samplesize.io

Privacy Policy

Last updated: December 26, 2025

1. Introduction

Samplesize ("we," "our," or "us") is an email outreach and research participant management tool designed for UX researchers. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using Samplesize, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we collect:

  • Email address — Your Google account email for authentication and identification
  • Name — Your display name from your Google profile

2.2 Contact Information

When you add contacts to Samplesize, we store:

  • Contact email addresses — Encrypted at rest using AES-256-GCM encryption
  • Contact names — Optional, as provided by you
  • Engagement status — Whether you've reached out, received a reply, or scheduled a meeting
  • Outreach count — Number of emails sent to each contact through Samplesize

2.3 Email Metadata

When you send emails through Samplesize, we store minimal metadata:

  • Gmail message ID — A unique identifier assigned by Gmail
  • Thread ID — For tracking email conversations and detecting replies
  • Subject line — The email subject you composed
  • Timestamps — When emails were sent and follow-ups scheduled

Important: We do NOT store email body content. The full content of your emails remains only in your Gmail account. Gmail is the source of truth for all email content.

2.4 OAuth Tokens

To enable features like automated follow-up emails, we store OAuth tokens that allow us to send emails on your behalf. These tokens are:

  • Encrypted at rest using AES-256-GCM encryption with unique initialization vectors
  • Stored only on our secure servers, never exposed to client-side code
  • Used solely for sending emails you explicitly configure and checking for replies

3. Google API Access

Samplesize requests the following Google API permissions:

PermissionPurpose
gmail.sendSend outreach emails and follow-ups through your Gmail account
gmail.readonlyCheck if contacts have replied to your emails (reads thread metadata only, not inbox content)
calendar.eventsDetect if you have scheduled meetings with contacts

What We DO NOT Do

  • We do NOT read your existing emails or browse your inbox
  • We do NOT access emails unrelated to Samplesize outreach
  • We do NOT store email body content on our servers
  • We do NOT share your Gmail data with third parties
  • We do NOT send emails without your explicit action (except scheduled follow-ups you configure)

4. How We Use Your Information

We use the collected information to:

  • Authenticate you and provide access to your organization's workspace
  • Send personalized outreach emails on your behalf through your Gmail account
  • Send automated follow-up emails when you configure them
  • Track engagement status (sent, replied, meeting scheduled)
  • Enable team collaboration within your organization
  • Improve and maintain our service

5. Data Storage and Security

5.1 Encryption

  • Contact emails — Encrypted using AES-256-GCM with unique initialization vectors
  • OAuth tokens — Encrypted using AES-256-GCM with unique initialization vectors
  • Data in transit — All communications use TLS/SSL encryption

5.2 Data Isolation

All data is scoped to your organization. Users can only access contacts, studies, and email data belonging to their organization. Cross-organization data access is not possible.

5.3 Infrastructure

Our service is hosted on secure cloud infrastructure with industry-standard security practices. We use PostgreSQL for data storage with encrypted connections.

6. Data Retention

  • Account data — Retained until you delete your account
  • Contact data — Retained until you archive/delete contacts or delete your organization
  • Email metadata — Retained for engagement tracking; deleted when organization is deleted
  • OAuth tokens — Refreshed automatically; cleared on account deletion or access revocation

7. Your Rights

You have the right to:

  • Access — View your data through the Samplesize interface
  • Correction — Update your contact information at any time
  • Deletion — Delete your organization and all associated data
  • Revocation — Revoke Samplesize's access to your Google account through your Google Account settings

8. Third-Party Services

Samplesize integrates with:

  • Google — For authentication and Gmail/Calendar API access (governed by Google's Privacy Policy)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@samplesize.io

← Back to home