Strilio logo
Strilio Privacy policy

Public privacy policy

Privacy policy for Strilio.

This privacy policy explains how Strilio handles personal data when customers use Strilio, including mailbox and calendar connections through Google, Microsoft, and Apple iCloud where those integrations are enabled.

Last updated: April 16, 2026. Privacy contact: support@strilio.io.

1. Who we are

Strilio provides a customer relationship management platform for businesses that manage leads, appointments, quotes, inbox conversations, and follow-up workflows. Our public contact location is Belgium.

2. Data we process

Depending on the features enabled by a customer, we may process the following categories of data:

  • Workspace account data such as user identity, role, and membership data.
  • Customer relationship data such as contacts, opportunities, activities, tasks, and appointment context.
  • Connected mailbox data such as mailbox identity details, email metadata, email content, and send status.
  • Connected calendar data such as calendar identity details, event metadata, attendee details, and appointment content.
  • Provider authorization data such as OAuth tokens, refresh tokens, provider account identifiers, and connection status.
  • Technical data such as IP addresses, session data, logs, and security telemetry.

3. How we use connected mailbox and calendar data

  • To confirm which mailbox or calendar a user intentionally connected.
  • To sync customer emails into the CRM conversation history requested by that customer.
  • To let authorized users send replies or follow-up emails from the connected mailbox where sending is enabled.
  • To let authorized users read, create, update, and manage appointments where calendar sync is enabled.
  • To support customer-facing workflows such as triage, follow-up, appointment scheduling, and conversation context.
  • To secure, monitor, and troubleshoot the provider connection.

Google Workspace data, including Google Calendar data where enabled, is used only to provide or improve user-facing features that are visible and prominent inside the product. We do not use Google Workspace API data, Microsoft 365 data, or Apple iCloud-connected data for advertising, data resale, data-brokering, unrelated analytics resale, or generalized AI or machine learning model training.

Human access to connected mailbox or calendar content is limited to situations where it is necessary to respond to a user support request, investigate a security or abuse incident, comply with law, or maintain service reliability. Access is logged and limited to authorized personnel with a legitimate need to know.

Apple iCloud connections, where available, are currently handled through user-managed manual mailbox settings rather than Apple OAuth. We apply the same purpose limitation and confidentiality expectations to that data as to Google and Microsoft-connected data.

4. Legal bases

We process personal data for the performance of our customer contract, to maintain and secure the service, to comply with legal obligations, and where applicable for our legitimate interests in operating and improving a secure B2B software platform. Customers remain responsible for their own lawful use of the platform and their own notices to their contacts where required.

5. Sharing and subprocessors

We share data only with subprocessors and infrastructure providers that help us operate the service on our behalf, such as hosting, database, delivery, and support tooling providers, with authorized users inside the same customer workspace, or where required by law. We do not sell personal data, and we do not share one customer's connected mailbox or calendar content with another customer.

6. International transfers

Where data is transferred outside the European Economic Area, we use appropriate safeguards required by applicable law, such as contractual commitments and provider transfer mechanisms where available.

7. Retention

We retain data only as long as needed for the service, security, compliance, dispute handling, and backup recovery purposes. Customers can request deletion or disconnect a mailbox or calendar. Certain records may be retained longer where required for security, fraud prevention, or legal obligations.

8. Security

We use technical and organizational measures designed to protect data, including authenticated access, access control, transport encryption, and operational logging. No method of transmission or storage is completely risk-free, but we work to reduce unauthorized access and misuse.

9. Your rights

Depending on applicable law, data subjects may have rights to access, correct, delete, restrict, object to, or port their personal data. Requests can be sent to support@strilio.io.

10. Disconnecting and deleting connected provider data

Instructions for disconnecting mailbox or calendar access and requesting deletion are published at the public data deletion page. Users can also revoke app access from their Google or Microsoft account settings at any time, and Apple iCloud users can remove the manual connection from the product and rotate or revoke any related app-specific password in their Apple account settings.

11. Changes to this policy

We may update this policy when the product, legal requirements, or our subprocessors change. The updated version will be published on this page with a revised effective date.