Updated: May 2026

Privacy policy.

How AutoLeads collects, uses and protects your personal data, and how to exercise your rights under the GDPR.

Privacy Policy (GDPR)

Last updated: May 2026

This Privacy Policy explains how Grezy Software (“we”, “us”, “our”) collects and processes personal data when you use our websites and platforms, including AutoClaude and AutoLeads (the “Service”).

1) Data controller

The data controller is Grezy Software.

Contact: contact@grezy.org

Registered address: France (full address available on request).

2) Personal data we process

Depending on how you use the Service, we may process:

  • Account data: email, first name, last name, profile information.
  • Usage data: technical logs, IP address, session identifiers, pages viewed, navigation events.
  • Communications: messages to support and any attachments.
  • Service emails: data strictly necessary to send emails (e.g., email address, sending/deliverability metadata).
  • Billing data: payment and invoicing-related data (we do not store full payment card details).
  • AutoClaude operational data: prompts, project metadata, tool outputs, and run logs you send through the CLI.
  • AutoLeads campaign data: campaign keywords, target places, blocklists, delivered leads, and any integration tokens you connect (e.g., HubSpot).

3) Purposes and legal bases

  • Provide the Service (account, features, support): performance of a contract.
  • Customer relationship and support: performance of a contract / legitimate interests.
  • Service security (fraud prevention, anomaly detection, security logs): legitimate interests.
  • Billing and statutory obligations: legal obligation.
  • Analytics: legitimate interests and/or consent where required.

4) Where your data is stored

We host and store Service data in the European Union:

  • Application servers: Hetzner (Helsinki, Finland).
  • Database: Postgres, EU region.
  • File storage: S3-compatible storage, EU region.

We aim to keep processing within the EU. If a transfer outside the EU becomes necessary, we will implement appropriate safeguards as required by the GDPR (e.g., Standard Contractual Clauses) and inform you.

5) Third parties involved in the Service

Your data may be accessed:

  • Internally: by authorized Grezy staff, on a need-to-know basis.
  • By our processors (depending on the product):
    • Hetzner Online GmbH (application hosting in Helsinki).
    • Postgres and object-storage providers (EU region).
    • Stripe (payments).
    • Resend (transactional and service emails).
    • PostHog (product analytics, EU region).
    • GitHub (source code hosting and version control).
    • Anthropic (Claude API and Claude subscriptions used by AutoClaude agents on your behalf).
    • HubSpot (only if you explicitly connect your account, to push AutoLeads results into your CRM).

We select providers that offer adequate safeguards and we put in place processor agreements where required.

6) AutoLeads: third-party data and your obligations

AutoLeads compiles publicly available business information (website, phone, address) to deliver leads to you. You become a data controller for any personal data you use for outreach. You are responsible for ensuring your outreach complies with applicable laws (GDPR, ePrivacy, CAN-SPAM, etc.), including honoring opt-outs.

7) Retention

  • Account data: for the lifetime of the account, then deleted/anonymized after closure, subject to legal obligations.
  • Project / campaign data: for the lifetime of the account, then deleted after closure following a grace period.
  • Billing data: retained as required by law (e.g., accounting).
  • Technical/security logs: retained for a limited period unless needed for security.

8) Security

We implement appropriate security measures, including:

  • access control and least-privilege permissions;
  • encryption in transit (HTTPS/TLS);
  • monitoring and incident prevention measures;
  • backups and recovery procedures.

No system is completely secure; we cannot guarantee absolute security, but we strive to reduce risks as much as possible.

9) Cookies and analytics

We use analytics technologies to understand Service usage and improve it. Depending on configuration, some analytics tools can operate without cookies, or may require your consent. When consent is required, we implement an information/consent mechanism.

10) Your rights (GDPR)

You have the following rights: access, rectification, erasure, restriction, objection, portability (as applicable).

To exercise your rights: contact@grezy.org.

You may also lodge a complaint with the CNIL (France).

11) Updates to this policy

We may update this policy. The last updated date appears at the top of this page. If changes are material, we may notify you through the Service.