Effective Date: 13.06.2025
At Odal, we respect your privacy and are committed to protecting your personal data. This privacy policy tells you how we look after your personal data when you visit our website or otherwise work or communicate with us. It also explains your privacy rights and how the law protects you.
1. Important Information and Who We Are
1.1 Purpose of this Privacy Policy
This privacy policy aims to give you information on how Odal collects and processes your personal data through your use of our website, our services, or otherwise when you communicate or interact with us in the course of business.
1.2 Controller
If you are a registered customer of Odal, we act as the ‘data controller’ of personal data about you and your use of Odal. However, we act as the ‘data processor’ of personal data in the information you submit to Odal to use our product and services (such as information about your calendar, emails, email accounts, etc.). If we are acting as the data processor, please contact the relevant controller directly to exercise your rights regarding that data.
1.3 Contact Details
We are: Odal, operated by Alex Ashcroft & Ollie Ashcroft.
Registered address: London, Lambeth, 62b Cambria Road, SE5 9AS.
If you need to contact us regarding your personal data, please email: info@odal.io
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk). However, we encourage you to contact us first so we can resolve your concerns promptly.
1.4 Changes to the Privacy Policy and Your Duty to Inform Us of Changes
This version was last updated on 13.06.25. If you use our website or services after changes have been posted, you agree to the new terms. Please keep us informed if your personal data changes during your relationship with us.
2. The Data We Collect About You
We may create aggregated, de-identified, or anonymized data from the personal data we collect. This may be used for analytics or service improvements, but we will not disclose this data in a manner that could identify you.
We may collect, use, store, and transfer different kinds of personal data about you, including:
Contact Data: name, role at business, email address.
Technical Data: IP address, browser type and version, time zone setting, operating system, and platform.
Usage Data: information about how you use our website or services.
Correspondence Data: emails and notes of conversations (if applicable).
3. How Is Your Personal Data Collected?
We collect data through:
Direct interactions: via our app or when you contact us by email or form.
Automated technologies: cookies and analytics tools.
Third-party sources: such as Google Analytics or Nylas, subject to their privacy policies.
4. How We Use Your Personal Data
We will only use your personal data when permitted by law, typically:
To provide you with our services and maintain functionality.
To improve our service and respond to inquiries.
To comply with legal or regulatory obligations.
If you need details about the legal basis for processing in a specific scenario, contact us.
5. Data Shared with AI Models
5.1 Data Shared with AI Models
To provide reply drafting, summarization, and scheduling suggestions, Odal uses machine learning models, including those from third-party providers like OpenAI (ChatGPT).
The following data may be shared:
Email Content: Subject lines, message body, sender and recipient metadata.
Calendar Data: Event titles, availability, and times.
This data is sent securely to the AI model solely for the purpose of delivering the described services. It is not used to train the models.
5.2 User Consent for Data Sharing
We obtain explicit user consent during onboarding and when changes to this policy are made. Users are required to agree before we process any data with third-party AI services.
5.3 Third-Party Data Retention
We have a zero-retention agreement with our AI provider. No customer data is stored on their servers after processing.
6. Disclosures of Your Personal Data
We may share your data with:
Our service providers (e.g. Nylas, Supabase, OpenAI) who help operate our infrastructure and services.
Analytics providers for usage insights.
Business transfers: If we undergo a merger, acquisition, or sale.
All providers are under strict obligations to handle your data securely and legally.
7. International Transfers
Some of our service providers (e.g. Supabase, Nylas, OpenAI) are based outside the UK/EEA. We ensure equivalent protection through:
Data transfer agreements (Standard Contractual Clauses)
Participation in the EU-US Data Privacy Framework, where applicable.
Contact us for details about specific transfer mechanisms.
8. Data Security
We use industry-standard security practices, including:
OAuth 2.0 for authentication
Encryption in transit and at rest
Limited and audited access
We also maintain breach response protocols and will notify users and regulators if required by law.
9. Data Retention
We retain only what’s necessary:
OAuth refresh tokens and user email signatures are stored securely in Supabase while the user account remains active.
Users may delete their data and disconnect their account at any time via the app interface.
We may anonymize data for aggregated analysis without further notice.
10. Your Legal Rights
Under applicable data protection laws, you have the right to:
Request access, correction, or erasure of your data
Object to or restrict processing
Request transfer of your data
Withdraw consent at any time
More info: ICO Rights Guide
To exercise these rights, email us at info@odal.io.
We aim to respond to requests within one month, or notify you if more time is needed.
