1. Introduction
Harto Atelier SL ("we", "our", or "us") operates Listo, an AI-powered personal assistant service.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
By using Listo, you consent to the data practices described in this policy.
If you do not agree with our policies and practices, do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, name, payment information
- Communications: Messages you send via WhatsApp, Telegram, or email
- User Content: Tasks, notes, preferences you share with the AI assistant
2.2 Information from Third-Party Services
When you connect third-party services, we access:
- Gmail: Email content, contacts, labels (read-only and modify permissions)
- Google Calendar: Events, attendees, descriptions
- WhatsApp: Messages, contacts, media (via WhatsApp Business API)
- Telegram: Messages, contacts
2.3 Automatically Collected Information
- Usage Data: Features used, commands sent, response times
- Device Information: IP address, browser type, operating system
- Log Data: Access times, pages viewed, errors encountered
3. How We Use Your Information
We use your information to:
- Provide the Service: Process requests, generate AI responses, manage tasks
- Improve the Service: Analyze usage patterns, train AI models, fix bugs
- Communicate: Send updates, notifications, support messages
- Billing: Process payments, manage subscriptions
- Security: Detect fraud, prevent abuse, ensure platform security
- Compliance: Meet legal obligations, enforce our terms
4. How We Share Your Information
4.1 Third-Party Service Providers
We share data with providers who assist in operations:
| Provider |
Purpose |
Data Shared |
| OpenAI / Anthropic |
AI model processing |
User prompts, conversation context |
| Google Cloud |
Gmail/Calendar integration |
OAuth tokens, email/calendar data |
| Stripe / Helio |
Payment processing |
Payment information, billing details |
| Supabase |
Database hosting |
Account data, usage metrics |
| Vercel |
Application hosting |
Usage logs, performance data |
4.2 Legal Requirements
We may disclose your information if required by law or to:
- Comply with legal processes or government requests
- Enforce our Terms of Service
- Protect the rights, property, or safety of Harto Atelier SL, our users, or the public
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred.
We will provide notice before your information becomes subject to a different privacy policy.
4.4 What We DON'T Do
- We never sell your personal data to third parties
- We never share your email content for advertising purposes
- We never train public AI models on your private conversations
5. Data Security
We implement industry-standard security measures:
- Encryption: All data encrypted in transit (TLS/SSL) and at rest (AES-256)
- OAuth: Secure authentication via Google OAuth 2.0 (we never store your passwords)
- Access Controls: Role-based access, principle of least privilege
- Regular Audits: Security reviews, penetration testing, vulnerability scans
- Incident Response: Procedures to detect, respond to, and notify of breaches
However, no method of transmission over the Internet or electronic storage is 100% secure.
While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your information as long as necessary to:
- Provide the Service while you maintain an account
- Comply with legal obligations (e.g., tax records: 7 years)
- Resolve disputes and enforce our agreements
Upon account deletion:
- Grace period: 30 days to change your mind (data stored securely)
- After 30 days: Personal data permanently deleted
- Aggregated data: Anonymous usage statistics may be retained
7. Your Rights (GDPR & Privacy)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing of your data for certain purposes
- Withdraw Consent: Revoke consent at any time (e.g., disconnect Gmail)
- Complain: Lodge a complaint with a data protection authority
To exercise these rights, contact us at privacy@listo.ai.
We will respond within 30 days.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence.
We ensure adequate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Compliance with GDPR for EU users
- Servers primarily located in EU (Frankfurt, Amsterdam)
9. Children's Privacy
Listo is not intended for users under 18. We do not knowingly collect information from children.
If you believe we have collected information from a child, contact us immediately and we will delete it.
10. Cookies and Tracking
We use cookies and similar technologies for:
- Essential: Authentication, security, session management
- Analytics: Usage patterns, performance metrics (via Vercel Analytics)
- Preferences: Remember your settings and choices
You can control cookies through your browser settings.
Disabling cookies may limit functionality of the Service.
11. AI and Data Processing
11.1 How AI Uses Your Data
Your conversations and content are processed by AI models (GPT-4, Claude, Llama) to generate responses.
This processing happens in real-time and is necessary to provide the Service.
11.2 AI Model Training
- Your data is NOT used to train OpenAI's or Anthropic's public models
- Aggregated, anonymized data may be used to improve Listo-specific features
- You can opt out of any analytics by contacting support
11.3 Data Sent to AI Providers
When using paid LLM models (GPT-4, Claude):
- Your prompts and conversation history are sent to the respective providers
- Providers' data policies apply (OpenAI, Anthropic)
- We use zero-retention APIs where available (data not stored by providers)
12. Third-Party Links
The Service may contain links to third-party websites or services.
We are not responsible for the privacy practices of these third parties.
We encourage you to read their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via:
- Email to your registered address
- Prominent notice on the Service
- Updated "Last updated" date at the top of this policy
Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
For privacy-related questions or requests, contact us:
- Email: privacy@listo.ai
- Support: support@listo.ai
- Company: Harto Atelier SL
- Address: Barcelona, Spain
- Data Protection Officer: dpo@listo.ai
For GDPR-related complaints, you may also contact your local data protection authority.
← Back to Home