Privacy & Data Processing
Last updated: March 14, 2026
What Contact Refiner does
Contact Refiner is a self-hosted tool that analyzes and cleans up your Google Contacts. It uses rule-based analysis and AI review to suggest formatting fixes, diacritics restoration, and data normalization. You review and approve every change before it is applied.
Data we access
Contact Refiner requests the following Google API scopes through OAuth2:
| Data | Purpose | Access type |
|---|---|---|
| Google Contacts | Analyze fields, suggest fixes, apply approved changes | Read + Write |
| Gmail (headers only) | Detect last interaction date for activity tagging | Read-only (metadata, not message bodies) |
| Google Calendar | Detect shared events for activity tagging | Read-only |
How data is processed
- Rule-based analysis — 25 rule categories check formatting, diacritics, phone numbers, email validity, and organization names. This runs entirely in your infrastructure with no external calls.
- AI review — Ambiguous changes (MEDIUM confidence) are sent to the Claude API (Anthropic) for a second opinion. Only the contact field values (names, phones, emails) are sent — no full contact profiles, no Gmail content, no calendar details.
- Human review — All changes require your explicit approval on the dashboard before being applied to your Google account.
LinkedIn matching
Contact Refiner can optionally match your Google Contacts against a LinkedIn connections export (CSV file you download from LinkedIn). This matching:
- Runs locally — the LinkedIn CSV is processed on your infrastructure only
- Uses fuzzy name matching to find potential matches
- Does not upload your LinkedIn data to any external service
- Does not access the LinkedIn API or scrape LinkedIn
Per GDPR Article 14, this constitutes processing personal data obtained from a source other than the data subject (your LinkedIn export). The legal basis is legitimate interest in maintaining accurate contact information.
Data storage
- Contact data stays in your Google account. Contact Refiner reads it, processes it in memory, and writes approved changes back. No contact data is stored permanently outside Google.
- Analysis results (change suggestions, review decisions, changelogs) are stored in a Google Cloud Storage bucket under your control.
- Learning memory (which corrections you approved/rejected) is stored in the same GCS bucket to improve future suggestions.
- AI review requests are sent to Anthropic's Claude API. Anthropic's data retention policy applies to these requests. No contact data is used for model training.
Third-party services
| Service | Data shared | Purpose |
|---|---|---|
| Google People API | OAuth token | Read/write contacts |
| Gmail API | OAuth token | Read email headers (metadata only) |
| Google Calendar API | OAuth token | Read event participants |
| Anthropic Claude API | Contact field values (names, phones, emails) | AI review of ambiguous changes |
| Google Cloud Storage | Analysis results, changelogs, memory | Persistent storage (your bucket) |
Data retention
- Contact backups: kept in GCS until you delete them
- Changelogs: kept indefinitely for audit trail
- Review sessions: kept indefinitely for learning
- Interaction cache: refreshed daily, 90-day lookback
- Queue statistics: 90-day rolling window
Your rights
Since Contact Refiner is self-hosted, you have full control over all data:
- Revoke Google OAuth access at any time via your Google Account settings
- Delete all stored data by clearing your GCS bucket
- Roll back any changes using the built-in rollback feature
- Export all analysis data from GCS at any time
Contact
Contact Refiner is developed by Instarea s.r.o., Bratislava, Slovakia.
For privacy-related questions, contact peter.fusek@instarea.sk.