Privacy Policy

RadiusOS (“we,” “us,” “our”) operates the CRM platform available at radiusos.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website or use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

• Account information: Name, email address, and organization name provided during registration through our authentication provider (Clerk).
• CRM data: Contacts, companies, deals, tasks, notes, tags, custom fields, pipeline stages, and any other data you create within your workspaces.
• Billing information: Payment details (credit card number, billing address) collected by our payment processor (Stripe). We do not store full credit card numbers on our servers.
• Communications: Emails or messages you send to our support address, feedback you submit, and survey responses.

2.2 Information Collected Through Integrations

• Google integration (Gmail + Calendar):If you choose to connect your Google account, we access your email address, send emails on your behalf, read email threads related to your CRM contacts (for reply detection and AI deal scoring), and write appointments you schedule on a contact's record to your Google Calendar. We store OAuth tokens encrypted to maintain this connection. We also store email metadata (subject lines, timestamps, thread identifiers) and calendar event identifiers for events RadiusOS itself created. See Section 7 for the full list of OAuth scopes requested, why each is needed, and our Limited Use commitments.
• Inbox-driven contact discovery (Business + Team plans): On Business and Team plans, RadiusOS reads inbound message bodies from your connected Gmail to identify unknown senders and extract contact information (name, job title, company, phone number) from email signatures. This data is sent to Anthropic for processing as part of the AI features described in Section 6. We store ONLY the structured output (the extracted fields) on the resulting Contact record, plus the originating Gmail message ID for traceability. Raw email bodies are never persisted to RadiusOS storage. Auto-discovered contacts are clearly attributed in the user interface with a ✨ marker so you always know which fields came from your inbox versus values you entered yourself.
• Walkthrough Notes audio and photos (all plans; Free is preview-only): If you record a walkthrough on a contact, RadiusOS captures the audio and any photos you snap during the recording. The audio file is sent to OpenAI (Whisper API) for transcription and removed from the processing pipeline after the transcript is returned. The transcript text and a sampled subset of the photos are sent to Anthropic (Claude Haiku) to generate the AI-drafted title, summary, and suggested follow-ups. Both the audio file and the photos are stored in Cloudflare R2 (encrypted at rest) and scoped to the workspace; only workspace members can access them. Free plan workspaces can record one walkthrough per month as a preview; if the workspace does not save the preview to the customer record (saving requires Pro or above), the audio and photos are auto-deleted within 24 hours. On Pro, Business, and Team plans the audio is auto-deleted 7 days after the walkthrough is approved (or within 24 hours if discarded); photos persist with the saved walkthrough record. See Section 6 for the AI processing details and Section 8 for the full sub-processor list.
• Other integrations: If we add additional third-party integrations in the future, this policy will be updated to describe the data accessed through each integration.

2.3 Information Collected Automatically

• Usage data: Pages visited, features used, clicks, session duration, and interactions within the Service.
• Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
• Cookies and similar technologies: We use cookies and local storage to maintain sessions, remember preferences, and collect analytics. See our Cookie Policy for details.
• Log data: Server logs that include IP addresses, request timestamps, HTTP methods, response codes, and referrer URLs.
• Share-link view analytics: When a recipient opens a public walkthrough share link (/share/page/[token]) or downloads its PDF, we record a single view row containing the share-link ID, whether the hit was a page view or a PDF download, the User-Agent string truncated to 256 characters, and a one-way SHA-256 hash of the requester's IP address truncated to 16 hexadecimal characters. We never store the raw IP address. The hash is used only to estimate unique opens; it cannot be reversed to identify the recipient. Known link-preview crawlers (Slack, Twitter/X, Facebook, LinkedIn, Bing, Google, Apple, and generic bots) are filtered out before persist so they do not inflate counts. This data exists so the workspace member who created the share link can see whether the recipient opened it, surfaced as "X opens (Y unique), Z PDF downloads, last opened on {date}" on the walkthrough page.
• Upgrade-flow conversion telemetry:We also stamp two timestamps on your organization when you click a Walk & Talk upgrade prompt and when a paid plan transition follows within 24 hours, so we can measure whether the preview-to-paywall flow converts. No personal data; just timestamps.

We use the information we collect to:

• Provide the Service: Operate and maintain your CRM workspaces, pipelines, contacts, tasks, and integrations.
• Process payments: Manage subscriptions, billing, invoicing, and refunds through Stripe.
• Send and receive emails: Facilitate email communication with your contacts through the Gmail integration.
• Generate AI-powered features: Process your CRM data (contact metadata, email subjects, notes, task history, stage transitions) through AI models to provide deal scoring, health labels, next-action suggestions, AI-drafted follow-up emails, daily digests, and contact enrichment. See Section 6 for details on AI data processing.
• Improve the Service: Analyze usage patterns to fix bugs, improve performance, and develop new features.
• Communicate with you: Send transactional emails (password resets, billing receipts), product updates, and support responses. We do not send marketing emails unless you opt in.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: Respond to legal requests and enforce our Terms of Service.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Performance of a contract: Processing necessary to provide the Service you signed up for (account management, CRM features, integrations).
• Legitimate interests: Analytics to improve the Service, security measures to protect accounts, and communications about your account. We balance our interests against your rights and do not process data where your interests override ours.
• Consent: Where required - for example, loading analytics cookies or processing email data through AI features. You can withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws.

We use cookies and similar technologies for authentication, preferences, and analytics. Essential cookies (authentication, session management) are required for the Service to function. Analytics cookies (Vercel Analytics, Vercel Speed Insights) are loaded only with your consent.

For a detailed breakdown of the cookies we use, their purposes, and how to manage your preferences, see our Cookie Policy.

You can manage your cookie preferences at any time using the cookie consent banner or by clearing cookies in your browser settings.

RadiusOS uses AI models provided by Anthropic (Claude API) to power certain features. This section explains what data is processed, how, and your controls.

6.1 What Data Is Sent to AI Models

When AI features are triggered (deal scoring, draft generation, daily digest, contact enrichment), we assemble a context packet from your CRM data that may include:

• Contact name, company, title, and pipeline stage
• Email subject lines and timestamps (not full email bodies, unless you opt in via workspace settings)
• Note excerpts (truncated to 500 characters)
• Task completion history
• Stage transition history with timestamps
• Sequence enrollment status

We do not send: full email bodies (by default), file attachments, payment information, or your account password.

Inbox-driven contact discovery (Business + Team plans):the inbox-discovery cron and on-demand "Discover from Gmail" button send a single recent message body per unknown sender (truncated to 2KB, signature region only) to Anthropic for the sole purpose of extracting structured contact fields (name, title, company, phone). Raw bodies are processed in-memory and never persisted to RadiusOS storage. We store only the structured output on the resulting Contact record. See Section 2.2 for the full data flow and the in-product ✨ attribution marker that surfaces when a Contact field came from this path.

Walkthrough Notes audio and photos (all plans; Free is preview-only): when you record a walkthrough on a contact, the audio file is sent to OpenAI (Whisper API) over an encrypted HTTPS connection for transcription. OpenAI returns the transcript; the audio is then removed from the processing pipeline. The resulting transcript text and a sampled subset of the walkthrough photos (capped at a small number per walkthrough to bound cost) are sent to Anthropic (Claude Haiku 4.5) to generate the AI-drafted title, summary, and suggested follow-up tasks, reminders, and tags. Neither OpenAI nor Anthropic retain or train on data sent via their respective APIs under our enterprise terms. The audio and photos themselves are stored in Cloudflare R2 (see Section 8) and scoped to your workspace. Free plan workspaces can record one walkthrough per month as a preview; if the workspace does not save the preview to the customer record (saving requires Pro or above), the audio and photos are auto-deleted within 24 hours. On Pro, Business, and Team plans the audio is auto-deleted 7 days after the walkthrough is approved, or within 24 hours of discard; photos persist with the saved walkthrough record. See Section 2.2 for the data flow and retention policy.

Voice-matched drafts (Pro, Business, Team plans):on Pro and above, a weekly background job (the "style profile" cron) reads up to ten of the workspace owner's most recent sent Gmail messages and sends those message bodies to Anthropic (Claude Haiku) over an encrypted HTTPS connection. Anthropic returns a short natural-language summary of the owner's writing style (sentence length, opener phrases, sign-off, formality), which we store on the workspace record as the "style profile" and layer onto subsequent AI draft generations so the drafts read in the owner's voice rather than a generic AI voice. The raw message bodies are processed in-memory by Anthropic and are not persisted to RadiusOS storage; we keep only the resulting style-profile summary. The job is skipped entirely when Gmail is not connected or when the workspace has fewer than five sent messages in the last 30 days, and you can disable voice-matched drafts from your workspace settings. Anthropic does not retain or train on data sent via their API under our enterprise terms.

6.2 How AI Data Is Processed

• Data is sent to Anthropic's Claude API via encrypted HTTPS connections.
• We use system prompt caching to minimize data transmission. The system prompt (instructions to the model) is identical across calls and cached; only your contact-specific data varies.
• AI responses (scores, labels, draft text, suggestions) are stored in our database and associated with your workspace.
• Anthropic does not use data sent through their API to train their models. See Anthropic's data usage policy at anthropic.com/policies for details.

6.3 AI Features by Plan Tier

RadiusOS uses a unified AI credit pool - every plan gets a monthly allotment of credits that you spend across all AI surfaces (deal score refreshes, AI-drafted follow-up emails, contact enrichment, AI score explanations, semantic search, the in-product Ask RadiusOS chat, and AI-flavored MCP server tools). One credit = one AI action.

• Free plan: 30 AI credits per workspace per month. MCP server access, CSV import + export, and vCard import all included. Pure read/write MCP tools (search, create, list) do not consume credits - only AI-flavored tools and the chat surface do. Gmail subject lines and thread metadata are transmitted to Anthropic only when you initiate an AI action that consumes a credit.
• Pro plan ($19/mo): 300 AI credits per workspace per month. Plus the proactive Morning Digest (5 voice-matched pre-drafted follow-ups nightly), shareable deal score cards, email sequences, automations, PDF, calendar sync, and MCP server access. Gmail subject lines and metadata are routinely transmitted to Anthropic on this tier as part of the AI data-processing flow described in Section 6.1.
• Business plan ($39/mo): Unlimited AI credits (subject to a fair-use ceiling of approximately 5,000 actions per workspace per month). Plus contact enrichment, semantic search, advanced reporting, webhooks, the price book, and three workspace members.
• Team plan ($69/mo): Everything in Business, plus unlimited members, audit logs, contact versioning, and file attachments. AI credit fair-use ceiling raised to approximately 10,000 actions per workspace per month.

Credits reset on the first day of each calendar month. We enforce a global monthly cap on all free-tier AI spend to protect the Service from cost runaway; if the cap is reached, free-tier AI calls gracefully degrade to rule-based behavior until the next month.

6.4 Automated Decision-Making and Profiling (GDPR Art. 22)

RadiusOS uses AI models to generate deal health scores (0-100), health labels (hot/warm/cool/cold), and next-action suggestions for contacts in your CRM. This constitutes automated profiling under GDPR Article 22.

How it works:When a scoring event occurs (new email received, stage change, manual refresh, or nightly batch), we assemble a context packet from your contact's CRM data (see Section 6.1) and submit it to an AI model that returns a score, label, and suggested action. The score reflects signals such as email engagement recency, response velocity, stage progression speed, task completion rates, and note sentiment.

Significance and consequences: The AI score influences how contacts are prioritized in your pipeline view and what actions are suggested to you. However, no fully automated decision is made that produces legal effects or similarly significant effects on the individuals whose data is scored - the scores are advisory tools for the CRM user (you), and all actions (sending emails, moving stages, closing deals) require your manual initiation or explicit confirmation.

Your rights: Under GDPR Article 22, you have the right to:

• Request human review of any AI-generated score or recommendation by contacting privacy@radiusos.ai.
• Express your point of view and contest any AI-derived assessment.
• Opt out of AI scoring entirely by not using the “Refresh AI Score” feature (free plan) or by contacting us to disable AI scoring for your workspace (Pro plan).

6.5 Your Controls

• You can disable the Gmail integration at any time, which stops email data from being included in AI context.
• You can choose not to use the “Refresh AI Score” button on the free plan.
• Workspace owners can opt in or out of full email body processing in workspace settings (off by default).
• Deleting a contact removes their data from future AI processing. Cached AI scores are invalidated when the underlying data changes.

RadiusOS's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7.1 Scopes We Request

When you connect a Google account to RadiusOS, we request the following OAuth scopes. You authorize each one explicitly on Google's consent screen, and you can revoke any of them at any time from Settings > Integrations or directly at myaccount.google.com/permissions.

7.2 Limited Use Commitments

• Only the scopes above are requested. We do not request access to your full inbox, contacts, drive, photos, or any other Google service.
• We do not use Google data for advertising or for any cross-context behavioral marketing.
• We do not transfer Google data to third parties except as necessary to provide the Service. Specifically, when you use AI features, email subject lines and thread metadata are transmitted to Anthropic (our AI sub-processor disclosed in Section 8) for scoring, draft generation, and digest creation. Anthropic does not retain or train on data sent through their API. Full email bodies are never sent to Anthropic unless you explicitly opt in via workspace settings.
• We do not allow humans to read your Google data unless: (a) we have your explicit affirmative consent for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations such as improving the Service.
• Encrypted token storage. OAuth refresh tokens and access tokens are stored encrypted at rest in our database. Tokens are never logged in plaintext.
• One-click revocation.You can disconnect your Google account at any time from Settings > Integrations, which immediately revokes access and deletes your stored OAuth tokens. Cached email metadata associated with your contacts is purged within 30 days of disconnection.

7.3 What Google Data Leaves Google's Servers

To make the data flow explicit:

• Stored in RadiusOS's database (Neon, see Section 8): your connected Google email address, encrypted OAuth tokens, email thread identifiers and timestamps, email subject lines, and calendar event identifiers for events RadiusOS itself created.
• Transmitted to Anthropic when AI features run: contact metadata (name, company, stage), email subject lines, timestamps of sent and received messages, note excerpts (truncated to 500 characters), and AI-generated outputs. See Section 6 for the full AI data-processing flow.
• Never transmitted anywhere outside Google: full email body content (unless workspace-level opt-in), file attachments, calendar events you created outside of RadiusOS, your inbox or label structure, contacts not added to RadiusOS, and any data from Google services we do not request scopes for.

We do not sell your personal information. We share data only with the following categories of service providers (“sub-processors”) who process data on our behalf:

We may also disclose information if required by law, in response to a valid legal process (subpoena, court order), or to protect the rights, safety, or property of RadiusOS, our users, or the public.

• Account data: Retained for as long as your account is active. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records retained for tax compliance).
• CRM data: Retained for as long as your workspace exists. When you delete a contact, note, or task, it is permanently removed from our database within 30 days (backup retention).
• AI-generated data: Cached AI scores, draft text, and digest content are invalidated when the underlying data changes and permanently purged within 30 days of the source data being deleted.
• Walkthrough Notes audio: Audio captured by the in-app Walkthrough Notes recorder is auto-deleted 7 days after the walkthrough is approved, or within 24 hours if the walkthrough is discarded. Transcripts and photos persist with the walkthrough record for as long as the workspace exists. Deleting the walkthrough or the contact removes the photos within 30 days (backup retention).
• Server logs: Retained for up to 90 days for debugging and security purposes, then automatically deleted.
• Billing records: Retained for 7 years as required by tax and accounting regulations.

We implement reasonable technical and organizational measures to protect your data:

• All data in transit is encrypted via TLS/HTTPS.
• Database connections use SSL encryption.
• OAuth tokens for Gmail are stored encrypted.
• Authentication is handled by Clerk, which implements industry-standard security practices including bcrypt password hashing and rate limiting.
• Access to production infrastructure is restricted to authorized personnel.
• We conduct regular security reviews of our codebase and dependencies.

No method of transmission or storage is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and any applicable regulators as required by law.

RadiusOS is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where our hosting infrastructure (Vercel, Neon) is located.

For users in the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors.
• The adequacy decisions and transfer mechanisms maintained by our sub-processors (Clerk, Vercel, Neon, Stripe, Anthropic, OpenAI, Cloudflare) as described in their respective privacy policies.

12.1 All Users

Regardless of your location, you can:

• Access your personal data through your account settings and CRM workspace.
• Update your personal information at any time.
• Delete your CRM data (contacts, notes, tasks) through the Service.
• Disconnect integrations (Gmail) at any time.
• Request account deletion by contacting support@radiusos.ai.
• Manage cookie preferences through the cookie consent banner.

12.2 EEA, UK, and Swiss Residents (GDPR)

You have additional rights under GDPR:

• Right to rectification: Request correction of inaccurate data.
• Right to erasure:Request deletion of your personal data (“right to be forgotten”).
• Right to restriction: Request that we limit how we process your data.
• Right to data portability: Request a copy of your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time for consent-based processing.
• Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@radiusos.ai. We will respond within 30 days.

12.3 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (as amended by CPRA), California residents have the right to:

• Know what personal information we collect, use, and disclose.
• Delete personal information we hold about you.
• Opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@radiusos.ai or use the mechanisms described in Section 12.1.

In the preceding 12 months, we have collected the following categories of personal information and used them for the stated business purposes:

We do not sell personal information and have not done so in the preceding 12 months.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete that data promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@radiusos.ai.

The Service may contain links to third-party websites or services (e.g., LinkedIn profiles, company websites stored in your CRM). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last updated” date at the top of this page.
• Notify you via email or an in-app notification if the changes are significant.
• Post the updated policy on this page.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

For GDPR-related inquiries, you may also contact our data protection point of contact at privacy@radiusos.ai.