Relio

Privacy Policy

Your privacy matters. This policy explains what data we collect, how we use it, and the choices you have.

Last updated: March 9, 2026

1. Introduction

Relio ("we," "us," or "our") is a company incorporated in Delaware, USA. We operate the Relio commercial real estate CRM platform, including our website at reliocrm.com, mobile applications for iOS and Android, API services, and agent site subdomains (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Services. By accessing or using Relio, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password. We also collect your IP address and user agent string as part of session management and security.

2.2 CRM Data

You and your workspace members may enter, import, or enrich data within Relio. This includes but is not limited to:

  • Contacts: names, email addresses, phone numbers, physical addresses, social media profiles, job titles, notes, geographic coordinates, and related metadata.
  • Companies: company name, domain, address, phone, email, social links, employee count, funding information, and industry categories.
  • Properties: addresses, geographic coordinates, property type, pricing, parcel and MLS identifiers, zoning information, ownership details, tax history, and property characteristics.
  • Deals: deal name, stage, value, probability, and expected close date.
  • Tasks & Activities: task descriptions, statuses, priorities, due dates, activity logs (calls, meetings, emails, showings, offers, and notes).
  • Email Messages: email content sent through Relio, including sender, recipients, subject lines, and message bodies.

2.3 Files & Uploads

We store files you upload, including profile avatars, workspace logos, and file attachments associated with your records. File metadata (name, size, MIME type) is also retained.

2.4 AI Interactions

When you use Relio's AI features, we collect your conversation history, the AI model used, token usage counts, and any feedback you provide. AI interactions are processed to deliver responses and improve the service.

2.5 Usage & Analytics Data

We automatically collect information about how you interact with our Services, including pages visited, features used, browser type, device information, and referring URLs. We use PostHog for product analytics to understand usage patterns and improve our platform.

2.6 Payment Information

Payments are processed by our third-party payment provider, Polar.sh. We do not directly collect or store your credit card numbers or bank account details. We receive subscription status, plan information, and billing identifiers from our payment provider.

2.7 Agent Site Visitor Data

If you visit a Relio agent site (a public-facing property showcase page hosted on a subdomain of reliocrm.com), we may collect your name, email, phone number, and message content if you submit an inquiry form. Newsletter subscription emails are also collected when voluntarily provided.

2.8 User Preferences & Feedback

We store your application preferences (theme, font, layout settings, AI model preferences) and any feedback you submit, including descriptions, screenshots, and associated page information.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To operate, maintain, and provide the features and functionality of Relio, including CRM management, map views, deal pipelines, and data enrichment.
  • AI features: To process your queries, generate responses, and provide AI-powered enrichment, search, and insights.
  • Communications: To send transactional emails (account verification, password resets, workspace invitations), in-app notifications, and service-related announcements.
  • Analytics & improvement: To understand how our Services are used, identify trends, and improve the user experience.
  • Security: To detect, prevent, and address fraud, abuse, and security issues, including rate limiting and session management.
  • Billing: To manage your subscription, process payments through our payment provider, and enforce usage quotas.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Third-Party Services

We use the following third-party services to operate Relio. Each service has its own privacy policy governing how it handles data:

  • Polar.sh — Payment processing and subscription management.
  • PostHog — Product analytics and usage tracking.
  • OpenAI — AI-powered features and content generation.
  • Cloudflare R2 — File and image storage.
  • Resend — Transactional email delivery.
  • Mapbox — Interactive maps and geocoding.
  • PeopleDataLabs & Exa — Contact and company data enrichment.
  • Vercel — Application hosting and deployment.
  • Supabase — Database hosting (PostgreSQL).

Some workspace features allow you to provide your own API keys for third-party services (such as Regrid for parcel data or Smarty for address verification). When you supply your own keys, those third-party services process data according to their respective privacy policies.

5. Cookies & Tracking Technologies

We use the following cookies and tracking mechanisms:

  • Authentication cookies: Secure, HTTP-only session cookies to keep you signed in and maintain your session.
  • Workspace cookie: A cookie that stores your active workspace slug for navigation purposes.
  • UI preference cookies: Cookies that store interface preferences such as sidebar state.
  • Analytics (PostHog): Client-side analytics to understand product usage. PostHog may set its own cookies for session tracking and user identification.

We also collect your IP address and user agent as part of session records for security and fraud prevention purposes.

6. Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Within your workspace: Data you enter into Relio is accessible to other members of your workspace based on their role and permissions.
  • Service providers: With the third-party services listed in Section 4, strictly to provide and improve our Services.
  • Agent sites: If you publish an agent site, the information you choose to display (property listings, contact information) is publicly accessible.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction.
  • Protection of rights: To enforce our Terms of Service, protect the safety and security of our users, or protect our rights and property.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).

CRM data within a workspace is retained for the lifetime of the workspace. Workspace owners can delete records at any time. Workspace deletion will permanently remove all associated data.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption in transit (HTTPS/TLS) for all data transmitted between your device and our servers.
  • Secure, HTTP-only authentication cookies with SameSite protections.
  • Hashed API tokens for programmatic workspace access.
  • Encryption of third-party API keys stored in our system on your behalf.
  • Rate limiting on authentication endpoints to prevent brute-force attacks.
  • Role-based access controls within workspaces (owner, admin, member).

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

9.1 All Users

Regardless of your location, you may:

  • Access, update, or correct your account information through your Relio settings.
  • Delete your account by contacting us at legal@reliocrm.com.
  • Export your CRM data using our export features or by requesting a data export.
  • Opt out of non-essential analytics tracking.

9.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

9.3 European Economic Area & United Kingdom (GDPR)

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: The right to obtain a copy of your personal data.
  • Rectification: The right to correct inaccurate or incomplete data.
  • Erasure: The right to request deletion of your data ("right to be forgotten").
  • Restriction: The right to restrict processing of your data in certain circumstances.
  • Portability: The right to receive your data in a structured, machine-readable format.
  • Objection: The right to object to processing based on legitimate interests.
  • Withdraw consent: The right to withdraw consent where processing is based on consent.

Our legal bases for processing include: performance of a contract (providing the Services), legitimate interests (security, analytics, improving the Services), consent (where applicable), and compliance with legal obligations.

To exercise any of these rights, contact us at legal@reliocrm.com. We will respond within 30 days (or within the timeframe required by applicable law).

10. International Data Transfers

Relio is based in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States and potentially other countries where our service providers operate. By using our Services, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country of residence.

For EEA and UK users, we rely on Standard Contractual Clauses approved by the European Commission as a legal mechanism for data transfers where applicable.

11. Children's Privacy

Relio is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@reliocrm.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where required, providing additional notice (such as an in-app notification or email). Your continued use of the Services after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Relio

Delaware, USA

Email: legal@reliocrm.com