1. Introduction
Calios Group operates private business management applications (collectively "the Applications"), including Calios OS accessible at calios.de. This Privacy Policy explains how we handle data. The Applications are not offered to the general public.
2. Data controller
Calios Holding GmbH · Schünemannweg 18 · 12247 Berlin · Germany
Managing Director: Constantinos Calios
Email: management@calios.de
Managing Director: Constantinos Calios
Email: management@calios.de
3. Data we process
Account data — email address and authentication credentials via Supabase Auth.
Google Workspace data — email messages and metadata (Gmail API), calendar events (Google Calendar API), and files (Google Drive API). Accessed with explicit OAuth consent and used solely within the Applications.
Financial data — bank transactions imported from local banking software.
Application data — projects, tasks, contacts, documents, and other content created within the Applications.
Google Workspace data — email messages and metadata (Gmail API), calendar events (Google Calendar API), and files (Google Drive API). Accessed with explicit OAuth consent and used solely within the Applications.
Financial data — bank transactions imported from local banking software.
Application data — projects, tasks, contacts, documents, and other content created within the Applications.
4. Purpose of processing
All data is processed exclusively to provide the Applications' features: email and calendar synchronization, document management, financial categorization and reporting, project management, and AI-assisted analysis.
5. Google API Services — Limited Use
The Applications' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we only use Google data to provide the described features; we do not transfer Google data to third parties except as required by law; we do not use Google data for advertising; we do not allow humans to read Google data except with explicit consent, for security, or to comply with law.
6. Storage & security
Data is stored in a Supabase-hosted PostgreSQL database (EU — Frankfurt, Germany) with row-level security. OAuth tokens are encrypted at rest (AES via pgcrypto). Hosting via Vercel (HTTPS enforced). Infrastructure at Hetzner, Germany.
7. Third-party services
Supabase (database, auth — EU), Vercel (hosting), Google APIs (Gmail, Calendar, Drive — with OAuth consent), Anthropic (AI features), Cloudflare (DNS), Hetzner (infrastructure). No data is sold or shared for advertising.
8. Retention
Data is retained for as long as the Applications are in use. Google data can be deleted from the Applications at any time without affecting originals in Google services. OAuth access can be revoked at Google Account permissions.
9. Your rights
Under GDPR, you have the right to access, rectification, erasure, restriction of processing, and data portability. Contact: management@calios.de
10. Changes
This policy may be updated. The current version is always at calios.de/privacy.