Tredly - The Future of Email

Data Controller and Scope

Tredly is a product developed and operated by Clovr Labs, S.L. (hereinafter, "Tredly" or the "Controller"), a Spanish company with registered office at Camino Can Minguet 72, 08173 Sant Cugat del Vallès (Barcelona). The processing of personal data covered by this Policy refers exclusively to data related to the use of Tredly's services, including its website, web application, and any extension or integration associated with the provision of the smart email service.

This Privacy Policy applies from the first interaction with Tredly (including waitlist or beta use) and shall remain in force throughout the entire contractual relationship or service provision, as well as for any subsequent processing as legally provided.

Categories of Personal Data and Sources

Tredly processes personal data arising from three main areas:

When the user links their email provider to Tredly, the service obtains access to the information necessary to fulfill its purpose, which may include:

Important: Tredly does not require or store the user's email password; access is carried out through delegated authorization protocols managed by the email provider. Tredly may also log technical and usage activity information to ensure operability, security, and service improvement, such as IP addresses, session identifiers, and event logs.

Clovr Labs does not request or need to process special categories of data within the meaning of Article 9 of the GDPR. If, exceptionally, the user voluntarily includes information of that nature in their communications, the processing will be strictly limited to providing the service and will not be used for purposes not contemplated herein.

Purposes of Processing and Legal Bases

Personal data are processed to enable Tredly to provide and maintain its service with appropriate security and effectiveness. In particular:

Service Provision & Contract Performance

To establish, manage, and maintain the contractual relationship with the user, enabling connection to their email service and allowing the viewing, organization, and assistance regarding their communications. Legal basis: Article 6(1)(b) GDPR

AI-Based Functionalities

To provide Artificial Intelligence-based functionalities that generate summaries, reply suggestions, or automated thread grouping, which involves semantic analysis of content provided by the user. This processing is supported by performance of the contract where it forms part of the requested services and, to the extent it entails additional processing not strictly necessary for performance, by the user's explicit consent. Legal basis: Article 6(1)(a) & (b) GDPR

Legal Compliance

To comply with legal obligations, including requests from competent authorities or applicable rules on data protection, information security, or document retention. Legal basis: Article 6(1)(c) GDPR

Security & Service Improvement

To ensure the security, integrity, and improvement of the service, including detecting unauthorized access, preventing fraud, or conducting quality analysis, based on the Controller's legitimate interest where it does not override the user's fundamental rights and freedoms. Legal basis: Article 6(1)(f) GDPR

Transfers, Processors, and Third Parties

Personal data may be disclosed to third parties only to the extent necessary to provide the service or to comply with legal obligations. Such third parties, which may include technology infrastructure providers, AI onboarding services, or communications platforms, will act under the Controller's documented instructions and ensuring compliance with data protection regulations through appropriate contractual clauses.

Where any such providers are located outside the European Economic Area, appropriate safeguards will be implemented, such as:

Note: Email providers (Google, Microsoft, or others) are independent controllers of their own processing activities and have data protection policies governing the relationship between the user and those providers.

Retention Periods

Personal data will be kept for the time strictly necessary to fulfill the purposes for which they were collected and to meet legal obligations or to defend against claims, in accordance with the time limits established by applicable regulations.

Once the relationship ends, the data may be:

Data Subject Rights

The user may exercise the rights recognized under the GDPR and applicable Spanish law, including:

How to Submit a Request

Requests must be sent to [email protected] or in writing to:

Clovr Labs
S.L., Camino Can Minguet 72, 08173 Sant Cugat del Vallès (Barcelona), Spain

Please include documentation evidencing your identity with your request.

Regulatory Complaints

If you consider that your rights have not been duly addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) or the competent supervisory authority in your jurisdiction.

Security

Appropriate technical and organizational measures are adopted to protect personal data against:

These measures are implemented in line with the nature of the data and the risks associated with the processing, in accordance with GDPR requirements.

Changes to This Policy

Tredly may amend this Privacy Policy to adapt it to legislative, case-law, or business model changes. Significant updates will be communicated with due diligence via notification within the platform or by other appropriate means.

Your continued use of Tredly's services following such amendments constitutes your acceptance of the updated Privacy Policy.

Questions About This Policy?

If you have any questions or concerns about how we handle your personal data, please don't hesitate to contact us.

Contact Privacy Team