Privacy Policy

1. How we use and share personal information

We limit the collection and processing of personal information to what we or our customers need for our business purposes, as explained in the table below and the following text.

In addition to the uses of personal information set forth in the table above, we may use personal information we obtain for the purposes of analyzing how our Services are used as well as for the improvement, security, maintenance and administration of the Services.

We use Stripe to facilitate remittance of payments from Companies for setting up requested connections. We also use Gusto and Tremendous to allow Connectors to claim any earnings associated with facilitating connections. These third parties process your personal information using their own services and have their own independent relationship with you. Accordingly, we recommend you review their privacy policies to understand how they process your personal information.

2. Automated processing and relationship signal analysis

As part of providing our Services, we use automated means to analyze the personal information we collect—including email and calendar metadata, social network and connection information, LinkedIn data, and user profile information—to generate insights about the strength, nature, and potential value of professional relationships (“Relationship Signals”). This automated processing is core to how we identify, score, and recommend potential Matches between Connectors and Companies.

Our automated processing systems may employ a range of computational and analytical techniques, which may include but are not limited to: rule-based logic, statistical methods and statistical modeling, heuristic algorithms, machine learning models (including supervised, unsupervised, and reinforcement learning approaches), predictive analytics, pattern recognition, data mining, and other algorithmic decision-support methods. These systems may incorporate ongoing recalibration, dynamic recalculation of outputs, model retraining, and adaptive learning processes to refine accuracy and relevance over time. The systems may analyze factors such as: communication frequency, recency, and reciprocity patterns derived from email metadata; co-attendance and scheduling proximity signals derived from calendar metadata; professional network overlap and connection depth derived from LinkedIn and social network data; and contextual indicators derived from user-provided profile information. The outputs of this processing are used internally to rank, order, score, prioritize, or otherwise characterize the relative strength, quality, or potential value of a Connector’s relationship with a potential lead and to surface, recommend, or facilitate Matches.

This automated processing is performed internally by Atrios and is not shared with or performed by third-party advertising networks, data brokers, or other external parties. The specific methodologies, algorithms, model types and architectures, feature sets, weighting criteria, computational approaches, and technical implementations used in our automated processing may evolve, change, or be replaced over time as we refine, improve, and advance our Services and technological capabilities. We use these methods solely for the internal purpose of facilitating professional introductions within our Services—we do not use automated processing for purposes of behavioral advertising, cross-context behavioral tracking, targeted advertising to third parties, sale of personal information, or marketing activities outside of the Atrios platform.

With respect to data obtained from Google APIs (including Gmail and Google Calendar), we access Google user data only to provide or improve user-facing features of our Services that are prominent in the requesting application’s user interface and only as permitted by applicable Google API scopes. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features of our Services, to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with user notice). We do not use or transfer Google user data for purposes of serving advertisements, including retargeting, personalized or interest-based advertising. Our use of Google user data is limited to the practices disclosed in this Privacy Policy.

Zoom integration.When you connect a Zoom account to Atrios, we read your basic profile information (such as email address and display name) and create meetings on your behalf via Nylas, our calendar integration provider. Meeting join URLs are stored in our database to display in our user interface and, where enabled, to allow our AI notetaker to join the meeting on your behalf. Atrios does not store your Zoom OAuth tokens directly — the OAuth grant is held by Nylas. You may disconnect Zoom at any time from Atrios Settings or by revoking access in your Zoom account.

Our automated processing does not make decisions that produce legal effects concerning individuals or similarly significantly affect individuals as those terms are understood under applicable privacy laws, including GDPR Article 22 and California Consumer Privacy Act (as amended by the California Privacy Rights Act) provisions regarding automated decision-making and profiling. The outputs of our automated systems serve as decision-support tools that inform and assist human decision-makers (both Connectors and Companies) in evaluating potential professional connections, but final decisions regarding whether to pursue, accept, or facilitate any introduction or business relationship remain under human control and judgment. While our processing may constitute “profiling” as defined under certain privacy regulations (such as processing to evaluate, analyze, or predict aspects related to professional relationships), it does not result in automated decisions with legal or similarly significant effects. If you have questions about the automated processing applied to your information, wish to exercise any rights you may have in connection with such processing (including rights to opt out of profiling under applicable law), or seek human review of any automated outputs, please contact us through any of the means outlined in section 8, below.

3. Disclosure and sharing

In addition to the sharing with the third parties described in the table above, we and our customers may also share your personal information with:

• Service providers. We share your personal information with third parties that provide services to us, such as billing, data storage, quality assurance, web hosting, text messaging, security, fraud prevention, website analytics, and marketing. We engage these kinds of third parties with contracts that require them to use your personal information only to deliver the services for which we have engaged the third party and as required by law.
• Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law.
• Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.

We may also disclose personal information to third parties with your consent or at your direction.

4. Security, quality, and retention

We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession from misuse, interference, loss, unauthorized access, unauthorized modification, or unauthorized disclosure. While we make every reasonable effort to help ensure the integrity and security of our network and systems, you should understand that no data storage system or data transmission over the internet or any other public network can be guaranteed to be completely secure, accurate, complete, or current.

We also take reasonable steps to ensure that the personal information we collect is sufficiently accurate, up-to-date, and complete for the purposes for which we process it.

We retain personal information for as long as necessary for the purposes we use it, or for the time required by law. What is necessary depends on the context and purpose of processing. We generally consider the following factors when we determine how long to retain personal information:

• retention periods established under applicable law;
• industry best practices;
• whether the purpose of processing is reasonably likely to justify further processing;
• risks to individual privacy in continued processing;
• applicable data protection impact assessment;
• information systems design considerations/limitations; and
• the costs associated with continued processing, retention, and deletion.

With regard to the personal information we process on behalf of our customers (i.e., in our role as a “service provider” or “processor,”), we recognize our responsibility to maintain appropriate security and privacy safeguards to comply with the privacy laws and regulations that may apply to us or our customers. If you have questions about any of our customers’ processing of personal information, please contact them directly.

Please also note that, because we do not engage in behavioral targeting or the selling of personal information, our Services do not process the “Do Not Track” browser signal or any universal opt-out mechanisms, such as the Global Privacy Control. You can, however, request to exercise your privacy rights as set forth section 7 below.

5. International users

Please be aware that your personal information will be stored and processed in the United States. If we transfer personal information to the United States from another jurisdiction, we will do so in a way that complies with applicable legal requirements.

6. Children’s privacy

Our Services are not directed at children and we do not knowingly process any personal information from those under the age of 18.

7. Your privacy rights

Depending on the law in your legal jurisdiction, you may have certain rights regarding your personal information under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined in section 8, below.

Your rights may include the following:

• the right to opt out of the use of personal information for targeted advertising, personal information sales, or profiling in furtherance of decisions that produce legal or similarly significant effects (note: as described in the “Automated processing and relationship signal analysis” section above, our automated processing does not produce such decisions);
• the right to confirm whether we process your personal information and to access a copy (from which we may, for security purposes, exclude certain personal information), including a copy that is in a portable data format;
• the right to the correction of inaccurate personal information;
• the right to the deletion of your personal information;
• the right not to be discriminated against for exercising any of these rights; and
• the right to appeal the action we take in response to any request to exercise these rights.

Although you may also have certain rights relating to our processing of your sensitive personal information, please note that we do not process the kinds of personal information that are generally considered to be sensitive personal information.

Only you or someone legally authorized to act on your behalf may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.

Your request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or a legally authorized representative; and
• Describe your request with sufficient detail so that we can understand, evaluate, and respond to it appropriately.

You may also appeal our decision on your request using the contact information below. When you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law.

8. Contacting Us

To exercise your rights or for other privacy-related inquiries, please contact us at: