← Back to dashboard

Privacy Policy

Last updated: June 2026

1. Introduction

ColdToWarm (“we”, “us”, “our”) is a platform that helps university students connect with alumni for career networking. This Privacy Policy explains what data we collect, how we use it, and your rights with respect to that data. By using ColdToWarm, you agree to the practices described in this policy.

2. Information We Collect

  • Account information: Name, preferred name, university, graduation year, major, and current roles — provided during onboarding.
  • University email address: Collected during .edu verification to confirm your student status.
  • Gmail access: If you connect Gmail, we request the gmail.send scope only. We send emails on your behalf but do not read, store, or access your Gmail inbox or any existing emails.
  • Usage data: Search queries and outreach activity within the platform.
  • Alumni data: Publicly available professional information (name, title, employer, university).

3. How We Use Your Information

  • To provide the core service: finding alumni and sending outreach emails.
  • To verify university affiliation via your .edu email address.
  • To personalize email templates with your profile information.
  • We do not sell your data to third parties.
  • We do not use your data for advertising purposes.

4. Gmail API Usage

ColdToWarm uses the Gmail API solely to send emails you compose within the platform. We do not read your emails, access your contacts, or store your Gmail credentials beyond the OAuth refresh token required to maintain your connection.

Our use of Gmail API data is strictly limited to sending outreach emails that you explicitly initiate. We do not use Gmail data for any other purpose, including training, analytics, or advertising.

ColdToWarm's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Storage

Your data is stored securely in Supabase (PostgreSQL) with row-level security enabled. Gmail OAuth tokens are stored encrypted and used only to send emails on your behalf. We apply industry-standard security practices to protect your information from unauthorized access.

6. Third-Party Services

  • Supabase: Database and authentication infrastructure.
  • Google Gmail API: Sending outreach emails you compose in the platform.
  • Resend: Sending transactional emails such as .edu verification links.

7. Your Rights

You can delete your account and all associated data at any time by contacting us at hello@coldtowarm.io. You may also revoke Gmail access at any time from your Google account settings at myaccount.google.com/permissions.

8. Contact

For any questions about this Privacy Policy, please contact us at hello@coldtowarm.io.

Terms of ServiceDashboard