Lois Tech, Inc. Privacy Policy

Last Updated: May 12th, 2026

Welcome to Lois Tech, Inc. (“Lois Tech”, “HeyLois”, “we”, “us”, or “our”). HeyLois provides innovative solutions that integrate with your Gmail account by downloading your email content and processing it using OpenAI APIs to create a custom contact database of everyone you know and the things they care about. This Privacy Policy explains how we collect, disclose, and otherwise process personal data when you use our website (the “Site”), mobile application (the “App”), and all related services provided by Lois Tech (collectively, the “Service”), as well as your choices regarding our data practices.

1. Personal Data We Collect

Personal Data You Provide

When you interact with our Service, you may provide us with:

  • Your contact details, such as your name, email address, and phone number when registering or communicating with us.
  • Payment information when you enroll in one of our plans or otherwise make a purchase. Payment processing is handled by our third-party provider, Stripe. For more details, please refer to Stripe’s Privacy Policy.
  • Any additional information you submit via forms, support requests, or other communications.

Email Content

To deliver our Service, we download the content of emails from your Gmail account (“Email Content Data”). This information is processed exclusively to create your custom contact database. We do not use your email content for marketing or advertising purposes.

Automatically Collected Data

When you access or use our Service, we and our service providers may automatically log information such as:

  • Log data (e.g., IP address, browser type, and access times).
  • Device information (e.g., operating system and device type).
  • Usage data regarding your interaction with our Site and App.

Third-Party API Data

Data received from Google APIs is managed in strict adherence to the Google API Services User Data Policy. Similarly, when processing your email content through OpenAI APIs, please note the following:

OpenAI API Data Usage: As of March 1, 2023, data sent to the OpenAI API is not used to train or improve OpenAI models (unless you explicitly opt in to share data with us). To help identify abuse, API data may be retained for up to 30 days, after which it will be deleted (unless otherwise required by law). For trusted customers with sensitive applications, zero data retention may be available. With zero data retention, request and response bodies are not persisted to any logging mechanism and exist only in memory to serve the request. More details are available on OpenAI’s documentation.

2. How We Use Your Personal Data

We use your personal data to:

  • Provide, maintain, and improve our Service.
  • Authenticate and support your use of the Service.
  • Process your email content via OpenAI APIs to generate a custom contact database and to analyze relationships between contacts in order to determine if two individuals are a match to be connected.
  • Communicate with you about service-related updates and support.
  • Comply with legal obligations and protect our rights.

3. Data Retention and Deletion

Your email content and related personal data are stored only for the duration of processing—up to 48 hours—after which they are permanently deleted. This brief retention period is strictly limited to processing purposes and to ensure the proper functionality of the Service.

4. How We Disclose Your Personal Data

We may share your personal data with:

  • Service providers that assist in delivering our Service, including those that host, analyze, and process data.
  • Third-party providers, such as OpenAI and Google, to facilitate the processing of your email content and provide enhanced features, in accordance with their respective policies.
  • Legal authorities or other third parties as required by law or to protect our rights.

5. Use of Third-Party AI Technology

We leverage third-party AI technology to process your email content for two primary purposes. First, our AI-driven systems extract contact information from your emails to build and update your contact database. Second, our AI analyzes the relationships between contacts to determine if two individuals are a match and should be connected. Our trusted AI partners are permitted to use your information solely to deliver these features and are not allowed to use your data to train their AI models or for any other purposes beyond operating our Service.

6. Your Privacy Rights and Choices

You have several choices regarding the personal data we collect and how it is used, including:

  • Accessing a copy of your personal data.
  • Requesting corrections or deletions of your personal data.
  • Opting out of marketing communications (although you may still receive essential service-related emails).

To exercise these rights, please contact us as described below.

7. Children's Privacy

Our Service is not directed to children who are under the age of 16. Lois Tech does not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to Lois Tech through the Service, please contact us and we will endeavor to delete that information from our databases.

8. Security

We have implemented industry-standard safeguards to protect your personal data from unauthorized access, alteration, or deletion. However, please note that no internet or email transmission is ever completely secure.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@loistech.com

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last Updated” date. Your continued use of the Service after any changes signifies your acceptance of the updated policy.

11. Links to Other Websites

The Service may contain links to third-party websites. We are not responsible for the privacy practices or the content of those websites. We encourage you to review their privacy policies before providing any personal data.

12. Product Analytics

We use PostHog (PostHog Inc., SOC 2 Type II) to measure how often features like our introduction tools are used. Analytics events are emitted from our servers, not from your browser — there is no analytics SDK in the page, no analytics cookies, and no analytics entry in your browser's local storage.

What we capture:

  • An intro_sent event when you successfully send an introduction, including the introduction type (direct-intro / parallel / sequential), the dispatch method (provider / mailto), and the surface that initiated it (single / bulk / quick).
  • Your application user identifier, used as a stable distinct ID so we can answer questions like "how many distinct users sent an introduction this week."

What we never capture in analytics:

  • Names, email addresses, or any other contact details — yours or anyone you introduce.
  • The contents of introduction drafts, subject lines, or recipient lists.
  • Page views, page URLs, or browsing behavior on the site.
  • Your IP address. We instruct PostHog to discard IP at ingestion and do not forward it ourselves.
  • Session replays, screen recordings, autocaptured clicks, or form interactions.

Retention: analytics events are retained in PostHog for 30 days, after which they are automatically deleted.

Legal basis (UK / EU residents): we rely on Article 6(1)(f) of the UK / EU GDPR — our legitimate interest in understanding product usage to improve the Service. Because we do not store anything on your device for analytics purposes, the UK's PECR (and the EU ePrivacy Directive) consent rules for cookies do not apply.

Opting out (Article 21 right to object): if you would prefer not to be included in product analytics, email privacy@heylois.com from your account email and we will exclude your account from analytics capture going forward.

Other third-party processors involved in operating the Service include: Google (sign-in, Gmail API), Microsoft (sign-in, Outlook), Stripe (payments and Connect onboarding), Resend (transactional email delivery), MongoDB Atlas (primary database), Neo4j Aura (relationship graph), OpenAI / Google Vertex AI / Groq (AI processing of imported email content), and Google Cloud Platform (hosting). Each operates under its own privacy policy.