Warm Intro Privacy Policy

Warm Intro is a relationship notebook and digital business card app published by Cerebro VC, LLC ("we," "our," or "Warm Intro"). You can reach us at michael@cerebro.vc. This policy describes what data the iOS/macOS app, App Clip, and the web property at intro.trywarm.app collect, how we use it, and the choices you have. The parent brand site at trywarm.app hosts a separate product with its own policy.

• Account identity. Email address, display name, and profile photo provided via Google Sign-In, Sign in with Apple, or an email magic-link. We use Supabase for authentication; Google Sign-In credentials never reach our servers.
• Profile fields you publish. The handle (slug), headline, company, title, bio, mobile, website, and social-link usernames you enter in the app. These are published to your public card at intro.trywarm.app/<handle> when you claim a handle. You can edit or clear any field at any time.
• Contacts you add. Names, emails, photos, and notes for the people you save. By default these live only on your device in an encrypted local database. Email/phone/photo enrichment from Apple Contacts requires your explicit permission and is read on-demand only — we don't upload your address book.
• Recent Gmail senders (optional, Gmail scope). If you grant the Gmail read scope during Google Sign-In, the app reads only the sender display name, sender email address, and timestamp of recent messages in your INBOX over the last 30 days. Message bodies, subjects, attachments, and labels are never read or stored. The summary is computed on-device and a single row keyed on your Supabase user id is mirrored to our backend. You can revoke Gmail access from your Google account permissions page.
• Upcoming calendar events (optional, Google Calendar scope). If you grant the Google Calendar read scope, the app reads the title, start time, end time, and attendee email addresses of events in your primary calendar over the next 30 days. Event descriptions, attachments, and any other calendar fields are not read. The data is used to surface a Meetings list inside the app so you can quickly note who you met after each meeting ends, and is mirrored to a single meetings row keyed on your Supabase user id. Revoke at any time from your Google account permissions page.
• Google Contacts (optional, Google Contacts scope). If you grant the Google Contacts read scope, the app reads display name, primary email, primary phone, organization, and job title of contacts in your Google address book. The data is presented as a picker so you can pick someone you already know instead of re-typing. Only the contact rows you explicitly import into a Warm Intro record are persisted; the full address book is not mirrored to our backend. Revoke at any time from your Google account permissions page.
• Notes and tasks. The markdown notes you write, including embedded images, are stored on your device. We do not sync note bodies to our servers. Tasks you assign to another Warm Intro user are synced through our backend so they can be delivered to the recipient.
• Handshakes and meetings. When you scan a QR/App Clip Code, tap an NFC sticker, or open a Warm Intro link to someone's card, our connect Edge Function joins both users' emails in a server-side connections table so the other person shows up in your recents and vice versa. A timestamped meeting row is recorded for each handshake (counterparty, arrival method, optional label/notes you add).
• Push tokens. If you grant notification permission (asked once after your first person tap, not on launch), we register your Apple Push token with our backend so we can deliver assigned-task alerts and confirmation pings. Tokens are scoped to your account and rotated by Apple.
• Diagnostics and crashes. Warm Intro writes a local diagnostics log on your device for crash recovery and slow-frame detection. The log stays on your device unless you explicitly share it with us through the in-app "Send feedback" sheet. Apple MetricKit reports — when iOS chooses to send them — are aggregated and not personally identifiable.

• To authenticate you and keep your sign-in active.
• To render your public profile card to people who follow your handshake link.
• To suggest people to add based on your recent Gmail senders and existing local contacts.
• To deliver assigned-task pushes and confirmation alerts to you and the people you collaborate with.
• To debug crashes and performance regressions before they reach more users.

We do not run any advertising network. We do not sell or rent personal data. We do not train AI models on your notes, your contacts, or your messages.

The vendors below process some of your data on our behalf. Each is contractually required to provide protection equal to or stronger than what this policy commits to.

• Supabase (authentication, database, real-time, Edge Functions, storage) — privacy policy.
• Google (OAuth sign-in; optional Gmail recent-sender reads; optional Google Calendar reads; optional Google Contacts reads) — privacy policy. See the Google API Services User Data Policy section below for the full Limited Use disclosure.
• Apple (Push Notification service, Sign in with Apple, App Clips, MetricKit, App Store Connect analytics) — privacy policy.
• Vercel (hosting for intro.trywarm.app) — privacy policy.

• On your device: notes, embedded images, local contact entries, diagnostics log.
• On our servers (Supabase, US region): account identity, published profile fields, handshake connections, meeting log, assigned-task records, push tokens.

Warm Intro's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Warm Intro requests the following Google OAuth scopes and uses the data for the following user-facing features only:

• gmail.readonly: read sender name + sender email + timestamp on recent INBOX messages to populate the in-app Discover tab that suggests people to add. Message bodies, subjects, labels, and attachments are never read or stored.
• calendar.readonly: read title + start/end time + attendees of upcoming events in your primary calendar to populate the in-app Meetings list and pre-fill follow-up notes.
• contacts.readonly: read display name + primary email/phone + organization + job title of your Google contacts to populate the in-app contact picker so you can save someone you already know without re-typing.

In accordance with Limited Use, Warm Intro:

1. Uses data accessed via these scopes only to provide or improve the user-facing features described above.
2. Does not transfer the data to third parties except (a) as necessary to provide or improve user-facing features (e.g., a single row mirrored to Supabase, our backend infrastructure provider), (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) as part of a merger, acquisition, or sale of assets with notice to you.
3. Does not use the data for serving advertising, building advertising profiles, retargeting, personalized advertising, credit-worthiness, or lending.
4. Does not allow humans to read the data, except (a) with your affirmative consent for a specific message, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
5. Does not use the data to develop, improve, or train generalized or non-personalized AI / ML models.

You can revoke Warm Intro's access to any Google scope at any time at myaccount.google.com/permissions. Revocation takes effect immediately; cached data on our servers is purged within 24 hours.

Local data persists on your device until you tap Settings → Delete account (which removes your server-side data, signs you out, and drops the cached account from this device's "Continue as…" picker), or until you delete the app from iOS. Signing out alone keeps your cached account so you can re-sign-in fast, but doesn't remove the underlying notes / contacts on this device. Server data persists until you request account deletion.

The fastest path to delete your account and all server-side data: in Warm Intro, tap Settings → Delete account and confirm. That one tap issues an authenticated request to our delete_account Edge Function, which permanently removes your auth row; every related table (notes, push tokens, assigned tasks, handshakes, meetings, profile card, account identifiers, connections) cascade- deletes from that. No grace period, no support ticket required.

If you've lost access to the app and can't reach the in-app button, email michael@cerebro.vc from the address tied to your account. We confirm receipt within 7 days and complete deletion within 30. Email aliases or hashes used for spam protection in backups may persist for an additional 90 days before purge.

To revoke an authorization you previously granted (Google, Apple, Gmail scope, push notifications, contacts, calendar), use the corresponding OS-level settings — Warm Intro will stop receiving that data immediately.

Depending on where you live, you may have the right to access a copy of your data, correct inaccuracies, restrict processing, object to processing, or transfer your data to another service. To exercise any of these rights, email michael@cerebro.vc and we'll respond within 30 days.

Warm Intro is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided personal information, please email us and we will delete it.

We will revise this page when our practices change. Material changes — new third parties, new categories of data, changed retention — will be announced in-app before they take effect. The "Effective" date at the top of this page tracks the most recent revision.

Questions about this policy or about how Warm Intro handles your data: email michael@cerebro.vc.