Privacy & Data Protection

Your data, your control. We take privacy seriously and comply with GDPR.

Last updated: October 24, 2025

Our Privacy Principles

🔒

Your Data Stays Yours

All data is stored in YOUR Google Sheet in YOUR Google Drive. We don't host your data on our servers.

🚫

No Data Selling

We will NEVER sell, rent, or share your personal data with third parties for marketing purposes.

GDPR Compliant

Full compliance with EU General Data Protection Regulation (GDPR). All rights respected.

🛡️

Minimal Access

We only request the minimum permissions necessary. Email content is NEVER accessed.

🔐

Secure Authentication

OAuth 2.0 authentication via Google. Your password is NEVER shared with us.

🗑️

Easy Deletion

Delete all your data at any time by simply deleting the spreadsheet from your Google Drive.

What Data We Access & Why

Calendar Data (Read-Only)

What we access:

  • Event titles
  • Event dates and times
  • Attendee email addresses
  • Event locations (optional)

Why we need it:

To track professional meetings and interactions. This data is used to build your contact database and calculate meeting frequency.

What we DON'T access:

Event descriptions, private notes, or any sensitive calendar data.

Storage: Calendar data is written to the "Interaction History" sheet in YOUR Google Drive. You can view, edit, or delete it at any time.

Gmail Data (Read-Only, Metadata Only)

What we access:

  • Sender email addresses
  • Recipient email addresses
  • Email dates
  • Sender display names (for name enrichment)

Why we need it:

To enrich contact data with email interaction history and correct auto-generated names.

What we NEVER access:

Email subject lines, email body content, attachments, or any message text.

Important: Gmail enrichment is OPTIONAL. You can use Relto with calendar-only sync and never grant Gmail access.

LinkedIn Data (User-Provided)

What we process:

  • LinkedIn connection names
  • Company names
  • Position titles
  • Connection dates
  • LinkedIn profile URLs

How we get it:

YOU download your LinkedIn data from LinkedIn and upload the CSV file to Relto. We don't have direct API access to LinkedIn.

What happens to it:

LinkedIn data is stored in two sheets ("linkedin connections" and "linkedin invitations") in YOUR spreadsheet. You control this data entirely.

No LinkedIn API: Relto does NOT connect to LinkedIn's API. All LinkedIn data is user-provided via CSV export, respecting LinkedIn's terms of service.

GDPR Compliance

The General Data Protection Regulation (GDPR) grants EU citizens specific rights regarding their personal data. Relto fully respects these rights:

Right to Access (Art. 15 GDPR)

Your right: You can access all your personal data at any time.

How Relto complies: All your data is stored in a Google Sheet you own. You can open the sheet anytime to view, download, or export your data. No request needed.

Right to Rectification (Art. 16 GDPR)

Your right: You can correct inaccurate personal data.

How Relto complies: Use the inline editing feature in the Data Quality tab, or directly edit your Google Sheet. Changes are reflected immediately.

Right to Erasure (Art. 17 GDPR - "Right to be Forgotten")

Your right: You can request deletion of your personal data.

How Relto complies: Simply delete the spreadsheet from your Google Drive. Since we don't store your data centrally, deletion is immediate and complete. To revoke Relto's permissions, go to your Google Account → Security → Third-party apps with account access.

Right to Data Portability (Art. 20 GDPR)

Your right: You can receive your data in a machine-readable format and transfer it to another service.

How Relto complies: Your data is already in Google Sheets format, which is fully exportable as CSV, Excel, or other formats. Export at any time via File → Download in Google Sheets.

Right to Object (Art. 21 GDPR)

Your right: You can object to processing of your personal data.

How Relto complies: Stop using Relto at any time. Uninstall the app and delete the spreadsheet. No data is processed after that.

Right to Restriction of Processing (Art. 18 GDPR)

Your right: You can request restriction of data processing.

How Relto complies: Pause syncing at any time. Relto only processes data when you actively trigger a sync. No background processing without your action.

Data Retention & Security

How Long We Keep Data

Your contact data:

Stored in YOUR Google Sheet indefinitely until YOU delete it. We have no control over this data's retention period.

License verification data:

We store minimal license information (email, plan, status) on our servers for subscription management. Retained for 7 years after subscription ends (accounting requirements).

Usage analytics:

Anonymous usage statistics (feature usage, sync counts) are stored for product improvement. No personally identifiable information is included. Retained for 2 years.

Important: Since your contact data lives in YOUR Google Drive, Google's data retention and backup policies apply, not ours.

Security Measures

  • OAuth 2.0: Secure, industry-standard authentication
  • HTTPS only: All communication is encrypted in transit
  • No password storage: We never see or store your Google password
  • Minimal server-side data: Only license info, no contact data
  • Google's infrastructure: Your data benefits from Google's enterprise security
  • Regular audits: Code reviews and security testing
Google Apps Script: Runs in Google's secure environment, not on our servers. Your data never leaves Google's infrastructure.

Third-Party Services

Relto uses the following third-party services:

Google Workspace

Purpose: Application hosting, data storage, authentication

Data shared: Your calendar and Gmail data (with your permission)

Privacy policy: Google Privacy Policy

Stripe

Purpose: Payment processing and subscription management

Data shared: Email, payment information (credit card details go directly to Stripe, we never see them)

Privacy policy: Stripe Privacy Policy

Heroku (Salesforce)

Purpose: Hosting for license verification API

Data shared: Email, license status (no contact data)

Privacy policy: Salesforce Privacy Policy

No other integrations: Relto does NOT use analytics trackers (Google Analytics, Facebook Pixel, etc.) or advertising networks.

Questions About Privacy?

We're here to help. Contact us anytime with privacy-related questions.

Contact Privacy Team

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: dpo@relto.io

Supervisory Authority

If you're located in the EU and have concerns about our data handling practices, you have the right to lodge a complaint with your local data protection authority.