Lois Tech, Inc. Privacy Policy

Last Updated: July 4th, 2026

Welcome to Lois Tech, Inc. (“Lois Tech”, “HeyLois”, “we”, “us”, or “our”). HeyLois integrates with your Google account to read your Google Calendar events and your saved Google Contacts so we can build your contact list, score the strength of your relationships, and enrich each contact’s profile — helping you stay connected with the people you know. We do not read, download, or process the content of your email messages, and we do not access your Gmail inbox. We send email only when you explicitly choose to send an introduction from within HeyLois. This Privacy Policy explains how we collect, disclose, and otherwise process personal data when you use our website (the “Site”), mobile application (the “App”), and all related services provided by Lois Tech (collectively, the “Service”), as well as your choices regarding our data practices.

1. Personal Data We Collect

Personal Data You Provide

When you interact with our Service, you may provide us with:

  • Your contact details, such as your name, email address, and phone number when registering or communicating with us.
  • Payment information when you enroll in one of our plans or otherwise make a purchase. Payment processing is handled by our third-party provider, Stripe. For more details, please refer to Stripe’s Privacy Policy.
  • Any additional information you submit via forms, support requests, or other communications.

Google Calendar and Contacts

To deliver our Service, and only with your authorization, we read your Google Calendar events and your saved Google Contacts. From your Calendar we use event details — attendees, dates and times, frequency, and duration — to build your contact list, to score the strength of each relationship (such as time since you last met, number of meetings, and whether meetings were one-on-one or in groups), and to enrich each contact’s profile. From your saved Google Contacts we recognize the people already in your address book as part of your network. We do not read, download, or store the content of your email messages, and we do not read your email subjects, headers, or metadata. We use this information solely to provide these features to you, and we never use it for marketing or advertising purposes.

Sending Introductions on Your Behalf

When you explicitly choose to send an introduction from within HeyLois, we send that email on your behalf, from your own Google address, using the Gmail send permission you granted. Nothing is ever sent without an explicit action by you, and we never read your mailbox to do so.

Automatically Collected Data

When you access or use our Service, we and our service providers may automatically log information such as:

  • Log data (e.g., IP address, browser type, and access times).
  • Device information (e.g., operating system and device type).
  • Usage data regarding your interaction with our Site and App.

Third-Party API Data

Data received from Google APIs is managed in strict adherence to the Google API Services User Data Policy, including its Limited Use requirements. The Google user data we access — your Calendar events and your saved Contacts — is stored securely, used only to provide the user-facing features described in this policy to you, and is never sold or used for advertising. We transfer this data only as necessary to provide or improve those features, to comply with applicable law, or in connection with a merger, acquisition, or sale of assets (with notice to you). We do not allow humans to read your Google user data except where you give us affirmative consent, where it is necessary for security purposes or to comply with applicable law, or where the data has been aggregated and anonymized. When we process your Calendar- and Contacts-derived data through our AI/LLM sub-processors (e.g., OpenAI, Google Vertex AI / Gemini, and Groq), please note the following:

AI Sub-Processor Data Usage: Our AI/LLM sub-processors — OpenAI, Google Vertex AI / Gemini, and Groq — are permitted to use your data solely to provide the HeyLois features described in this policy. They are not permitted to use your data to train or improve their own models, and any Google user data, or data derived from it, that we share with them remains subject to Google’s Limited Use requirements and is never used for advertising. For example, data sent to the OpenAI API is not used to train or improve OpenAI models; to help identify abuse, API data may be retained for up to 30 days and then deleted unless otherwise required by law, and zero-data-retention handling — where request and response bodies are never persisted and exist only in memory to serve the request — may be applied to sensitive data. More details are available on OpenAI’s documentation.

2. How We Use Your Personal Data

We use your personal data to:

  • Provide, maintain, and improve our Service.
  • Authenticate and support your use of the Service.
  • Process your Calendar and Contacts data via our AI sub-processors (OpenAI, Google Vertex AI / Gemini, and Groq) to build your contact list and enrich contact profiles, and to analyze relationships between contacts in order to determine if two individuals are a match to be connected.
  • Communicate with you about service-related updates and support.
  • Comply with legal obligations and protect our rights.

3. Data Retention and Deletion

We do not store the content of your email messages. For the Service to work, we retain the contact and relationship signals we derive from your Google Calendar and Contacts — such as your contact list, the meeting history used for relationship-strength scores, and the enriched contact profiles we build for you — for as long as your account is active. When you delete your account or ask us to delete your data, we permanently remove this derived data, except where we are required to retain it by law.

4. How We Disclose Your Personal Data

We may share your personal data with:

  • Service providers that assist in delivering our Service, including those that host, analyze, and process data.
  • Third-party providers, such as OpenAI and Google, to facilitate the processing of your Calendar- and Contacts-derived data and provide enhanced features, in accordance with their respective policies.
  • Legal authorities or other third parties as required by law or to protect our rights.

5. Use of Third-Party AI Technology

We leverage third-party AI technology to process the contact and relationship data we derive from your Google Calendar and Contacts for two primary purposes. First, our AI-driven systems build and enrich your contact list and contact profiles from your Calendar events and saved Contacts. Second, our AI analyzes the relationships between contacts to determine if two individuals are a match and should be connected. Our trusted AI/LLM partners — OpenAI, Google Vertex AI / Gemini, and Groq — are permitted to use this information solely to deliver these HeyLois features and are not allowed to use your data to train their AI models or for any other purposes beyond operating our Service. Any Google user data, or data derived from it, that we share with these sub-processors is transferred only as necessary to provide these user-facing features, remains subject to Google’s Limited Use requirements, and is never used by those sub-processors for advertising or model training.

6. Your Privacy Rights and Choices

You have several choices regarding the personal data we collect and how it is used, including:

  • Accessing a copy of your personal data.
  • Requesting corrections or deletions of your personal data.
  • Opting out of marketing communications (although you may still receive essential service-related emails).

To exercise these rights, please contact us as described below.

7. Children's Privacy

Our Service is not directed to children who are under the age of 16. Lois Tech does not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to Lois Tech through the Service, please contact us and we will endeavor to delete that information from our databases.

8. Security

We have implemented industry-standard safeguards to protect your personal data from unauthorized access, alteration, or deletion. However, please note that no internet or email transmission is ever completely secure.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@loistech.com

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last Updated” date. Your continued use of the Service after any changes signifies your acceptance of the updated policy.

11. Links to Other Websites

The Service may contain links to third-party websites. We are not responsible for the privacy practices or the content of those websites. We encourage you to review their privacy policies before providing any personal data.

12. Product Analytics

We use PostHog (PostHog Inc., SOC 2 Type II) to measure how often features like our introduction tools are used. Analytics events are emitted from our servers, not from your browser — there is no analytics SDK in the page and no analytics entry in your browser's local storage.

One exception: when you arrive via a marketing/campaign link containing a ?ref= parameter (e.g. a referral or promotional link), we set a single first-party cookie on your device storing only the campaign name (e.g. "america250", no other data). If you sign in, we read it once to attach that campaign name to your analytics profile in PostHog, so we can measure which campaigns lead to signups. This cookie is never sent to or readable by any third party other than our own servers, and expires automatically after 30 days.

What we capture:

  • An intro_sent event when you successfully send an introduction, including the introduction type (direct-intro / parallel / sequential), the dispatch method (provider / mailto), and the surface that initiated it (single / bulk / quick).
  • An upload_completed event when you successfully import contacts (from a file, LinkedIn export, or similar), including how many contacts were added and an internal batch identifier for that import.
  • A kyc_completed event when you finish Stripe identity verification to receive payouts as a connector.
  • The campaign referral (ref) described above, if you arrived via a campaign link, attached to your analytics profile.
  • Your application user identifier, used as a stable distinct ID so we can answer questions like "how many distinct users sent an introduction this week."

What we never capture in analytics:

  • Names, email addresses, or any other contact details — yours or anyone you introduce.
  • The contents of introduction drafts, subject lines, or recipient lists.
  • Page views, page URLs, or browsing behavior on the site.
  • Your IP address. We instruct PostHog to discard IP at ingestion and do not forward it ourselves.
  • Session replays, screen recordings, autocaptured clicks, or form interactions.

Retention: analytics events are retained in PostHog for 30 days, after which they are automatically deleted.

Legal basis (UK / EU residents): we rely on Article 6(1)(f) of the UK / EU GDPR — our legitimate interest in understanding product usage to improve the Service. Our server-side analytics events (listed above) do not store anything on your device, so the UK's PECR (and the EU ePrivacy Directive) consent rules for cookies do not apply to them. The campaign-referral cookie described above IS stored on your device; we are reviewing whether PECR/ePrivacy consent requirements apply to it beyond this disclosure.

Opting out (Article 21 right to object): if you would prefer not to be included in product analytics, email privacy@heylois.com from your account email and we will exclude your account from analytics capture going forward.

Other third-party processors involved in operating the Service include: Google (sign-in, Calendar API, People/Contacts API, Gmail send), Microsoft (sign-in, Outlook), Stripe (payments and Connect onboarding), Resend (transactional email delivery), MongoDB Atlas (primary database), Neo4j Aura (relationship graph), OpenAI / Google Vertex AI / Gemini / Groq (AI processing of Calendar- and Contacts-derived data), and Google Cloud Platform (hosting). Each operates under its own privacy policy.

Hey Lois