Privacy Policy

Parlo is operated by KOLEGIO d.o.o., the data controller for the personal data described in this policy.

• Address: Voćarska cesta 20, 10000 Zagreb, Croatia
• Contact: hello@getparlo.io
• Privacy contact / representative: Mislav Odak (hello@getparlo.io)

Google data (via OAuth). With your permission, we access:

• Gmail messages (read), the ability to send email on your behalf, and Gmail labels and read-state.
• Google Calendar events (read and create, including Google Meet links).
• Google Tasks (read and create).
• Google Contacts, including "other contacts" (read-only), to resolve recipient names to email addresses.

WhatsApp data. Your phone number and the messages and voice notes you send to Parlo.

Account data. Your name, email, chosen language, timezone, and authentication identifiers.

Derived data. AI classifications, summaries, draft text, per-contact language and writing-style profiles, and an activity / audit log.

• Performance of contract — to provide the Parlo service you signed up for (triage email, draft replies, manage calendar/tasks, deliver reminders, transcribe voice notes).
• Consent — to connect your Google account and access Gmail, Calendar, Tasks, and Contacts. You can withdraw this consent at any time.
• Legitimate interests — to keep the service secure, prevent abuse, debug issues, and improve user-facing features.
• Legal obligation — to comply with applicable laws.

Parlo's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Google user data is:

• used only to provide and improve user-facing features of Parlo;
• not sold to anyone;
• not used for advertising;
• not used to develop, improve, or train generalized AI/ML models.

Humans do not read your Google user data, except: (a) for security purposes (e.g. to investigate abuse), (b) to comply with applicable law, (c) with your explicit consent, or (d) on aggregated or anonymized data that does not identify you.

To perform the features you ask for, the contents of relevant emails and your voice-note transcripts are sent to our AI subprocessors:

• Anthropic (Claude) — processes email subjects and bodies, your instructions, and voice transcripts to classify, summarize, draft, search, and answer. Email content is sent here.
• Groq — transcribes voice notes you send on WhatsApp.

Under our agreements with these providers, your data is not used to train their models.

We use the following subprocessors, who act on KOLEGIO d.o.o.'s instructions:

• Google — your connected data source (Gmail, Calendar, Tasks, Contacts).
• Anthropic — AI processing of email content, instructions, and transcripts.
• Groq — voice-note transcription.
• Meta Platforms (WhatsApp Business Platform) — the messaging channel.
• Clerk — user authentication.
• Cloudflare — hosting, database, object storage, queues.
• Stripe — payment processing (only if/when paid plans are enabled; currently unused).

Some of these providers are based in the United States. International transfers of personal data outside the EU/EEA occur under the European Commission's Standard Contractual Clauses or an equivalent lawful transfer mechanism.

Parlo is hosted on Cloudflare (Workers, D1 database, R2 object storage, KV, Queues). Email bodies, attachments, and voice notes may be cached or stored to provide the service.

Security measures include:

• Google OAuth tokens are encrypted at rest with per-user derived keys.
• Access controls and audit logging for production systems.
• Transport encryption (TLS) for data in transit.

Retention. We keep account data and derived data for as long as your account is active. Cached email content, attachments, and voice notes are kept only as long as needed to provide the service. When you delete your account, your stored content and derived data are deleted from our systems.

Under the GDPR, you have the right to:

• access your personal data;
• have inaccurate data corrected;
• have your data erased;
• restrict or object to certain processing;
• data portability;
• withdraw consent at any time.

How to exercise them:

• Revoke Parlo's access to your Google account anytime at myaccount.google.com/permissions.
• Unpair WhatsApp from inside Parlo.
• Request account and data deletion by emailing hello@getparlo.io.

You also have the right to lodge a complaint with the Croatian supervisory authority, Agencija za zaštitu osobnih podataka (AZOP).

Our website uses only the cookies and local storage strictly necessary to operate the site (for example, to keep you signed in and remember your language). If we introduce analytics or non-essential cookies in the future, we will update this policy and, where required, ask for your consent.

Parlo is not intended for users under 18. We do not knowingly collect personal data from anyone under 18.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you in-app or by email.

Questions or requests? Email us at hello@getparlo.io.