconnect Google access yourself at any time via your Google Account permissions.

10 Security

We apply industry-standard safeguards to protect data, including encryption in transit (TLS), encrypted storage of OAuth tokens and secrets, access controls, and the principle of least privilege for service connections. Because FlameOS is self-hosted, the security of the underlying servers is a shared responsibility: we provide a secure platform, and you are responsible for securing the infrastructure you operate. No method of transmission or storage is perfectly secure, but we work to protect your information and will notify affected users of a material breach as required by law.

11 Children's Privacy

FlameOS is a business tool not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Continued use of the Service after changes take effect constitutes acceptance.

13 Contact Us

Questions, requests, or privacy concerns? Contact the data controller:

B2B Growth Systems
Product: FlameOS
Email: james@b2bgrowth.systems