How Telosii handles personal data.

This Privacy Policy explains how Telosii collects, uses, shares and protects personal data when you visit our website, create an account, use the beta product, connect integrations, contact us, or otherwise interact with the Service.

This policy is written to reflect UK data protection law and current best practice for an online consumer service. It should be read alongside our Terms of Service and any just-in-time notices we show when you sign up, connect an integration, enable an optional feature, or submit a data request.

Telosii is operated by Commercial Outcomes Ltd. t/a Telosii, a company registered in England and Wales under company number 07121197, with its registered office at 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE. For data protection purposes, this company is the controller of your personal data unless this policy says otherwise.

You can contact us at privacy@telosii.com. General support questions can be sent to hello@telosii.com.

If we appoint a data protection officer or equivalent privacy lead whose details must be published, we will update this policy accordingly.

We collect personal data from four main sources: information you give us directly; information collected automatically when you use the website or app; information from the third-party services you choose to connect; and information from service providers involved in payments, authentication, analytics or support.

• account and login details, such as your name, email address, password login credentials, or single sign-on identifiers from Google or Microsoft;
• profile and preference information, such as your routine settings, schedule preferences, task settings, notification preferences, timezone, and other configuration choices;
• content you create in the product, such as tasks, schedules, routines, notes, reflections, prompts, coaching messages, feedback and support requests;
• voice, email-to-inbox and location inputs you choose to submit, such as audio recordings, transcripts, forwarded email content, address searches, place names or coordinates;
• billing and subscription information you provide during checkout or account management, although payment card details are generally handled directly by our payment processor rather than stored by us; and
• communications with us, including support emails, bug reports, beta feedback and rights requests.

• technical and usage information, such as IP address, browser type, device information, session logs, feature usage, timestamps, crash logs, security events and diagnostic data;
• cookies, local storage and similar technologies used to keep you signed in, remember settings, support security, maintain local-device storage where applicable, and measure product usage; and
• metadata about how you interact with the Service, such as pages visited, actions taken, basic performance metrics, error states, clicks, scrolling and other product interaction events.

• calendar data from Google Calendar or Microsoft Outlook if you choose to connect those services;
• connected account identifiers, refresh or access tokens, sync status, timestamps and related integration metadata;
• location suggestions, place information, map previews, geocoding results and similar data from Google Maps, Places or Geocoding services when you use location features;
• limited billing data from our payment processor, such as customer ID, subscription status, transaction status and plan information; and
• authentication details from identity providers when you sign in using Google, Microsoft or another supported sign-in method.

Telosii is not designed for the routine collection of special category personal data, such as detailed health, medical, biometric, political or religious information. Please do not enter sensitive personal data into free-text fields unless it is genuinely necessary for a feature you intentionally choose to use.

If you choose to provide sensitive personal data through notes, reflections, voice input, forwarded emails, support messages or optional features, we will process it only as needed to provide the feature or support you requested, with your consent where required, or otherwise as permitted by law.

We use personal data only where we have a lawful basis to do so. Depending on the context, we use your personal data to:

• create and manage your account, authenticate you, and provide the core planning and productivity features of Telosii;
• store, sync and display your schedules, tasks, preferences, notes and other product content;
• personalise your experience, including schedule suggestions, routine logic, reminders, availability handling, behavioural insights and similar product features;
• run optional integrations you enable, including reading calendar information and writing changes back to your connected calendar where you enable calendar sync and grant the relevant permission;
• process voice capture, email-to-inbox, maps/location, AI-assisted and automation features that you choose to use;
• process subscription purchases, renewals, billing administration, refunds, payment disputes and account entitlement management;
• communicate with you about service operation, security, support, beta changes, product issues, account matters and legal notices;
• measure and improve reliability, diagnose bugs, monitor abuse, secure the Service, and understand aggregate product usage;
• operate AI-assisted or automation features that process the content you submit in order to summarise, categorise, suggest actions, transcribe audio or provide coaching-style responses;
• comply with legal, regulatory, tax, accounting and law-enforcement obligations; and
• establish, exercise or defend legal claims.

Under the UK GDPR, the main lawful bases we rely on are:

• Performance of a contract - where processing is necessary to create your account, provide the Service, operate paid plans, manage connected features you ask us to provide, and respond to routine support requests about the Service;
• Legitimate interests - where processing is reasonably necessary to secure the Service, prevent abuse and fraud, troubleshoot issues, improve performance, analyse product usage, manage the beta, send service-related communications, and protect our business and users;
• Consent - where you choose to enable an optional integration or feature, where non-essential cookies or analytics technologies require consent, where you choose to receive optional marketing communications, or where we specifically ask for consent for a particular use of data;
• Legal obligation - where we must keep records, respond to lawful requests, comply with accounting or tax rules, or meet other legal requirements; and
• Explicit consent or another permitted condition - where required for any special category personal data you choose to provide.

Where we rely on legitimate interests, those interests generally include running a secure and reliable service, understanding how the product performs, improving features, preventing misuse, maintaining support quality and protecting our legal position. You have the right to object to processing based on legitimate interests in certain circumstances.

If you connect Google Calendar or Microsoft Outlook, we will process the limited data reasonably necessary to make that integration work.

Google Calendar. Telosii currently requests Google Calendar event access (calendar.events) so the product can read event times and titles, account for your existing commitments, create connected calendar events where you choose to sync them, and update or delete connected Google Calendar events when you make those changes in Telosii.

Microsoft Outlook Calendar. Telosii currently requests Calendars.ReadWrite access so the product can read existing events and write back changes for connected Outlook events where you use calendar sync.

We use connected calendar data only to provide scheduling, availability, sync and related product features. We do not sell this data, use it for advertising, or use Google or Microsoft calendar data to train general-purpose AI models.

Where Google API data is involved, Telosii's use and transfer of data received from Google APIs is intended to comply with the Google API Services User Data Policy, including the Limited Use requirements. If you disconnect a Google or Microsoft calendar, we delete or invalidate the stored connection credentials in Telosii and stop further retrieval from that provider. You can also revoke access directly in your Google or Microsoft account settings.

If you use AI-assisted or automation features, the content you submit to those features may be processed to generate the output you asked for, maintain the feature, improve reliability, investigate issues and protect the Service from misuse.

Coach AI Data: The context and chat messages you submit to the AI Coach are transmitted to our AI processors (OpenAI) to generate personalized operational coaching. Raw coach chat transcripts are encrypted at rest in Telosii and scheduled for deletion after 30 days. Derived coach memories and embeddings may be stored while your account remains active to personalize future coaching, and are included in account export and account deletion controls. The AI Coach is a productivity tool; it does not provide emergency, medical, legal, or therapeutic care.

During beta, we may use product analytics and masked session recording tools to understand where people get stuck, diagnose bugs, monitor reliability and improve onboarding. These tools may capture interaction patterns such as page visits, clicks, scrolling and UI state. We seek to avoid collecting sensitive free-text content through session recording and diagnostic tooling.

We do not knowingly use solely automated decision-making or profiling that produces legal effects or similarly significant effects on you within the meaning of data protection law. Telosii may generate recommendations, prompts, nudges or insights, but you remain responsible for your decisions and actions.

We use cookies, local storage and similar technologies for several purposes:

• strictly necessary functions, such as sign-in, session management, security, fraud prevention and basic operation of the website or app;
• preference storage, such as remembering settings or keeping locally stored product data on your device where that is part of the feature design; and
• analytics and performance measurement, where we use them to understand product usage and improve the Service.

Where non-essential cookies or similar technologies require consent under applicable law, we will ask for that consent and provide you with a way to manage your choices. You can also control some storage or cookie settings through your browser or device, although doing so may affect how the Service works.

We do not sell your personal data. We share personal data only where necessary to operate the Service, comply with the law, or protect our rights and users.

We may share personal data with:

• service providers that help us operate the product, such as providers of hosting, database infrastructure, authentication, analytics, email delivery, AI processing, customer support tools, error monitoring and payments;
• calendar, map, geocoding and identity providers you choose to connect or use, such as Google or Microsoft;
• professional advisers, insurers, auditors or potential buyers of the business where reasonably necessary and subject to confidentiality protections;
• regulators, law enforcement, courts or public authorities where we are legally required to do so or where disclosure is reasonably necessary to protect rights, safety or the integrity of the Service; and
• other parties where you ask us to do so or clearly direct a particular disclosure.

Some of our service providers or integration providers may process personal data outside the UK. This may include the EEA, the United States and other jurisdictions, depending on the providers involved and the services you choose to use.

Where personal data is transferred outside the UK, we will use an appropriate transfer mechanism recognised by UK data protection law. Depending on the destination and provider, this may include adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to standard contractual clauses, or another lawful safeguard. You can contact us if you want more information about the safeguards we rely on.

We keep personal data for only as long as necessary for the purposes set out in this policy, unless a longer period is required by law. Our retention approach is based on the type of data, the feature involved, legal requirements, security needs and whether the account remains active.

• account, profile, schedule, task, and routine data are generally kept while your account is active and for a limited period afterwards to handle closure, recovery, support, dispute resolution and deletion workflows;
• raw coach chat transcripts are encrypted at rest in Telosii and scheduled for automatic deletion after 30 days regardless of your active account status;
• derived coach memories, embeddings and coaching analytics are generally kept while your account is active to provide personalization and reliability, and are included in account export and deletion workflows;
• calendar integration data and tokens are kept while the integration remains connected and are removed, expired or rotated when the integration is disconnected or no longer needed;
• support requests, feedback and bug-report information are kept for as long as reasonably necessary to resolve the issue, support the beta and improve the Service;
• security, audit and diagnostic logs are kept for as long as reasonably necessary for security monitoring, abuse prevention and investigation;
• payment, accounting and tax records are generally kept for at least the period required by law; and
• backup copies may remain in secure rolling backups for a limited period before being overwritten or deleted.

If you ask us to delete your account, we aim to process verified deletion requests within 30 days, subject to any data we must retain for legal, accounting, security or dispute-resolution reasons.

We use reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include access controls, signed authentication flows, encryption in transit, provider-managed security controls, logging and role-based restrictions.

No internet-connected product can guarantee absolute security. You are also responsible for protecting your account credentials and the devices you use to access the Service.

Telosii is intended for adults and is not designed for children under 18. If you are under 18, do not create an account or use the Service.

We do not knowingly collect personal data from children under 18 without an appropriate legal basis and appropriate protections. If you believe a child has used Telosii and provided personal data, contact us and we will investigate and take appropriate action.

Depending on your location and the circumstances, you may have the following rights:

• the right to access the personal data we hold about you;
• the right to correct inaccurate or incomplete personal data;
• the right to request deletion of your personal data;
• the right to restrict certain processing;
• the right to object to processing based on legitimate interests;
• the right to withdraw consent at any time where processing is based on consent;
• the right to receive a portable copy of certain personal data; and
• the right to complain to the Information Commissioner's Office (ICO) or another competent supervisory authority.

You can exercise rights by emailing privacy@telosii.com. We may need to verify your identity before acting on a request. We will respond within the timeframe required by law, which is usually one month unless an extension is permitted.

You can usually control personal data in the following ways:

• update your account details and many preferences inside the product;
• disconnect calendar integrations to stop further syncing;
• export your cloud account data from the Data section in settings;
• delete your account from the Data section in settings, subject to any active subscription or legal retention requirement;
• manage subscription settings through the billing area or billing portal when available;
• adjust cookie or storage settings through the site controls or your browser where applicable; and
• request permanent deletion by contacting privacy@telosii.com with the subject line Data deletion request.

If you are unhappy with how we handle your personal data, please contact us first at privacy@telosii.com so we can try to resolve the issue promptly and fairly.

You also have the right to lodge a complaint with the Information Commissioner's Office. Details are available on the ICO website.

We may update this Privacy Policy from time to time to reflect changes in the Service, the law, our providers or our data practices. If we make a material change, we will take reasonable steps to bring it to your attention, such as by updating the date at the top of the policy, notifying you in the product, or emailing you where appropriate.

Privacy questions, rights requests and deletion requests: privacy@telosii.com

General support and account questions: hello@telosii.com