Retrograde
...

Privacy Policy

Last updated: January 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we keep it safe. We've tried to keep it readable—no one likes wading through legal jargon.

Questions? Just email us. We're happy to explain anything that isn't clear.

1. Who We Are

Retrograde Technologies Limited builds tools for talent agencies and managers to handle the chaos of influencer marketing—inbox management, outreach, CRM, and automation, all powered by AI.

Questions? Reach us at support@getretrograde.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, agency/company name, profile photo
  • Creator Roster Data: Creator names, social handles, contact information, media kit details
  • Deal and Contract Information: Partnership terms, rates, deliverables, payment details, contracts
  • Brand and Client Data: Company names, contact persons, communication history
  • Content You Create: Email templates, signatures, outreach messages, notes
  • Payment Information: Billing details (we do not store full card numbers)
  • Communication with Us: Support inquiries, feedback, correspondence

2.2 Email Account Data (When You Connect Email)

When you connect Gmail or Microsoft Outlook accounts, we access:

  • Email Headers: Sender, recipient, subject, date, threading information
  • Email Content: Full email body text and HTML for processing
  • Attachments: Contracts, creative briefs, and other documents (PDFs, images, documents)
  • Labels and Folders: Email organization metadata
  • Draft Emails: Drafts we create on your behalf

How we use email data: Our AI reads your emails to categorize them, pull out deal info, and draft responses. This happens through secure third-party AI services.

2.3 Social Media Data

When creators connect social accounts or agencies invite creators to connect:

  • Profile Information: Username, display name, bio, profile photo, follower counts
  • Audience Analytics: Demographics, engagement rates, growth metrics
  • Content Performance: Post engagement, reach, impressions (where available)

We access this data through authorized third-party APIs. We do NOT access private messages, direct messages, or unpublished content.

2.4 Automatically Collected Data

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, clicks, navigation patterns
  • Session Recordings: Screen recordings of your interactions to improve UX
  • Error Data: Application errors, crash reports, performance data
  • Cookies and Tracking: Session cookies, authentication tokens, analytics identifiers

2.5 Data from Third-Party Integrations

When you connect third-party services, we may access and sync:

  • Airtable: Database records, tables, and fields you authorize
  • Notion: Pages, databases, and workspace data you authorize
  • Monday.com: Board data, items, and columns you authorize
  • Slack: Workspace ID, channel list for notifications
  • QuickBooks: Invoice and payment data you authorize

2.6 SMS and Messaging Data

When you use our messaging features:

  • Phone Numbers: Creator and contact phone numbers for messaging
  • Message Content: SMS and iMessage content sent and received
  • Delivery Status: Message delivery confirmations and read receipts

2.7 Data from Brand Research

For outreach campaigns, we research publicly available information about brands, including:

  • Company descriptions and bios from public sources
  • Recent news, product launches, and campaigns
  • Publicly listed contact information

3. How We Use Your Data

3.1 Providing and Improving Services

  • Processing and categorizing emails using AI
  • Generating draft email responses and outreach content
  • Managing your CRM, deals, and pipeline
  • Syncing data with connected third-party platforms
  • Processing payments and managing subscriptions
  • Providing customer support

3.2 AI and Machine Learning

  • Training and improving our AI models for email classification and response generation
  • Analyzing documents (contracts, briefs) for relevant information extraction
  • Generating personalized outreach emails using AI
  • Calculating rates and providing negotiation assistance

About AI processing: To power features like email drafting and document analysis, your data is processed through third-party AI services. We've configured these to minimize data retention wherever possible.

3.3 Analytics and Service Improvement

  • Understanding how users interact with our Services
  • Identifying and fixing bugs and errors
  • Improving user experience based on usage patterns
  • Session replay analysis to optimize workflows

3.4 Communications

  • Sending transactional emails (account verification, password resets, receipts)
  • Notifying you of important service updates
  • Sending optional marketing communications (with your consent)

3.5 Legal and Security

  • Preventing fraud and unauthorized access
  • Complying with legal obligations
  • Enforcing our Terms of Service
  • Protecting our rights and the safety of users

❌ We do NOT sell your personal data to third parties.

4. Lawful Basis for Processing (GDPR)

For users in the UK, EU, and EEA, we process personal data based on the following legal grounds:

  • Performance of Contract: Processing necessary to provide the Services you've requested
  • Consent: For email inbox access, social media connections, optional marketing, and session recording
  • Legitimate Interests: Analytics, fraud prevention, security, product improvement, where these don't override your rights
  • Legal Obligation: When required to comply with laws (e.g., tax records, regulatory requests)

You may withdraw consent at any time by disconnecting integrations or contacting us.

5. Data Sharing and Third-Party Processors

We share data with the following categories of recipients:

5.1 Service Providers (Data Processors)

We work with trusted third-party service providers to operate our Services. These providers process data on our behalf for purposes including:

  • Cloud Infrastructure: Database hosting, application hosting, content delivery
  • Email Services: Email API integration for inbox access
  • AI Processing: Large language models for content generation, classification, and analysis
  • Payment Processing: Subscription billing and transaction processing
  • Analytics: Usage analytics and product improvement
  • Error Monitoring: Application performance and bug tracking
  • Messaging: SMS and messaging delivery services
  • Data Enrichment: Brand information and contact lookup services

All service providers are bound by data processing agreements and are required to protect your data in accordance with applicable privacy laws.

5.2 Connected Integrations (At Your Direction)

When you connect third-party integrations, data is synced to those platforms according to your configuration:

  • Airtable, Notion, Monday.com (CRM data sync)
  • Slack (notification delivery)
  • QuickBooks (invoice and payment sync)

5.3 Legal and Safety

We may disclose data:

  • When required by law, regulation, or legal process
  • To protect rights, property, or safety of Retrograde, users, or others
  • To investigate suspected violations of our Terms
  • In connection with a merger, acquisition, or sale of assets

6. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States, United Kingdom, and European Union. Our service providers operate globally.

We ensure adequate protection for international transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA) where required
  • Adequacy decisions where applicable
  • Binding Corporate Rules with applicable providers

7. How We Protect Your Data

Security is a priority. Here's what we do:

  • All data is encrypted, both stored and in transit (TLS/HTTPS)
  • Sensitive credentials use strong AES-256-GCM encryption
  • Role-based access controls limit who sees what
  • Regular security reviews and vulnerability checks

That said, no system is 100% bulletproof—we do our best to keep things locked down, but please keep your own credentials secure too.

8. How Long We Keep Data

We keep your data as long as you have an active account, plus whatever's needed for legal or tax purposes. Here's a rough breakdown:

  • Account info: While you're active, plus 90 days after you delete
  • Emails: Deleted within 30 days of disconnecting your inbox
  • Creator data: Removed when they disconnect or leave your agency
  • Transaction records: 7 years (required for taxes)
  • Analytics & recordings: A few months for debugging and improvement

When we don't need data anymore, we securely delete or anonymize it.

9. Your Privacy Rights

You have control over your data. Depending on where you're located, here's what you can do:

9.1 GDPR Rights (UK, EU, EEA)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent at any time
  • Automated Decision-Making: Not be subject to decisions based solely on automated processing

9.2 California Rights (CCPA/CPRA)

California residents have additional rights:

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

9.3 Brazil Rights (LGPD)

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD), including:

  • Confirmation of the existence of processing
  • Access to personal data
  • Correction of incomplete, inaccurate, or out-of-date data
  • Anonymization, blocking, or deletion of unnecessary or excessive data
  • Portability of data to another service provider
  • Information about sharing with third parties
  • Revocation of consent

9.4 Canada Rights (PIPEDA)

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including:

  • Right to access personal information held about you
  • Right to challenge the accuracy and completeness of information
  • Right to withdraw consent (subject to legal or contractual restrictions)
  • Right to lodge a complaint with the Privacy Commissioner of Canada

9.5 Australia Rights (Privacy Act)

Australian residents have rights under the Privacy Act 1988 and Australian Privacy Principles (APPs), including:

  • Right to know what personal information is collected and why
  • Right to access personal information held about you
  • Right to request correction of inaccurate information
  • Right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

9.6 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing requests.

You also have the right to lodge a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO)
  • EU: Your local supervisory authority
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
  • Canada: Office of the Privacy Commissioner of Canada
  • Australia: Office of the Australian Information Commissioner (OAIC)

10. Cookies and Session Recordings

We use cookies to keep you logged in and understand how people use the app. We also record sessions to debug issues and improve the experience—form inputs are masked so we don't see sensitive data.

You can manage cookies in your browser settings, but turning off essential ones might break things.

11. Children's Privacy

Retrograde is designed for adults (18+). We don't knowingly collect data from minors. If you think a child has signed up, let us know at support@getretrograde.com and we'll remove their data.

12. Third-Party Services

Retrograde connects with other services (email providers, CRM tools, etc.). Those services have their own privacy policies—we can't control how they handle your data once it's in their systems.

13. Policy Updates

We might update this policy occasionally. If we make meaningful changes, we'll let you know via email or a notice in the app. The "Last updated" date at the top will always reflect the current version.

14. Questions?

If you have questions about this policy or how we handle your data, just reach out:

Retrograde Technologies Limited
Email: support@getretrograde.com

We aim to respond within 30 days.