Privacy Policy
Effective date: June 29, 2026 (rev. 1)

Contact Gleaner (“Contact Gleaner,” “we,” “us,” or “our”) is a service operated by TMR Solutions, LLC, a North Carolina limited liability company. This Privacy Policy explains what information we access, how we use it, who we share it with, and the choices you have. You accept this Privacy Policy by affirmatively accepting it when prompted — for example, by reviewing it and selecting “I attest & agree” in the acceptance dialog that Contact Gleaner presents when you sign in, and again whenever it is materially updated. By doing so, the user attests and covenants that they have read, understood, and agreed to this policy.
1. Who we are
TMR Solutions, LLC operates Contact Gleaner at www.contactgleaner.com. For any privacy question, contact us at support@contactgleaner.com.
2. Geographic scope and eligibility
Contact Gleaner is offered exclusively to users who are not residents of, and are not physically located in, the State of California or any member state of the European Union or European Economic Area (“Excluded Jurisdictions”). The Service is not directed at, and may not be used by, California consumers or residents as defined under the California Consumer Privacy Act (CCPA), or by residents or data subjects located in the EU or EEA.
The user attests and covenants that at the time of registration and at all times during use of the Service: (a) they are not a California resident or consumer; (b) they are not physically located in California, the EU, or the EEA; and (c) they are not accessing the Service on behalf of a person or entity located in any Excluded Jurisdiction. If you become a resident of an Excluded Jurisdiction after registering, you must immediately discontinue use of the Service and contact us at support@contactgleaner.com to close your account.
TMR Solutions LLC reserves the right to terminate accounts of users who are or become residents of Excluded Jurisdictions. This restriction will be revisited and updated as the Service expands its geographic offering.
3. What Contact Gleaner does
Contact Gleaner connects to your Microsoft 365 / Outlook mailbox, reads the email signatures and contact details in your messages and calendar, uses AI to extract names, titles, companies, phone numbers, and email addresses, and then saves the approved results as contacts in your own Microsoft account. The goal is simple: contacts you already received in email appear in your address book without manual typing. Contact Gleaner also reads the contacts you already have so it recognizes them and does not add them a second time, and it reads your Outlook working-hours setting so it can run scans around your workday.
4. Information we access and store
Information you provide
- Your name and email address, provided by Microsoft when you sign in.
- Payment information, which you enter directly with our payment processor, Stripe. We never see or store your full card number.
- Anything you send us through the feedback form (your message, optional screenshot, and email address).
Information we access from your mailbox
With your permission (granted through Microsoft sign-in), we access your email messages, calendar events, and contacts in order to find and extract contact details. We request the minimum Microsoft Graph permissions needed: read access to mail and calendar, read/write access to contacts (so we can add the contacts you approve), and read access to your mailbox settings (for the working-hours setting described below). We do not request permission to send email or modify your messages.
To schedule scans around your workday, we also read your Outlook working-hours setting — your working days, start and end times, and time zone — through Microsoft Graph (the MailboxSettings.Read permission). We use this only to time scans, and for no other purpose.
So that we never add a contact you already have, Contact Gleaner reads your existing Outlook contacts (your address book) using the contacts permission you already grant when you connect your account — no additional permission is requested for this. We recognize the people you already have so we do not add them to your contacts a second time. When an incoming email contains details for someone already in your contacts that you did not previously have — for example a phone number or job title — we surface it for you to approve; we do not change your existing contacts without your action (unless you turn on Fully Automatic — see §6a). To do this we store a copy of your contacts and a privacy-preserving index of their email addresses (hashed — never kept as readable text), encrypted at rest. This information comes only from your own mailbox, never from data brokers or third parties.
What we keep in our own system
- Your account record: your Microsoft user ID, email, display name, and subscription tier.
- Microsoft access tokens: stored encrypted at rest so the service can scan on your behalf. These are never shown in our app or shared.
- Extracted contact data: the contact details we pull from your mailbox so we can de-duplicate and avoid re-processing the same items.
- Billing records: your Stripe customer and subscription identifiers and plan status (not card numbers).
- Feedback submissions: messages you choose to send us.
- A copy of your existing Outlook contacts and a hashed index of their email addresses, so we can recognize people you already have and avoid adding duplicates (encrypted at rest).
- Your settings and preferences: communication and digest preferences, automation settings, time zone and working hours, and connection-status timestamps.
Sign-in and security logs
Each time someone attempts to sign in to Contact Gleaner — including attempts that do not result in an account — we record information about the attempt: the email address used, its organization domain, the Microsoft tenant and user identifiers, the IP address, the result of the attempt, and the date and time. We use this to protect the Service against abuse and fraud and to understand interest in the Service. We do not store the person’s name in these records. We retain records of sign-in attempts that do not result in an account for up to six (6) months and then delete them; records of successful sign-ins are part of your account activity and are kept as described elsewhere in this policy.
5. How we use your information
- To scan your mailbox and extract contact details.
- To write approved contacts back to your Microsoft account.
- To run your account, process payments, and provide support.
- To schedule scans around your working hours and time zone.
- To improve the reliability and accuracy of the service.
- To send you service-related messages — for example, billing or support replies, an optional periodic Morning Update / Roundup summarizing the contacts we found or saved (you choose the frequency, or turn it off), and occasional service notices such as a prompt to reconnect Outlook if your connection lapses.
We do not sell your data, and we do not use the contents of your mailbox for advertising.
6. AI processing
We use Anthropic’s Claude AI to read email signatures and extract contact details. Text from your messages is sent to Anthropic only for this signature-parsing step. We do not use external data brokers or third-party lookups to enrich contacts. Anthropic processes this data as our service provider and does not use it to train its models on our behalf. The user attests and covenants that they understand AI-generated contact details may contain errors and that they accept responsibility for reviewing all extracted contacts before use.
6a. Automated processing and Fully Automatic mode
If you turn on Fully Automatic mode, you authorize Contact Gleaner to save new contacts and apply updates to your Outlook contacts on your behalf, without reviewing each one first. We only auto-save contacts we can complete with confidence; possible duplicates and incomplete entries are held for your manual review. You can turn Fully Automatic off at any time, and we ask you to confirm the setting each month. This is automated processing that you control; it produces no legal or similarly significant effects. When Fully Automatic is off, nothing is written to your contacts without your explicit approval of each one.
7. Who we share information with (subprocessors)
We share data only with the service providers needed to run Contact Gleaner. A current list with links to each provider’s terms and privacy policy is published at contactgleaner.com/third-party. Current subprocessors:
- Microsoft — the source of your mail/calendar/contacts and your sign-in identity.
- Anthropic — AI signature parsing (see above).
- Railway — application hosting and our PostgreSQL database.
- Vercel — hosting of our website front-end.
- Stripe — payment processing.
- Resend — delivery of transactional and support email.
- Sentry — error monitoring and telemetry.
We may also disclose information if required by law, or to protect the rights, safety, or property of our users or TMR Solutions, LLC.
8. Data retention
Upon cancellation or deletion of your account, your personal data will become immediately inaccessible. TMR Solutions LLC will permanently delete your stored data — including extracted contact data and Microsoft access tokens — within 30 days. The user attests and covenants that they understand this deletion is irreversible and that TMR Solutions LLC has no obligation to retain or recover deleted data. Limited billing records may be retained longer where required for tax, accounting, or legal purposes. We also retain a record of your acceptance of our Terms of Service and this Privacy Policy — including the date and time, the version of each document you accepted, and the IP address used — for the life of the Service and for as long as needed to establish or defend legal claims, even after your account is deleted. Contacts already written to your Microsoft account remain yours and are unaffected by deletion of your Contact Gleaner account.
9. Your rights and choices
- Disconnect at any time: the user attests and covenants that they understand they may revoke Contact Gleaner’s access from their Microsoft account security settings at any time, which immediately stops all scanning.
- Access, export, or delete your data: contact support@contactgleaner.com and we will help you access, export, or delete your personal data.
- Users outside the Excluded Jurisdictions defined in §2 who have questions about their data rights may contact us at support@contactgleaner.com.
10. Security
We protect your data with industry-standard measures: encrypted connections (HTTPS), Microsoft access tokens encrypted at rest, OAuth-only sign-in (we never store a password), rate limiting, and least-privilege access permissions. No system is perfectly secure, but we work to safeguard your information and limit what we collect.
10a. Breach notification
In the event of a security incident that results in unauthorized access to or disclosure of your personal data, TMR Solutions LLC will notify affected users within 30 days of becoming aware of the breach. Notice will be sent to the email address on file for your account. TMR Solutions LLC will take reasonable steps to investigate and remediate any confirmed breach.
11. International users
Contact Gleaner is operated from the United States, and your information is processed and stored in the United States. As set forth in §2, the Service is not available to EU or EEA residents. Users accessing the service from outside the U.S. (and outside the Excluded Jurisdictions) attest and covenant that they consent to this transfer and processing.
12. Children
Contact Gleaner is a business tool not intended for anyone under 18, and we do not knowingly collect data from children. The user attests and covenants that they are 18 years of age or older.
13. Changes to this policy
We may update this policy from time to time. When we do, we will revise the effective date above and, for material changes, provide additional notice.
14. Contact us
Questions about privacy? Email support@contactgleaner.com or write to TMR Solutions, LLC, North Carolina, USA.