We’re asking you to trust us with your most valuable company data, and you deserve to know—in plain English—how we’ll handle it.
You authorize Carom through Google or Microsoft directly. They hand us a token you can revoke at any time, from their site, without asking us.
We ask for the smallest amount of access we can to fulfill our promises to you, and we never import data we don’t need.
Carom reveals what’s in your inbox—we don’t try to replace it. We never modify or delete your data, so you maintain the canonical records.
You decide what your team sees, contact by contact or thread by thread. Threads you keep private are visible to you and no one else.
Every connection uses bank-level cryptography to transmit information, and stored content is encrypted.
Cancel anytime. We delete all your data within thirty days of cancellation, and your inbox (as always) remains your own.
When you connect a mailbox, you authorize access just to the minimal set of data possible through your email provider (Google or Microsoft). Your provider gives us a random token that we can use to access data Carom uses, so we never see your password. You can revoke that token from your provider’s security settings at any time.
We never store data that isn’t directly shown in Carom (email subjects, contacts, etc.) or used to power the screens we display (internal IDs that allow us to identify emails sent to multiple mailboxes, for example). In practical terms, that data includes:
We fetch and store full message text and attachments when we need them—to display a thread, preview or download a file, or let an agent summarize a conversation. We do not and will not sell or share your content with anyone, for any reason.
We’re always balancing privacy and transparency: our goal is to enable collaboration, after all. But we follow the principle that anything you share with colleagues is done explicitly. You (or your account administrator) can create shared mailboxes, like sales@yourorganization.example, which you can choose to show to people in your organization. Your own emails, files, and events are never shared within your account unless you explicitly choose to share them, and you can limit that sharing to certain individuals or groups and revoke access at any time.
Carom’s agents—the ones that summarize threads, tag conversations, and turn emails into tasks—need access to your information to work. If you don’t want them to see this data, you can turn them off. Your data is not used to train any AI models.
Carom runs on infrastructure hosted with Ubicloud and Amazon Web Services, with stored content encrypted and access to our servers tightly restricted. The complete, current list of vendors we partner with to deliver our services is always in our Privacy Policy.
Cancel whenever you like. We’ll terminate billing as soon as you cancel, and you can choose to end your access then or at the end of your current billing period. Within thirty days of closing your account, we delete the data you provided and everything we imported from your mailboxes.
This page is the deal in plain English; the Privacy Policy is the same deal in full detail. If anything here is unclear—or you have a question we didn’t answer—email us at partner@carom.io and we’ll walk you through it.
Want to see Carom without connecting anything?
The live demo runs on sample data—no signup, no email access, nothing to revoke.