Privacy Policy

RadiusOS (“we,” “us,” “our”) operates the CRM platform available at radiusos.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website or use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

• Account information: Name, email address, and organization name provided during registration through our authentication provider (Clerk).
• CRM data: Contacts, companies, deals, tasks, notes, tags, custom fields, pipeline stages, and any other data you create within your workspaces.
• Billing information: Payment details (credit card number, billing address) collected by our payment processor (Stripe). We do not store full credit card numbers on our servers.
• Communications: Emails or messages you send to our support address, feedback you submit, and survey responses.

2.2 Information Collected Through Integrations

• Gmail integration: If you choose to connect your Gmail account, we access your email address, send emails on your behalf, and read email threads related to your CRM contacts. We store OAuth tokens to maintain this connection. We also store email metadata (subject lines, timestamps, thread identifiers) to enable features such as reply detection and email sequences. See Section 7 for Google API Limited Use requirements.
• Other integrations: If we add additional third-party integrations in the future, this policy will be updated to describe the data accessed through each integration.

2.3 Information Collected Automatically

• Usage data: Pages visited, features used, clicks, session duration, and interactions within the Service.
• Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
• Cookies and similar technologies: We use cookies and local storage to maintain sessions, remember preferences, and collect analytics. See our Cookie Policy for details.
• Log data: Server logs that include IP addresses, request timestamps, HTTP methods, response codes, and referrer URLs.

We use the information we collect to:

• Provide the Service: Operate and maintain your CRM workspaces, pipelines, contacts, tasks, and integrations.
• Process payments: Manage subscriptions, billing, invoicing, and refunds through Stripe.
• Send and receive emails: Facilitate email communication with your contacts through the Gmail integration.
• Generate AI-powered features: Process your CRM data (contact metadata, email subjects, notes, task history, stage transitions) through AI models to provide deal scoring, health labels, next-action suggestions, AI-drafted follow-up emails, daily digests, and contact enrichment. See Section 6 for details on AI data processing.
• Improve the Service: Analyze usage patterns to fix bugs, improve performance, and develop new features.
• Communicate with you: Send transactional emails (password resets, billing receipts), product updates, and support responses. We do not send marketing emails unless you opt in.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: Respond to legal requests and enforce our Terms of Service.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Performance of a contract: Processing necessary to provide the Service you signed up for (account management, CRM features, integrations).
• Legitimate interests: Analytics to improve the Service, security measures to protect accounts, and communications about your account. We balance our interests against your rights and do not process data where your interests override ours.
• Consent: Where required — for example, loading analytics cookies or processing email data through AI features. You can withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws.

We use cookies and similar technologies for authentication, preferences, and analytics. Essential cookies (authentication, session management) are required for the Service to function. Analytics cookies (Vercel Analytics, Vercel Speed Insights) are loaded only with your consent.

For a detailed breakdown of the cookies we use, their purposes, and how to manage your preferences, see our Cookie Policy.

You can manage your cookie preferences at any time using the cookie consent banner or by clearing cookies in your browser settings.

RadiusOS uses AI models provided by Anthropic (Claude API) to power certain features. This section explains what data is processed, how, and your controls.

6.1 What Data Is Sent to AI Models

When AI features are triggered (deal scoring, draft generation, daily digest, contact enrichment), we assemble a context packet from your CRM data that may include:

• Contact name, company, title, and pipeline stage
• Email subject lines and timestamps (not full email bodies, unless you opt in via workspace settings)
• Note excerpts (truncated to 500 characters)
• Task completion history
• Stage transition history with timestamps
• Sequence enrollment status

We do not send: full email bodies (by default), file attachments, payment information, or your account password.

6.2 How AI Data Is Processed

• Data is sent to Anthropic's Claude API via encrypted HTTPS connections.
• We use system prompt caching to minimize data transmission. The system prompt (instructions to the model) is identical across calls and cached; only your contact-specific data varies.
• AI responses (scores, labels, draft text, suggestions) are stored in our database and associated with your workspace.
• Anthropic does not use data sent through their API to train their models. See Anthropic's data usage policy at anthropic.com/policies for details.

6.3 AI Features by Plan Tier

• Free plan: Rule-based deal scoring by default. Up to 30 on-demand AI score refreshes per workspace per month. No AI-drafted emails, enrichment, or semantic search.
• Pro plan: Unlimited AI scoring, AI-drafted follow-up emails, contact enrichment, score explanations, daily AI digest, and semantic search.

6.4 Automated Decision-Making and Profiling (GDPR Art. 22)

RadiusOS uses AI models to generate deal health scores (0–100), health labels (hot/warm/cool/cold), and next-action suggestions for contacts in your CRM. This constitutes automated profiling under GDPR Article 22.

How it works:When a scoring event occurs (new email received, stage change, manual refresh, or nightly batch), we assemble a context packet from your contact's CRM data (see Section 6.1) and submit it to an AI model that returns a score, label, and suggested action. The score reflects signals such as email engagement recency, response velocity, stage progression speed, task completion rates, and note sentiment.

Significance and consequences: The AI score influences how contacts are prioritized in your pipeline view and what actions are suggested to you. However, no fully automated decision is made that produces legal effects or similarly significant effects on the individuals whose data is scored — the scores are advisory tools for the CRM user (you), and all actions (sending emails, moving stages, closing deals) require your manual initiation or explicit confirmation.

Your rights: Under GDPR Article 22, you have the right to:

• Request human review of any AI-generated score or recommendation by contacting privacy@radiusos.ai.
• Express your point of view and contest any AI-derived assessment.
• Opt out of AI scoring entirely by not using the “Refresh AI Score” feature (free plan) or by contacting us to disable AI scoring for your workspace (Pro plan).

6.5 Your Controls

• You can disable the Gmail integration at any time, which stops email data from being included in AI context.
• You can choose not to use the “Refresh AI Score” button on the free plan.
• Workspace owners can opt in or out of full email body processing in workspace settings (off by default).
• Deleting a contact removes their data from future AI processing. Cached AI scores are invalidated when the underlying data changes.

RadiusOS's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to the Gmail scopes necessary to send emails, read email threads for your CRM contacts, and identify your email address.
• We do not use Gmail data for advertising purposes.
• We do not share Gmail data with third parties except as necessary to provide the Service (e.g., processing email metadata through AI features you initiate).
• We do not allow humans to read your Gmail data unless required for security purposes, to comply with law, or with your explicit consent.
• Gmail data processed through AI features (Section 6) is limited to email subject lines and metadata by default. Full email body processing requires explicit workspace-level opt-in.
• You can disconnect your Gmail account at any time from Settings > Integrations, which immediately revokes access and deletes your stored OAuth tokens.

We do not sell your personal information. We share data only with the following categories of service providers (“sub-processors”) who process data on our behalf:

We may also disclose information if required by law, in response to a valid legal process (subpoena, court order), or to protect the rights, safety, or property of RadiusOS, our users, or the public.

• Account data: Retained for as long as your account is active. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records retained for tax compliance).
• CRM data: Retained for as long as your workspace exists. When you delete a contact, note, or task, it is permanently removed from our database within 30 days (backup retention).
• AI-generated data: Cached AI scores, draft text, and digest content are invalidated when the underlying data changes and permanently purged within 30 days of the source data being deleted.
• Server logs: Retained for up to 90 days for debugging and security purposes, then automatically deleted.
• Billing records: Retained for 7 years as required by tax and accounting regulations.

We implement reasonable technical and organizational measures to protect your data:

• All data in transit is encrypted via TLS/HTTPS.
• Database connections use SSL encryption.
• OAuth tokens for Gmail are stored encrypted.
• Authentication is handled by Clerk, which implements industry-standard security practices including bcrypt password hashing and rate limiting.
• Access to production infrastructure is restricted to authorized personnel.
• We conduct regular security reviews of our codebase and dependencies.

No method of transmission or storage is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and any applicable regulators as required by law.

RadiusOS is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where our hosting infrastructure (Vercel, Neon) is located.

For users in the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors.
• The adequacy decisions and transfer mechanisms maintained by our sub-processors (Clerk, Vercel, Neon, Stripe, Anthropic) as described in their respective privacy policies.

12.1 All Users

Regardless of your location, you can:

• Access your personal data through your account settings and CRM workspace.
• Update your personal information at any time.
• Delete your CRM data (contacts, notes, tasks) through the Service.
• Disconnect integrations (Gmail) at any time.
• Request account deletion by contacting support@radiusos.ai.
• Manage cookie preferences through the cookie consent banner.

12.2 EEA, UK, and Swiss Residents (GDPR)

You have additional rights under GDPR:

• Right to rectification: Request correction of inaccurate data.
• Right to erasure:Request deletion of your personal data (“right to be forgotten”).
• Right to restriction: Request that we limit how we process your data.
• Right to data portability: Request a copy of your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time for consent-based processing.
• Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@radiusos.ai. We will respond within 30 days.

12.3 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (as amended by CPRA), California residents have the right to:

• Know what personal information we collect, use, and disclose.
• Delete personal information we hold about you.
• Opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@radiusos.ai or use the mechanisms described in Section 12.1.

In the preceding 12 months, we have collected the following categories of personal information and used them for the stated business purposes:

We do not sell personal information and have not done so in the preceding 12 months.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete that data promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@radiusos.ai.

The Service may contain links to third-party websites or services (e.g., LinkedIn profiles, company websites stored in your CRM). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last updated” date at the top of this page.
• Notify you via email or an in-app notification if the changes are significant.
• Post the updated policy on this page.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

For GDPR-related inquiries, you may also contact our data protection point of contact at privacy@radiusos.ai.