Privacy Policy

Allocator One GmbH is the data controller responsible for the processing of personal data described in this policy. We take the protection of your personal data very seriously and process it in accordance with applicable data protection laws. If you have questions about this notice or how we handle your data, please reach out via the contact options provided on our website or within the Allocator One application. When you visit our website or use the Allocator One application, we collect various personal data. The sections below detail what information we collect, how and why we process it, and how you can control your data.

We collect personal data when you interact with our website or app. This includes data you actively provide to us and data collected automatically:

• Data You Provide: When you create an Allocator One account, fill out a contact form, or communicate with us (e.g. by email, telephone, or fax), you may give us personal information such as your name, email address, phone number, or other details related to your request. We process this data to fulfill the purpose for which you provided it (for example, to respond to your inquiry or to provide the services you requested). We do not share this data with third parties without your consent, except as described in this policy.

• Data Collected Automatically: When you visit our website or use our app, our IT systems may collect technical data automatically. This includes information such as your browser type and version, operating system, referrer URL (the page you visited before ours), the date and time of access, your device's host name and IP address, and similar technical identifiers. This technical information is collected to ensure the proper functioning and security of our website and services. For example, server logs record these details to help us diagnose issues and protect against misuse. We may also use this data to analyze how users navigate our site or app (in an aggregated, non-identifying way) so we can improve user experience. This technical data (often collected in server log files) is processed based on our legitimate interest in maintaining a secure, efficient service (Art. 6(1)(f) GDPR).

• Cookies and Tracking: Our website uses cookies and similar technologies to enhance your experience and analyze usage. Some cookies are essential for the site to function (e.g. for keeping you logged in), while others (used with your consent) help us understand traffic or remember your preferences. For more details on cookies and how to manage them, please see our Cookie Policy or relevant sections below.

As part of the Allocator One application, we offer features that integrate with Google services, specifically your Gmail account. If you choose to connect your Google account with Allocator One, our app will request access to certain Google user data in order to provide you with the intended functionality. We use Google's OAuth 2.0 protocol to obtain your permission for this access, and we will only retrieve and use your Google data with your explicit consent.

What Google User Data We Access: When you link your Google account (for example, to use Gmail features within our app), Allocator One will access data from your Gmail on your behalf. This may include your email messages and associated information such as email addresses of senders and recipients, subject lines, timestamps, email bodies, and attachments in your Gmail account. We access this data only to the extent necessary to provide the specific features and services of our application that you have elected to use. We do not collect any Google user data beyond what is needed for those features, and we do not access any other data from your Google account (for instance, we do not view your Google Drive files, contacts, or other Google account data unless explicitly stated and authorized by you).

How We Use Google User Data: Any Gmail data we access is used strictly to provide you with functionalities within the Allocator One app. For example, if Allocator One offers the ability to view or organize your emails, we will retrieve your relevant Gmail messages and display them to you in the app; or if the app allows you to send emails or create content based on your emails, we will use the necessary Gmail data to perform those actions at your request. We use your Google data solely to deliver the services and features you have requested – in other words, to operate and improve Allocator One's user-facing features that involve your Gmail content. We do not use data from your Gmail for any other purposes outside of our application's core functionality. In particular, we will never use your Gmail information for marketing or advertising, profiling you, or for any purposes unrelated to providing the Allocator One service to you.

Sharing and Disclosure of Google User Data: We do not share, transfer, or disclose any data obtained from your Google account to any third party except in very limited circumstances: (1) if you explicitly direct or consent to us sharing specific data (for example, if you use a feature to intentionally share an email or content with someone else, or export data to another service, we will do so only with your instruction); or (2) if we are legally required to disclose the data (for instance, to comply with a valid court order or regulatory demand). Internally, access to your Google data is restricted to authorized Allocator One personnel or contractors who need it to operate and maintain the service, and who are bound by strict confidentiality and data protection obligations. We also want to clarify that we do not sell your Google user data, and we do not disclose it for any purposes other than those necessary to serve you as described. Your Gmail data remains within the Allocator One system under your control.

Data Retention and Deletion (Google User Data): We retain data fetched from your Google account only for as long as necessary to fulfill the purposes for which you granted access. This generally means that your Gmail data is stored on our systems only while your Allocator One account is active and you continue to use the Google-integrated features. If you disconnect or revoke Allocator One's access to your Google account, or if you delete your Allocator One account, we will cease accessing your Google data and will delete the Google user data we have stored (subject to any legal obligations to retain certain data). You also have the ability to delete specific Google-sourced content through the Allocator One app (for example, you might remove an imported email or attachment), and you may request full deletion of all Google data we hold about you at any time by contacting us. Upon such a request, we will delete the data from our servers unless we are required by law to keep it. In summary, we store your Google-sourced personal information only as long as needed to serve you and as permitted by you. When it is no longer needed (or when you ask us to), we will delete it securely.

Data Security for Google User Data: We apply high security standards to all personal data in our custody, including Google user data. All communication between the Allocator One app and Google's servers is encrypted via HTTPS (SSL/TLS), which prevents unauthorized parties from intercepting the data in transit. Any Google data stored on our systems is protected by robust access controls and encryption measures. We limit access to your Google data strictly to personnel and processes that require it to operate the service for you. In addition, we regularly review our information security practices to guard against unauthorized access or disclosure. In plain terms, we use industry-standard security practices (encryption, access control, etc.) to keep your Google data safe within Allocator One.

By using the Google integration features of Allocator One, you consent to our access and use of your Google user data as described above. We will notify you of any important changes to how we handle Google data via updates to this Privacy Policy or through in-app notifications.

We process your personal data for the following purposes, and pursuant to the legal bases defined by applicable law (such as the EU General Data Protection Regulation, GDPR):

• Providing and Improving Our Services: We use your data to operate Allocator One and provide the features and services you expect. For example, we process login credentials to authenticate you, and we use technical information to ensure our website and app display correctly on your device. We also collect certain data to maintain the security and integrity of our platform (such as monitoring for fraudulent or unauthorized activity). Additionally, understanding how users interact with our app (through analytics or feedback) helps us improve our product. The legal bases for these processing activities are typically performance of a contract (Art. 6(1)(b) GDPR) – since most data we collect is needed to deliver our services as per our user agreement – and our legitimate interests in operating a safe, efficient, and useful service (Art. 6(1)(f) GDPR). We ensure that our legitimate interests do not override your fundamental rights and freedoms by using data in a proportionate and privacy-conscious way (for instance, analyzing usage in aggregate form and securing data appropriately).

• Communication and Customer Support: If you contact us with questions, requests, or for support, we will use your provided information (like your contact details and the content of your request) to respond to you. We may also send you service-related communications (e.g. important account notices, security alerts, or updates about our terms or policies). These communications are considered part of our contractual obligations to you or are in our legitimate interest to effectively service our users. Promotional communications (such as newsletters or offers) will only be sent to you if you have opted in to receive them, in which case the legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent for marketing communications at any time (for example, by using the “unsubscribe” link in an email).

• Compliance with Legal Obligations: In certain cases, we may need to process personal data to comply with legal obligations, regulations, or court orders (Art. 6(1)(c) GDPR). For instance, we might retain transaction records for financial reporting or respond to legally binding requests from authorities. We will only disclose the data that is necessary and will ensure any request is legitimate before doing so.

We will not use your personal data for any purpose that is not disclosed in this Privacy Policy without your consent. Importantly, we do not use your personal data for selling to data brokers, for third-party advertising purposes, or for any profiling or analytics beyond what is needed to provide and improve our own services.

We do not sell or rent your personal information to any third parties. In general, we will not share your personal data with anyone outside Allocator One and its direct service providers, except in the following circumstances:

• Service Providers (Processors): We may share data with trusted third-party companies that we engage to perform services on our behalf. These include, for example, cloud hosting providers (who store or process data for us), email delivery services (that help us send communications to you), analytics providers (that help us understand how our product is used), or other IT and security service providers. These parties act under strict contracts as our data processors. They are only permitted to process your data for our specified purposes and in line with our instructions, and they are obligated to keep your data confidential and secure. Sharing information with such partners is done to support the functionality of Allocator One and provide our services to you. We ensure that these providers have appropriate data protection measures in place.

• With Your Consent or At Your Direction: We will share your information with external parties if (and only if) you have explicitly instructed us to do so, or have given us your clear consent. For example, if Allocator One allows you to export or sync your data to another platform, we will do so only when you initiate that action. Similarly, if you ask us to refer you to a partner or you integrate Allocator One with another service, we will share data as needed and as authorized by you. In these cases, you will typically be informed of what information will be shared and with whom, and we will proceed only with your approval.

• Legal Obligations or Protection of Rights: We may disclose personal data to third parties if we are required to by law or if such action is necessary to: (i) comply with a legal obligation, process, or request (e.g. responding to a court order, law enforcement inquiry, or regulatory requirement); (ii) enforce our terms of service or other agreements; or (iii) protect the rights, property, or safety of Allocator One, our users, or the public. This could include exchanging information with law enforcement or other authorities for fraud prevention or investigation. In any case, we will only disclose the minimum data necessary and will ensure there is a valid legal basis for the disclosure.

Aside from the circumstances above, your data will not be shared with third parties. Notably, any data from your Google account that we access through the Allocator One app is treated with even stricter non-disclosure: as explained in the “Google User Data” section, we do not disclose your Google-derived information to any third party unless you direct us to or we are compelled by law.

Allocator One is based in the European Union (our headquarters are in Austria). However, some of the personal data we collect may be processed by third-party service providers in other countries, including outside the European Economic Area (EEA). For example, if we use a cloud server or email service located in the United States or another country, or if we integrate with Google's systems, your data may be transferred to and stored/processed in that country.

When personal data is transferred to a country outside the EU/EEA that may not have the same level of data protection as within Europe, we take steps to safeguard your privacy. These measures include:

• EU Standard Contractual Clauses: We sign standard data protection clauses (approved by the European Commission) with non-EU service providers to contractually require that your data receives an equivalent level of protection as it would under EU law.

• Privacy Frameworks: Where applicable, we ensure our partners are certified or comply with recognized data protection frameworks (for instance, adherence to the EU-U.S. Data Privacy Framework, or any successor mechanism, for transfers to the United States).

• Your Consent in Specific Cases: In the event we ever need to transfer data to a new third country and no other legal safeguard is available, we would do so only with your informed consent (Art. 49(1)(a) GDPR).

Despite these safeguards, please note that when data is stored or processed in another country, it may be subject to the laws of that jurisdiction (for example, data in the U.S. might be accessible to government authorities under U.S. law). No matter where your data is processed, we will take appropriate measures to protect it in line with this Privacy Policy. You can contact us if you have questions about our international data transfer practices.

We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Some of the key security practices we follow include:

• Encryption: All data transmitted between your browser or app and our servers is secured using SSL/TLS encryption. You can verify this by noting the “https://” at the beginning of our website URL and the lock icon in your browser's address bar. Encryption in transit helps ensure that no one can eavesdrop on your communications with our service. We also employ encryption at rest for sensitive data stored in our databases, adding an extra layer of protection in case of any unauthorized access to our storage.

• Access Controls: We restrict access to personal data strictly to employees and contractors who need that information to operate, develop, or support our services. These individuals are bound by confidentiality obligations and are subject to discipline (including termination or legal action) if they fail to meet these obligations. Within our organization, access to sensitive information is controlled and logged.

• Monitoring and Testing: We maintain appropriate technical and organizational measures to prevent security breaches. Our systems are protected by firewalls and regularly updated to patch vulnerabilities. We periodically test and evaluate the effectiveness of our security measures. In addition, we have a data breach response plan to handle any incidents swiftly and transparently, in accordance with applicable laws.

While we strive to protect your information with high standards, it's important to note that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continuously improve our security practices to mitigate risks, and if we become aware of a data breach that affects your personal data, we will inform you and the relevant authorities as required by law.

As an individual using Allocator One and our services, you have certain rights regarding your personal data. We respect your rights and have processes in place to help you exercise them. Below is a summary of your key data protection rights:

• Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional profile information or receiving marketing emails), you have the right to revoke that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before your withdrawal. It will, however, mean that we stop the specific processing that was based on consent. For instance, if you consented to receive a newsletter, you can opt out later and we will cease sending it.

• Right to Object to Processing: You have the right to object to the processing of your personal data in certain circumstances. If we are processing your data based on our legitimate interests (Art. 6(1)(f) GDPR), you can object on grounds relating to your particular situation. We will stop or restrict processing unless we have compelling legitimate grounds that override your rights. You always have the right to object to direct marketing processing.

• Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to access that data and be informed about details of the processing. Upon request, we will provide you with a copy of the personal data we have about you along with details such as the purposes of processing, the categories of data, the recipients to whom the data has been disclosed, and the applicable retention period.

• Right to Rectification: You have the right to correct inaccurate personal data we hold about you, and to have incomplete data completed. If you become aware that the information you provided to us is no longer up to date or is incorrect, please let us know and we will rectify it without undue delay.

• Right to Erasure (“Right to be Forgotten”): You have the right to request deletion of your personal data in certain circumstances. This includes situations where the data is no longer necessary, you withdraw consent, you object to processing, or the data has been processed unlawfully. Please note that this right is not absolute – sometimes we may have lawful grounds to retain some data.

• Right to Restriction of Processing: You have the right to ask us to limit or “freeze” the processing of your personal data in certain situations, such as when you contest accuracy or have objected to processing.

• Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract with you, you have the right to receive that data in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another data controller, where technically feasible.

• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to file a complaint with a supervisory authority. In Austria you can contact the Österreichische Datenschutzbehörde (Austrian Data Protection Authority). We would appreciate the chance to address your concerns directly first.

Exercising Your Rights: You can exercise any of the above rights by contacting us via the contact information provided in this Privacy Policy. We will respond to your request as soon as possible, and at the latest within one month for GDPR requests, with the possibility of an extension in complex cases. There is no fee for exercising your rights.

We may use third-party analytics and advertising tools on our website to better understand user behavior and to promote our services. These tools might utilize cookies or similar technologies to collect information about your website usage over time. Any analysis of browsing patterns is typically done in aggregate form.

If you prefer not to have your browsing on our site associated with your personal information for marketing purposes, you have options to opt out:

• You can opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any promotional email, or by adjusting your communication preferences in your Allocator One account settings.

• You can configure your browser to block third-party cookies or use browser extensions to block tracking scripts. Please note that completely blocking cookies might affect the functionality of our site.

Importantly, none of the data we use for third-party analytics or marketing is derived from your Google account integration. We do not use any Gmail or Google-provided data for advertising or share it with advertising partners.

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When we no longer have a lawful reason to keep your personal data, we will securely erase or anonymize it.

We may update this Privacy Policy from time to time to reflect changes in our practices, to clarify our policies, or to ensure compliance with legal requirements. When we make material changes, we will provide a prominent notice. The “last updated” date above will always indicate when the latest changes were made. Your continued use of Allocator One after any update will constitute your acknowledgment of the changes and agreement to be bound by the updated Policy.