Privacy, Terms & Data Processing

Privacy Policy

1Who we are

RELOS is operated by Valler Ltd. (“Valler”, “we”, “us”), registration number LV40003269977, registered at K. Ulmaņa gatve 119, Mārupe, LV-2167, Latvia. For privacy questions, contact us at privacy@relos.eu. We are not required to appoint a Data Protection Officer and have not done so.

2The two roles RELOS plays

RELOS handles two kinds of information under two different legal roles:

• Your account information — your name, email, sign-in details and (later) billing data. For this, Valler is the data controller and this Privacy Policy applies.
• The content you capture about the people you meet — their names, employers, contact details, and your notes, photos and recordings of conversations. For this, you (or your organisation) are the controller and Valler acts as a processor on your behalf, under the Data Processing Agreement.

3Data we process

• Account data: name, email address, password (stored hashed), and account preferences.
• Captured content: photos, voice notes and text you create, plus the structured results RELOS generates from them (contacts, summaries, next steps, follow-up drafts). See section 4 and section 7 for how raw captures are handled.
• Usage & technical data: device and app version, log data, and basic diagnostics needed to run and secure the service.
• Communications: messages you send us (e.g. beta feedback, support).

4Data you capture about others

RELOS is a tool for capturing business conversations. When you photograph a business card, record a voice note, or type a note, you may be processing other people’s personal data. You are responsible for having a lawful basis to do so — typically your legitimate interest in business networking and follow-up — and for honouring those people’s rights. RELOS is designed to minimise exposure: raw captures stay on your device (section 7), and we store only the structured results, encrypted, in the EU. Do not use RELOS to capture special categories of personal data (e.g. health, religion, political views) unless you have a valid legal basis to do so.

5Why we process it, and our legal basis

6AI processing & sub-processors

To turn your captures into structured results, RELOS uses automated processing (optical character recognition, speech-to-text, and language-model structuring). For some of these we use trusted sub-processors. We require each to provide appropriate safeguards and to process data only on our instructions. Our current sub-processors:

The complete, current list is maintained in Annex 2 of the DPA. We will give notice before adding or replacing a sub-processor.

7Where your data lives

Raw captures (photos and voice notes) remain on your device. When you run processing, your captures are sent to our processing providers — including an AI provider — to generate your results, and are not retained on our servers afterwards. [final retention behaviour to be confirmed with our engineering team] The structured results are stored and encrypted in the European Union — in Germany, with Hetzner Online GmbH. Where our AI processing provider operates outside the EEA, we rely on a European Commission adequacy decision or Standard Contractual Clauses with appropriate safeguards.

8How long we keep it

We keep your structured results for as long as your account is active. You can delete any entry at any time. When you close your account, we delete or anonymise your data within 90 days, except where we must keep certain records by law (e.g. accounting records). Raw captures are governed by your own device and settings.

9Sharing & disclosure

We never sell your data, and we do not share it with third parties for their own purposes. We share data only with the sub-processors listed above (acting on our instructions), and where required by law or to protect our legal rights.

10Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time. To exercise these, email privacy@relos.eu. You also have the right to lodge a complaint with a supervisory authority — in Latvia, the Data State Inspectorate (Datu valsts inspekcija). For data you captured about others, requests from those individuals are usually directed to you as the controller; we will assist you as described in the DPA.

11Security

We protect your data with encryption in transit and at rest, on-device storage of raw captures, access controls, and hosting in ISO 27001-certified data centres in Germany. Our handling follows recognised German data-protection standards. No system is perfectly secure, but we work to protect your information and will notify you and any relevant authority of a qualifying personal-data breach without undue delay.

12Cookies

During the beta, RELOS uses only the essential cookies needed to sign you in and keep your session. If we introduce analytics or non-essential cookies, we will ask for your consent first.

13Changes & contact

We may update this policy as RELOS develops; we will post the new version here and update the date above, and notify you of material changes. Questions: privacy@relos.eu.

Beta Terms of Service

1These terms

These terms govern your use of the RELOS application and website during its beta phase, between you (or the organisation you represent) and Valler Ltd. By creating an account or using RELOS, you agree to them. If you’re accepting on behalf of an organisation, you confirm you have authority to bind it.

2Beta service — “as is”

RELOS is provided during a free beta on an “as is” and “as available” basis. Features may change, be added or removed, and the service may contain errors or be interrupted. Do not rely on RELOS as your only record of important information — keep your own copies of anything you can’t afford to lose. We do not provide a service-level guarantee during the beta.

3Eligibility

RELOS is intended for business use by people aged 18 or over. You must provide accurate account information and keep your credentials secure. You’re responsible for activity under your account.

4Your responsibilities when capturing data

You are responsible for the photos, recordings and notes you capture. You confirm that you have a lawful basis to capture and process the personal data of the people you record, and that you will respect their rights. With respect to that data, you act as the controller and Valler as your processor under the DPA. You agree not to use RELOS to capture data unlawfully or to process special categories of personal data without a valid basis.

5Acceptable use

• Don’t use RELOS for any unlawful, harmful, infringing or abusive purpose.
• Don’t attempt to disrupt, reverse-engineer, scrape, or gain unauthorised access to the service.
• Don’t resell or sublicense the service without our written permission.
• Don’t upload malware or content you don’t have the right to use.

6Intellectual property & your content

Valler and its licensors own RELOS, including the software, design and brand. We grant you a limited, non-exclusive, non-transferable licence to use RELOS during the beta. You keep all rights to your own content (your captures and results); you grant us only the limited rights needed to provide the service to you (e.g. to process and store it as described in the Privacy Policy and DPA).

7Fees

RELOS is free during the beta. If we introduce paid plans, we will give you advance notice and you’ll be able to choose whether to continue on a paid plan.

8Beta confidentiality & feedback

The beta may include non-public features. Please keep non-public information about RELOS confidential. If you send us feedback or suggestions, you grant us a free, perpetual right to use them to improve RELOS, with no obligation to you.

9Disclaimers

To the maximum extent permitted by law, RELOS is provided without warranties of any kind, whether express or implied, including fitness for a particular purpose and non-infringement. We don’t warrant that the service will be uninterrupted, error-free or that results will be accurate.

10Limitation of liability

To the maximum extent permitted by law, Valler will not be liable for indirect, incidental or consequential losses, lost profits, or lost data arising from your use of the beta. As RELOS is provided free of charge during the beta, our aggregate liability is limited to the maximum extent permitted by law. Nothing in these terms limits liability that cannot be limited by law.

11Suspension & termination

You may stop using RELOS and close your account at any time. We may suspend or end the beta, or your access, with reasonable notice, or immediately if you breach these terms. On termination, your data is handled as described in the Privacy Policy and DPA.

12Governing law & disputes

These terms are governed by the laws of Latvia, and disputes are subject to the courts of Latvia, without prejudice to any mandatory protections that may apply to you.

13Changes & contact

We may update these terms during the beta; we’ll post changes here and, for material changes, notify you. Questions: hello@relos.eu.

Data Processing Agreement (DPA)

This DPA forms part of the agreement between the customer (“Controller”) and Valler Ltd. (“Processor”) for the use of RELOS, and reflects the parties’ obligations under Article 28 of the GDPR. Where the customer captures personal data of third parties through RELOS, the customer is the Controller and Valler is the Processor.

1Scope & roles

Valler processes personal data only on the documented instructions of the Controller, as set out in this DPA, the Privacy Policy, and the customer’s use of the service. Valler will inform the Controller if, in its opinion, an instruction infringes data-protection law.

2Processor obligations

• Process personal data only on the Controller’s documented instructions, including on transfers, unless required by law (in which case we’ll inform you, where legally permitted).
• Ensure persons authorised to process the data are bound by confidentiality.
• Implement appropriate technical and organisational measures (Article 32) — see Annex 3.
• Respect the conditions for engaging sub-processors (section 3).
• Assist the Controller, by appropriate measures, in responding to data-subject requests (Articles 12–23).
• Assist the Controller with security, breach notification, data-protection impact assessments and prior consultation (Articles 32–36).
• At the Controller’s choice, delete or return all personal data at the end of the service, and delete existing copies unless storage is required by law.
• Make available information necessary to demonstrate compliance and allow for and contribute to audits (section 6).

3Sub-processors

The Controller gives general authorisation for Valler to engage the sub-processors listed in Annex 2. Valler will impose data-protection obligations on each sub-processor equivalent to those in this DPA, and remains responsible for their performance. We will give the Controller at least 30 days’ notice of any intended addition or replacement, during which the Controller may object on reasonable grounds.

4International transfers

Valler will not transfer personal data outside the EU/EEA except in compliance with Chapter V of the GDPR — relying on an adequacy decision or Standard Contractual Clauses with appropriate supplementary measures. Hosting and storage take place in Germany; a transfer arises only if our AI processing provider operates outside the EEA. [confirm provider location]

5Personal-data breaches

Valler will notify the Controller without undue delay after becoming aware of a personal-data breach affecting the Controller’s data, and provide information reasonably needed for the Controller to meet its own notification obligations.

6Audits

Valler will make available information necessary to demonstrate compliance with Article 28 and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor it mandates, subject to reasonable notice, confidentiality, and no more than once per year unless a supervisory authority requires otherwise.

7Liability & governing law

Liability under this DPA is subject to the limitations in the Terms of Service, to the extent permitted by law. This DPA is governed by the laws of Latvia.

A1Annex 1 — Details of processing

A2Annex 2 — Approved sub-processors

A3Annex 3 — Technical & organisational measures

• Encryption of personal data in transit and at rest.
• Raw captures (photos, voice notes) retained on the user’s device; sent to processing providers only transiently and not stored on Valler servers afterwards. [final behaviour to be confirmed with engineering]
• Access controls and the principle of least privilege for staff.
• Hosting in ISO 27001-certified data centres in Germany (Hetzner Online GmbH).
• Backups, logging and monitoring of the production environment.
• Regular review of the effectiveness of these measures.