Privacy Policy

Last updated: February 2026

1. Controller and Scope

This Privacy Policy applies to the use of all online services provided by Relorq (mii ventures GmbH) at relorq.com, including the web app, marketing website, and all subpages. The controller within the meaning of the GDPR is mii ventures GmbH, represented by Michael Schmitt. No data protection officer has been appointed.

2. Principles of Data Processing

We process personal data strictly in accordance with the requirements of the GDPR, the German Federal Data Protection Act (BDSG), and the Telecommunications Telemedia Data Protection Act (TTDSG). We only process data if:

• It is necessary to fulfill a contract or to take pre-contractual steps (Art. 6(1)(b) GDPR),
• you have given your consent (Art. 6(1)(a) GDPR), or
• we have a legitimate interest (Art. 6(1)(f) GDPR), e.g. in the secure and efficient operation of our services.

3. Provision of Website and Web App

Our website and web app are hosted by Vercel Inc., USA (using EU-based data centers). When you access our website or app, server log data (such as IP address, browser type, and access time) is automatically processed. This processing is based on our legitimate interest in providing a secure and technically functional service (Art. 6(1)(f) GDPR). Log data is deleted after 30 days, unless security-related incidents (e.g., attack attempts, abuse cases) require longer retention.

4. User Accounts and Platform Data

To use Relorq, you need a user account. We process the following data:

• Account data: name, email address, and (where provided) phone number
• Content and usage data: calendar entries, tasks, contacts, notes, messages, and other data you store or create in the platform
• Usage data: timezone settings, preferences, configuration data, and technical logs necessary to provide and improve the service

The purpose of processing is to provide the Relorq platform (unified system for calendar, tasks, conversations, and notes). Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Data is retained for the duration of the customer account and deleted 30 days after contract termination.

5. Payment Processing

Payments are processed via Stripe. When a payment is made, the required payment details (e.g., name, email address, billing amount, payment method, credit card or bank details) are transmitted to Stripe. The processing is carried out for payment execution and contractual performance under Art. 6(1)(b) GDPR.

Stripe may also process specific data on its own responsibility for fraud prevention, technical optimization of its service, and compliance with legal obligations.

For more information, please refer to Stripe's Privacy Policy.

6. Communication and Support

When you contact us (e.g., via email or form), we process the data you provide to handle your request (Art. 6(1)(b) GDPR).

Support emails and transactional notifications are sent via SendGrid, a service provided by Twilio Inc., 101 Spear Street, 5th Floor, San Francisco, CA 94105, USA. Processing is carried out solely for technical communication (e.g., confirmations, system notifications) and is based on Art. 6(1)(b) GDPR. Transfers to the USA rely on the EU–US Data Privacy Framework (DPF).

Additionally, we use Novu, provided by Novu Ltd., Tel Aviv, Israel, to send product notifications. Novu processes user data (e.g., email address, user ID, notification content) on our behalf to deliver in-app or email notifications. Processing is based on Art. 6(1)(b) GDPR. If data is processed outside the EU, this is done under Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR and appropriate technical and organizational safeguards.

7. Newsletter and Marketing

Marketing emails and newsletters are sent only with prior consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time.

8. Analytics and Measurement Tools

We use Plausible Analytics, PostHog, and Vercel Analytics solely for anonymized usage and performance measurement. These tools operate without cookies and are proxied via EU servers, ensuring no direct data transfer to third countries. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in statistical analysis).

9. Cookies

We use only essential cookies — for example, to store your language preference or maintain your login session. Processing is based on Section 25(2) TTDSG in conjunction with Art. 6(1)(f) GDPR.

10. Use of AI in the Platform

Where Relorq uses AI (e.g. for suggestions, intelligent drafting, or adaptive features), we ensure that this is transparent to you in line with applicable transparency obligations (including, where relevant, Article 50 of the EU AI Act). The platform does not perform automated decision-making within the meaning of Art. 22 GDPR. You remain responsible for reviewing and approving any AI-generated or AI-assisted content before use. Responsibility for the provision of the service remains with mii ventures GmbH.

11. Processors and Sub-Processors

We use carefully selected partners and service providers to operate our services. A current and complete list of sub-processors is available here. Data processing agreements bind all service providers in accordance with Art. 28 GDPR.

12. International Data Transfers

When personal data is transferred to third countries (e.g., the USA), we rely, depending on the provider, on the EU–US Data Privacy Framework (DPF) or the Standard Contractual Clauses (SCCs) combined with Transfer Impact Assessments (TIAs). Wherever possible, we use EU-based data centers.

13. Data Retention and Deletion

Personal data is stored only as long as necessary for its intended purpose. After contract termination, data is deleted within 30 days, unless legal retention periods apply. Backups are rotated and overwritten regularly.

14. Rights of Data Subjects

You have the right to:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)

To exercise your rights, please contact us at support@relorq.com. Please include which rights you wish to exercise. We will confirm receipt within 7 days and respond within the deadlines set by Art. 12(3) of the GDPR.

15. Security

We apply technical and organizational measures in accordance with Art. 32 GDPR, including TLS encryption, multi-factor authentication, role-based access controls, and logging of security-related events.

16. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal or technical requirements.