Privacy Policy

Tredly is a product developed and operated by Clovr Labs, S.L. (hereinafter, "Tredly" or the "Controller"), a Spanish company with registered office at Camino Can Minguet 72, 08173 Sant Cugat del Vallès (Barcelona). The processing of personal data covered by this Policy refers exclusively to data related to the use of Tredly's services, including its website, web application, and any extension or integration associated with the provision of the smart email service.

This Privacy Policy applies from the first interaction with Tredly (including waitlist or beta use) and shall remain in force throughout the entire contractual relationship or service provision, as well as for any subsequent processing as legally provided.

Tredly processes personal data arising from three main areas: (i) data provided directly by the user when interacting with the platform, (ii) data to which Tredly gains automatic access when integrating the user's email account through standard authorization mechanisms (e.g., OAuth), and (iii) data generated through use of the platform, including outputs from automated AI-assisted processes.

When the user links their email provider to Tredly, the service obtains access to the information necessary to fulfill its purpose, which may include the content of emails, message metadata (senders, recipients, subject, date and time), read/unread status, conversation threads, and any data contained in the inbox or synchronized mailboxes. Tredly does not require or store the user's email password; access is carried out through delegated authorization protocols managed by the email provider. Tredly may also log technical and usage activity information to ensure operability, security, and service improvement, such as IP addresses, session identifiers, and event logs.

Clovr Labs does not request or need to process special categories of data within the meaning of Article 9 of the GDPR. If, exceptionally, the user voluntarily includes information of that nature in their communications, the processing will be strictly limited to providing the service and will not be used for purposes not contemplated herein.

Personal data are processed to enable Tredly to provide and maintain its service with appropriate security and effectiveness. In particular:

• To establish, manage, and maintain the contractual relationship with the user, enabling connection to their email service and allowing the viewing, organization, and assistance regarding their communications. This processing is based on the performance of a contract or the implementation of pre-contractual measures requested by the data subject (Article 6(1)(b) GDPR).
• To provide Artificial Intelligence-based functionalities that generate summaries, reply suggestions, or automated thread grouping, which involves semantic analysis of content provided by the user. This processing is supported by performance of the contract where it forms part of the requested services and, to the extent it entails additional processing not strictly necessary for performance, by the user's explicit consent (Article 6(1)(a) GDPR), which will be requested in an unambiguous and verifiable manner.
• To comply with legal obligations, including requests from competent authorities or applicable rules on data protection, information security, or document retention (Article 6(1)(c) GDPR).
• To ensure the security, integrity, and improvement of the service, including detecting unauthorized access, preventing fraud, or conducting quality analysis, based on the Controller's legitimate interest where it does not override the user's fundamental rights and freedoms (Article 6(1)(f) GDPR).

Personal data may be disclosed to third parties only to the extent necessary to provide the service or to comply with legal obligations. Such third parties, which may include technology infrastructure providers, AI onboarding services, or communications platforms, will act under the Controller's documented instructions and ensuring compliance with data protection regulations through appropriate contractual clauses. Where any such providers are located outside the European Economic Area, appropriate safeguards will be implemented, such as European Commission adequacy decisions or approved Standard Contractual Clauses.

Email providers (Google, Microsoft, or others) are independent controllers of their own processing activities and have data protection policies governing the relationship between the user and those providers.

Personal data will be kept for the time strictly necessary to fulfill the purposes for which they were collected and to meet legal obligations or to defend against claims, in accordance with the time limits established by applicable regulations. Once the relationship ends, the data may be retained in a blocked/restricted form for the applicable statutory limitation periods or securely and permanently deleted.

The user may exercise the rights recognized under the GDPR and applicable Spanish law, including the rights of access, rectification, erasure, restriction, and objection to processing, as well as the right to data portability and the right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Requests must be sent to [email protected] or in writing to the Controller's registered address, together with documentation evidencing the requester's identity.

If the data subject considers that their rights have not been duly addressed, they may lodge a complaint with the Spanish Data Protection Agency (AEPD) or the competent supervisory authority.

Appropriate technical and organizational measures are adopted to protect personal data against unauthorized access, loss, alteration, or improper disclosure, in line with the nature of the data and the risks associated with the processing.

Tredly may amend this Privacy Policy to adapt it to legislative, case-law, or business model changes. Significant updates will be communicated with due diligence via notification within the platform or by other appropriate means.