CorrettoCorretto
Back to Home

Privacy Policy

Last updated: 27/01/2026

1. Introduction

This Privacy Policy explains how Corretto ("Corretto" or the "Provider") processes personal data through the Corretto B2B SaaS platform.

Corretto mainly acts as a Data Processor under Article 28 GDPR on behalf of its business customers.

2. Roles

  • Customers: Data Controllers
  • Corretto: Data Processor; independent Controller for administrative data
  • Sub-processors: Authorized technology providers

    • 3. Categories of Data

    Including but not limited to:

  • Identification and contact data
  • Business email content
  • Call transcriptions
  • Audio recordings (if enabled)
  • Calendars and metadata

    • 4. Purposes

  • Service provision
  • AI-powered communication management
  • Security and compliance

    • 5. Legal Bases

  • Contract performance
  • Legitimate interest
  • Legal obligations
  • Consent where required

    • 6. AI Processing

    AI systems support content analysis and automation under customer instructions. No solely automated decisions with legal effects are made.

    7. Data Retention

    Configurable by customers; default maximum retention applies.

    8. Security Measures

    Encryption, access controls, segregation, and audits are implemented.

    9. International Transfers

    Transfers outside the EEA rely on SCCs and supplementary safeguards.

    10. Data Subject Rights

    Exercised via the Data Controller. Corretto provides assistance.

    11. Contact

    Email: corretto.ai@gmail.com

    12. Google User Data Policy

    Corretto's use and transfer to any other app of information received from Google APIs will adhere to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

    Specifically:

  • Data Access: Upon user authorization, the application accesses Gmail data (read, send, manage drafts) and Google Calendar data (read, create events).
  • Use: This data is used exclusively to provide the analysis, response automation, and calendar management features requested by the user within the Platform.
  • Sharing: Data is not transferred to third parties except for essential service purposes (e.g., AI models), in compliance with Google's policies, and is never sold.
  • Advertising: Google User Data is not used for advertising purposes.