Privacy Policy

1. How we use and share personal information

We limit the collection and processing of personal information to what we or our customers need for our business purposes, as explained in the table below and the following text.

In addition to the uses of personal information set forth in the table above, we may use personal information we obtain for the purposes of analyzing how our Services are used as well as for the improvement, security, maintenance and administration of the Services.

We use Stripe to facilitate remittance of payments from Companies for setting up requested connections. We also use Gusto and Tremendous to allow Connectors to claim any earnings associated with facilitating connections. These third parties process your personal information using their own services and have their own independent relationship with you. Accordingly, we recommend you review their privacy policies to understand how they process your personal information.

2. Automated processing and relationship signal analysis

As part of providing our Services, we use automated means to analyze personal information we collect from sources other thanGoogle APIs (such as social network and connection information, LinkedIn data, and user profile information you have provided to Atrios) to generate insights about the strength, nature, and potential value of professional relationships (“Relationship Signals”). This automated processing helps us identify, score, and recommend potential Matches between Connectors and Companies. Google Calendar data is not used as an input to this cross-user matchmaking processing. Google Calendar data is used only for the personal, user-facing features described in sections 3 and 4 below, and is shown only to the authorizing user.

Our automated processing systems may employ a range of computational and analytical techniques, which may include but are not limited to: rule-based logic, statistical methods and statistical modeling, heuristic algorithms, machine learning models, and other algorithmic decision-support methods. These systems are applied to your information to generate Relationship Signals at the time the Services are rendered. We do not use data obtained from Google APIs (including Google Calendar) to develop, improve, train, or fine-tune generalized or non-personalized machine learning, artificial intelligence, or large language models, and we do not feed Google Calendar data into any cross-user matchmaking, ranking, or lead-scoring model. The systems may analyze factors such as: professional network overlap and connection depth derived from LinkedIn and social network data; and contextual indicators derived from user-provided profile information. The outputs of this processing are used internally to rank, order, score, prioritize, or otherwise characterize the relative strength, quality, or potential value of a Connector’s relationship with a potential lead and to surface, recommend, or facilitate Matches.

This automated processing is performed internally by Atrios and is not shared with or performed by third-party advertising networks, data brokers, or other external parties. The specific methodologies, algorithms, model types and architectures, feature sets, weighting criteria, computational approaches, and technical implementations used in our automated processing may evolve, change, or be replaced over time as we refine, improve, and advance our Services and technological capabilities. We use these methods solely for the internal purpose of facilitating professional introductions within our Services. We do not use automated processing for purposes of behavioral advertising, cross-context behavioral tracking, targeted advertising to third parties, sale of personal information, or marketing activities outside of the Atrios platform.

Zoom integration. When you connect a Zoom account to Atrios, we read your basic profile information (such as email address and display name) and create meetings on your behalf via Nylas, our calendar integration provider. Meeting join URLs are stored in our database to display in our user interface and, where enabled, to allow our AI notetaker to join the meeting on your behalf. Atrios does not store your Zoom OAuth tokens directly; the OAuth grant is held by Nylas. You may disconnect Zoom at any time from Atrios Settings or by revoking access in your Zoom account.

Our automated processing does not make decisions that produce legal effects concerning individuals or similarly significantly affect individuals as those terms are understood under applicable privacy laws, including GDPR Article 22 and California Consumer Privacy Act (as amended by the California Privacy Rights Act) provisions regarding automated decision-making and profiling. The outputs of our automated systems serve as decision-support tools that inform and assist human decision-makers (both Connectors and Companies) in evaluating potential professional connections, but final decisions regarding whether to pursue, accept, or facilitate any introduction or business relationship remain under human control and judgment. While our processing may constitute “profiling” as defined under certain privacy regulations (such as processing to evaluate, analyze, or predict aspects related to professional relationships), it does not result in automated decisions with legal or similarly significant effects. If you have questions about the automated processing applied to your information, wish to exercise any rights you may have in connection with such processing (including rights to opt out of profiling under applicable law), or seek human review of any automated outputs, please contact us through any of the means outlined in section 12, below.

3. How we use Google Calendar data

If you choose to connect your Google Calendar to Atrios, we access a limited set of Google Calendar metadata solely to power user-facing features of the Services that are prominent in the Atrios user interface and that directly benefit you, the authorizing user. Specifically, we access:

• Calendar event metadata such as attendee email addresses, event titles, start and end times, and the calendars on which events are scheduled.

We do not access, read, or store the substantive body content of calendar event descriptions, attachments, or notes. We do not request access to Gmail content, message bodies, or any Google Workspace data outside of the Google Calendar metadata described above.

How this data directly benefits you, the user. Atrios uses your Google Calendar metadata exclusively to provide you with the following user-facing features inside the Atrios UI:

• A personal “relationships” view inside the Atrios product that helps you see which people in your professional network you have recently met with or scheduled time with, so you can keep track of your own relationships and decide who you would feel comfortable personally introducing.
• On-screen indicators that help you, the authorizing user, evaluate the strength and recency of your own relationship with a contact before you decide whether to initiate an introduction.
• Operational features that maintain, secure, and troubleshoot the Google Calendar integration on your account (for example, refreshing tokens, detecting sync errors, and responding to your support requests).

What we do not do with Google Calendar data. We do not transfer Google Calendar metadata, or insights derived from it, to companies, advertisers, data brokers, or any other third party. We do not display your Google Calendar metadata to any other user of Atrios, and we do not surface Google-derived relationship insights to companies or to any other third party. When you personally decide to send an introduction through Atrios, the only information shared with the recipient company is the contact information and message that you choose to share at that moment as part of the user-initiated introduction; the underlying Google Calendar metadata is not transferred.

We do not use Google Calendar data for advertising, retargeting, personalized or interest-based advertising, sale of personal information, lead generation, prospect enrichment, matchmaking offered to third parties, determining credit-worthiness, lending purposes, or any other purpose unrelated to the user-facing Calendar features described in this section.

4. Automated processing of Google Calendar data

To power the user-facing relationships view described in section 3, Atrios applies automated processing to your Google Calendar metadata at the time you view the relevant screen in the Atrios UI. This processing produces personalized, on-screen indicators that help you evaluate your own relationships. Outputs are shown only to you, the authorizing user.

We do not use Google Calendar data to develop, train, fine-tune, or improve any generalized or non-personalized machine learning, artificial intelligence, or large language models, nor any cross-user matchmaking model. Specifically:

• We do not use Google Calendar data to train, fine-tune, evaluate, or otherwise improve any AI/ML model that is shared across users or that produces outputs for users other than you.
• We do not use Google Calendar data to train or fine-tune any first-party or third-party AI models or large language models (LLMs).
• We do not feed Google Calendar data into any cross-user matchmaking, ranking, or lead-scoring model. Any cross-user matching performed by Atrios uses only data sources other than Google Calendar (such as data you have publicly shared on LinkedIn, profile information you have provided to Atrios, and information provided by the requesting company).
• We do not build databases of Google Calendar data and we do not create permanent copies of Google Calendar content. We honor applicable Google API cache headers and refresh Google Calendar metadata directly from Google rather than relying on stale local copies for model development.

Where Atrios uses third-party AI services to support user-facing features, those services are bound by data processing agreements that prohibit them from using data we send to them to train, fine-tune, or improve their own models.

5. Limited Use of Google user data

Atrios’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The use of information received from Google Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. In particular:

• We only request access to the Google user data needed to provide or improve the user-facing features of the Services that are prominent in the requesting application’s user interface.
• We do not transfer Google user data to others as necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with user notice as required by law).
• We do not use or transfer Google user data for serving advertisements, including retargeted, personalized, or interest-based advertising.
• We do not use or transfer Google user data for determining credit-worthiness or for lending purposes.
• We do not allow humans to read Google user data unless we have your affirmative agreement to do so for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations limited to data that has been aggregated and anonymized.
• We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine learning models.
• We do not build databases of Google user data and we do not create permanent copies of Google user data. We honor applicable Google API cache headers and the caching restrictions in Section 5(e) of the Google APIs Terms of Service.

6. Retention and revocation of Google Calendar data

You may revoke Atrios’s access to your Google Calendar at any time by disconnecting the integration from your Atrios Settings page, or by removing Atrios from the third-party applications connected to your Google Account.

When you disconnect the integration, Atrios stops ingesting new Google Calendar data and revokes the OAuth tokens associated with your account. Atrios does not keep permanent or cached copies of Google Calendar content for purposes other than providing the user-facing features described in section 3. Any personalized relationship indicators previously derived from your Google Calendar data are deleted or de-identified within a reasonable period after disconnection, and the underlying Google Calendar metadata is purged in accordance with our data retention practices and the Google API Services User Data Policy.

You may also request deletion of your account and associated data at any time by contacting us using the methods described in the “Contacting Us” section below.

7. Disclosure and sharing

In addition to the sharing with the third parties described in the table above, we and our customers may also share your personal information with:

• Service providers. We share your personal information with third parties that provide services to us, such as billing, data storage, quality assurance, web hosting, text messaging, security, fraud prevention, website analytics, and marketing. We engage these kinds of third parties with contracts that require them to use your personal information only to deliver the services for which we have engaged the third party and as required by law.
• Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law.
• Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.

We may also disclose personal information to third parties with your consent or at your direction.

8. Security, quality, and retention

We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession from misuse, interference, loss, unauthorized access, unauthorized modification, or unauthorized disclosure. While we make every reasonable effort to help ensure the integrity and security of our network and systems, you should understand that no data storage system or data transmission over the internet or any other public network can be guaranteed to be completely secure, accurate, complete, or current.

We also take reasonable steps to ensure that the personal information we collect is sufficiently accurate, up-to-date, and complete for the purposes for which we process it.

We retain personal information for as long as necessary for the purposes we use it, or for the time required by law. What is necessary depends on the context and purpose of processing. We generally consider the following factors when we determine how long to retain personal information:

• retention periods established under applicable law;
• industry best practices;
• whether the purpose of processing is reasonably likely to justify further processing;
• risks to individual privacy in continued processing;
• applicable data protection impact assessment;
• information systems design considerations/limitations; and
• the costs associated with continued processing, retention, and deletion.

With regard to the personal information we process on behalf of our customers (i.e., in our role as a “service provider” or “processor,”), we recognize our responsibility to maintain appropriate security and privacy safeguards to comply with the privacy laws and regulations that may apply to us or our customers. If you have questions about any of our customers’ processing of personal information, please contact them directly.

Please also note that, because we do not engage in behavioral targeting or the selling of personal information, our Services do not process the “Do Not Track” browser signal or any universal opt-out mechanisms, such as the Global Privacy Control. You can, however, request to exercise your privacy rights as set forth section 11 below.

9. International users

Please be aware that your personal information will be stored and processed in the United States. If we transfer personal information to the United States from another jurisdiction, we will do so in a way that complies with applicable legal requirements.

10. Children’s privacy

Our Services are not directed at children and we do not knowingly process any personal information from those under the age of 18.

11. Your privacy rights

Depending on the law in your legal jurisdiction, you may have certain rights regarding your personal information under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined in section 12, below.

Your rights may include the following:

• the right to opt out of the use of personal information for targeted advertising, personal information sales, or profiling in furtherance of decisions that produce legal or similarly significant effects (note: as described in the “Automated processing and relationship signal analysis” section above, our automated processing does not produce such decisions);
• the right to confirm whether we process your personal information and to access a copy (from which we may, for security purposes, exclude certain personal information), including a copy that is in a portable data format;
• the right to the correction of inaccurate personal information;
• the right to the deletion of your personal information;
• the right not to be discriminated against for exercising any of these rights; and
• the right to appeal the action we take in response to any request to exercise these rights.

Although you may also have certain rights relating to our processing of your sensitive personal information, please note that we do not process the kinds of personal information that are generally considered to be sensitive personal information.

Only you or someone legally authorized to act on your behalf may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.

Your request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or a legally authorized representative; and
• Describe your request with sufficient detail so that we can understand, evaluate, and respond to it appropriately.

You may also appeal our decision on your request using the contact information below. When you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law.

12. Contacting Us

To exercise your rights or for other privacy-related inquiries, please contact us at: