Privacy Policy

Effective date: April 30, 2026

This Privacy Policy describes how Relate CRM (“Relate,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects information when you use the Relate application, available as a web application at https://relatecrm.ai and as a mobile application distributed through the Apple App Store (collectively, the “Service”). By creating an account or using the Service through any of these channels, you agree to the practices described below.

If you have any questions, please contact us at matt@relatecrm.ai.

1. Information We Collect

We collect only the information needed to provide the Service to you. We do not collect data we do not need.

1.1 Account Information

• Your email address (used for authentication and transactional communication)
• Your password, stored only as a one-way cryptographic hash by our authentication provider; we cannot view, decrypt, or recover your plain-text password
• Account creation timestamp
• Optional display name

1.2 Contact and Relationship Data

When you save a contact in Relate, we store the information you choose to provide, which may include:

• Names, job titles, and company names
• Email addresses, phone numbers, websites, and LinkedIn URLs
• Mailing addresses (street, city, state or region, postal code, country)
• Conversation notes, follow-up dates, and follow-up reasons
• Contact category, priority level, and an optional opportunity value
• Photos of business cards or screenshots of email signatures that you upload to the app

1.3 Interaction History

For each contact, we record interactions you log inside the app: phone calls initiated through the app, emails sent or received, conversation notes, meetings scheduled, and follow-up completion timestamps.

1.4 Notification Preferences

If you enable push notifications, we store: your push subscription token (a device identifier issued by your operating system), the times of day you have chosen for briefings, your timezone, and whether notifications are currently enabled.

1.5 Application Usage and Technical Data

We log basic technical information needed for security, debugging, and abuse prevention. This includes IP addresses, request timestamps, browser type, and device type. This information is logged by our hosting and database providers (see Section 4) and retained for a limited period.

1.6 Cookies and Local Browser Storage

We use your browser's local storage to:

• Cache your contacts so the app loads quickly when you return
• Store your authentication session token
• Remember your notification permission state

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not track you across other websites.

1.7 Subscription and Payment Information

Relate is offered as a paid subscription through the Apple App Store using Apple’s in-app purchase system. All payments are processed by Apple using the payment method tied to your Apple ID. We never receive or store your credit card number, bank account details, or any other payment credentials.

From Apple, we receive only limited metadata needed to grant you access to paid features and confirm your subscription is in good standing:

• Your subscription status (active, in trial, cancelled, expired, in grace period)
• The plan tier you are subscribed to
• Subscription start date and current renewal or expiration date
• An anonymous Apple-issued transaction identifier used to verify your purchase

Apple handles all billing operations directly: charges, refunds, payment method updates, currency conversion, taxes, and subscription cancellation. You can manage or cancel your subscription at any time in iOS Settings → your name → Subscriptions, or directly through the App Store. We do not have access to your payment method, and we cannot issue refunds — for refund requests, please use Apple’s “Report a Problem” tool or contact Apple Support.

We use the subscription metadata we receive solely to grant or revoke access to paid features. We do not use it for marketing or any other purpose.

1.8 Mobile App Permissions (iOS)

When you use the Relate iOS app, your device will request your permission before the app can access certain features. We only request the minimum permissions needed to support the features you choose to use:

• Camera — requested only when you tap “Scan Business Card.” The captured image is sent to our AI processor for text extraction (see Section 4) and saved alongside the contact you create.
• Photo Library — requested only when you tap “Email Signature Screenshot” or “Library” in the scan view, so the app can let you select an image you have already saved on your device. We access only the specific image you select; we cannot see or read other images in your library.
• Notifications — requested only when you enable Daily Briefings in Settings. We use this permission solely to deliver the briefing notifications you have configured.

You can grant or revoke each of these permissions individually in your iOS Settings at any time. Revoking a permission disables the related feature but does not delete any data you have already saved in your account.

The Relate iOS app does not request access to your contacts, your location, your microphone, your calendar, or any other sensitive iOS data sources beyond those listed above.

2. How We Use Your Information

We use the information described above to:

• Provide and operate the Service — display your contacts, sync them across your devices, calculate follow-up reminders, generate reports, and run other core features
• Authenticate you — sign-in, password reset, and session management
• Send transactional communications — account confirmation emails, password reset emails, and (if you have enabled them) optional daily briefing push notifications
• Manage subscriptions and billing — if you subscribe to a paid plan, we use your billing information solely to process payments, send receipts, and handle subscription changes
• Power AI features — extract contact data from business card photos, generate personalized follow-up email drafts, and detect meeting requests in pasted email content (see Section 4 for the third-party AI service we use)
• Improve and maintain the Service — diagnose bugs, monitor service health, and prevent abuse
• Comply with legal obligations — respond to valid legal requests and enforce our terms

What we do not do: We do not sell your personal information. We do not use your contacts or interactions to train AI models. We do not use your data for advertising. We do not share your data with data brokers.

3. Data You Provide About Other People

When you save a contact in Relate, you may include personal information about another individual (a customer, vendor, prospect, or networking acquaintance). You are responsible for ensuring that your collection and storage of this information complies with applicable laws in your jurisdiction.

In the European Union, the United Kingdom, and certain other regions, you may be considered the “data controller” for this information, and Relate acts as the “data processor.” If a third party requests deletion of their information from your account, you can edit or delete the contact at any time from within the app.

4. How We Share Your Information

We share your information only with the third-party service providers required to operate the Service. These providers are bound by their own privacy policies and our agreements with them. They include:

When you tap “Schedule Meeting” on a contact, your contact's email address is passed to Microsoft Teams via a deep link that you initiate. We do not have a direct sharing relationship with Microsoft for this; the data transfer happens via your own device when you initiate the action.

We do not share your information with any other parties for marketing or commercial purposes. We may disclose information if required by law, valid legal process, or to protect the rights, safety, or property of users or the public.

5. Data Storage and Security

Your data is stored on Supabase's secure cloud infrastructure in the United States. The following technical safeguards are in place:

• TLS encryption of all data in transit between your device, our servers, and our third-party processors
• Encryption at rest using industry-standard AES-256
• Strict row-level security policies enforced at the database layer, ensuring that each user can only read, write, or delete their own contacts and interactions
• Sensitive credentials (such as our OpenAI API key) are stored as server-side secrets and never exposed to the client

Other users of the Service cannot see your data. While we take reasonable measures to protect your data, no method of internet transmission or electronic storage is 100% secure. You are responsible for keeping your account password secure and notifying us promptly if you believe your account has been compromised.

6. Your Rights and Choices

You have the following rights regarding your information:

Access

You can view all contact data you have stored inside the Relate app at any time.

Correction

You can edit any contact, note, or interaction you have created from within the app.

Deletion

You can delete individual contacts or interactions from within the app. To delete your entire account and all associated data, email matt@relatecrm.ai. We will process account deletion requests within 30 days.

Export

You can export all your contacts and interactions to an Excel file at any time from the Settings → Data export section of the app.

Objection or Restriction

If you are in the European Union, the United Kingdom, or another region with similar data protection laws, you may have the right to object to or restrict our processing of your information. Contact matt@relatecrm.ai to exercise these rights.

Opt-Out of Notifications

You can disable push notifications at any time from the Settings → Notifications section of the app, or from your device's notification settings.

If we cannot resolve a privacy concern you have raised with us, you may have the right to lodge a complaint with your local data protection authority.

7. Data Retention

• Active accounts: We retain your data as long as your account is active.
• Inactive accounts: If your account is inactive for 24 months, we may notify you and delete your data after a reasonable warning period.
• Deleted accounts: When you request account deletion, we permanently remove your data from our active systems within 30 days. Backup copies may persist for up to an additional 90 days, after which they are also permanently deleted.
• Server logs: Technical and access logs are retained for up to 90 days for security and debugging purposes.

8. International Data Transfers

Relate is operated from the United States, and your data is stored on servers located in the United States. If you are accessing the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

For users in the European Economic Area, the United Kingdom, or Switzerland, this transfer is conducted under appropriate safeguards, including standard contractual clauses where required.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you (described in Section 1)
• Request deletion of your personal information
• Opt out of the sale of your personal information — we do not sell personal information
• Receive equal service regardless of whether you exercise your rights

To exercise these rights, email matt@relatecrm.ai with the subject line “CCPA request.” We will respond within the timelines required by law.

10. Children's Privacy

Relate is intended for use by adults in business and professional contexts. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that is the applicable age threshold). If we learn that we have collected information from a child without verified parental consent, we will delete it promptly. Parents or guardians who believe a child has provided information should contact matt@relatecrm.ai.

11. Third-Party Links and Integrations

The Service integrates with third-party applications including Microsoft Teams (for scheduling meetings), your default email application (for sending follow-up drafts), and your phone's calling functionality (for placing calls). When you use these integrations, you are subject to those third parties' privacy policies and terms. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Effective Date” at the top of this policy will be updated whenever we make changes.

For material changes that affect your rights or how we use your data, we will notify you by:

• Sending an email to your registered email address, AND
• Displaying a notice within the app the next time you sign in

Your continued use of the Service after such changes take effect constitutes acceptance of the updated policy.