Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how Retilo("we", "us", "our") collects, uses, stores and protects information when you use our website (https://retilo.io), our web dashboard, the Retilo Business app and the Retilo consumer app (together, the "Services"). By using the Services you agree to this policy.

1. Information we collect

Information you give us

  • Account details — name, email address and password (or Google sign-in) when you register a merchant account.
  • Business details — business name, category, address, location coordinates, opening hours, services/offerings, menus and pricing you add to your profile.
  • Customer records you manage — names, phone numbers and notes of your customers that you store in Retilo (you are responsible for having the right to store them).
  • Booking details — name, phone number and an optional note when a consumer books an appointment with a business on Retilo.

Information from connected services (with your consent)

  • Google Business Profile data — when you connect your Google account, we access your business locations, reviews, performance metrics and posts so we can display analytics and publish replies/posts on your behalf.
  • Integration data — order, payment and appointment events from systems you explicitly connect (e.g. POS, delivery platforms, payment gateways).
  • Call data — if you enable the AI phone receptionist, call recordings, transcripts and summaries of calls answered for your business.

Information collected automatically

  • Device and usage data (IP address, browser/app version, pages visited) used for security, debugging and analytics.
  • Approximate or precise location in the consumer app — only with your permission, to show stores near you.

2. Google user data — Limited Use disclosure

Retilo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google Business Profile data to provide the features you see in Retilo: review management and replies, analytics dashboards, posts, and location settings.
  • We do not sell Google user data, use it for advertising, or transfer it to third parties except as needed to provide these features or as required by law.
  • Humans do not read this data except with your explicit consent, for security purposes, to comply with law, or in aggregated/anonymised form.
  • You can disconnect your Google account at any time from the dashboard, which revokes our access. You can also revoke access from your Google Account permissions page.

3. How we use information

  • To provide, maintain and improve the Services.
  • To generate analytics, growth reports, demand forecasts and AI-assisted suggestions for your business.
  • To answer calls, take bookings and reply to reviews on your behalf — only where you have enabled those features.
  • To list your business in the Retilo discovery feed if you choose to be listed.
  • To communicate with you about the Services and support requests.
  • To detect abuse, secure the platform and comply with law.

4. What we do not do

  • We do not sell your personal data or your customers' data.
  • We do not use your private business data to advertise to others.
  • We do not share data between businesses except in aggregated, anonymised form (for example, neighbourhood-level demand signals).

5. Sharing

We share data only with:

  • Service providers who process data on our behalf (cloud hosting, AI model providers, telephony/voice infrastructure, analytics) under contractual confidentiality.
  • Other users, as designed— e.g. your public store profile, offerings and hours are visible to consumers; a booking customer's name/phone is visible to the business they booked.
  • Authorities when required by applicable law.

6. Data retention & deletion

We retain data while your account is active. You may request deletion of your account and associated data at any time by emailing satwik@retilo.io. We delete or anonymise data within 30 days of a verified request, except where retention is legally required. Disconnecting an integration stops new data collection from that source immediately.

7. Security

Data is encrypted in transit (HTTPS/TLS) and at rest. Access tokens for connected services are stored encrypted, scoped to the minimum permissions needed, and never exposed to your browser or other users.

8. Children

The Services are intended for users aged 18 or older. We do not knowingly collect data from children.

9. Changes

We may update this policy and will post the new version here with an updated date. Material changes will be notified in-app or by email.

10. Contact

Questions or requests: satwik@retilo.io · Hyderabad, Telangana, India