Relish Demand

Privacy Policy

Effective Date: 23 February 2026 Last Updated: 15 June 2026

1. Introduction

Welcome to Relish Demand. Relish Demand (“we,” “us,” or “our”) operates the Relish Demand platform and related services (collectively, the “Service”). Relish Demand is a sales intelligence platform that helps B2B revenue professionals research prospects, generate personalised outreach, prepare for meetings, and manage their sales pipeline.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. It applies to all users of the Relish Demand web dashboard (www.relishdemand.com), partner portal, and any associated APIs or integrations. Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

  • Name, email address, and profile information provided during registration
  • Google account information obtained through OAuth authentication
  • Company name, role, and business information
  • Subscription plan and billing information (processed by Stripe; we do not store full payment card details)

2.2 Google API Data

  • Gmail data: Email metadata and content accessed via Gmail API for AI-assisted email generation, reply suggestions, and sending emails on your behalf (with your explicit action)
  • Google Calendar data: Calendar events, meeting details, and attendee information accessed for meeting preparation, scheduling, and calendar sync features

2.3 Web & Public Data

  • Prospect and company information gathered from publicly accessible web sources
  • Data you input about prospects, companies, and deals within the Service

2.4 Knowledge Base & Content

  • Documents, files, and content you upload to your Knowledge Base
  • Company profiles, product information, and sales materials you provide
  • AI-generated embeddings and processed chunks derived from your uploaded content

2.5 Usage & Technical Data

  • Dashboard analytics and session data
  • Device information, browser type, and IP address
  • Error logs and performance data

3. How We Use Your Information

We use the information we collect to:

  • Provide sales-intelligence features: Generate prospect research, company insights, and personalised outreach recommendations
  • Email generation and management: Draft, suggest, and send emails through Gmail integration based on your instructions
  • Meeting preparation: Analyse calendar events and attendee information to provide pre-meeting briefs and talking points
  • Knowledge Base and RAG: Process your uploaded content to provide contextually relevant information during sales activities
  • CRM enrichment: Sync prospect and deal data with integrated CRM platforms (e.g., HubSpot)
  • Service improvement: Analyse usage patterns to improve features, fix bugs, and develop new functionality
  • Account management: Process subscriptions, manage credits, and provide customer support
  • Communication: Send service-related notifications, updates, and support responses

4. Legal Bases for Processing (GDPR Article 6)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing, we rely on the following:

  • Consent (Art. 6(1)(a)): When you grant OAuth permissions for Google services or enable optional features. You may withdraw consent at any time.
  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including sales-intelligence features, email generation, and knowledge base features.
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security monitoring, fraud prevention, and analytics, where these interests are not overridden by your data protection rights.

5. Google API Data — Limited Use Compliance

Relish Demand's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Scopes We Request

  • gmail.readonly — Read email messages and metadata for email context and reply suggestions
  • gmail.send — Send emails on your behalf when you explicitly trigger email sending
  • calendar.readonly — Read calendar events for meeting preparation and scheduling
  • calendar.events — Create and manage calendar events for meeting scheduling features

5.2 Limited Use Commitments

  • We only access Google user data necessary to provide and improve the Service's features
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We do not use Google user data to build user profiles for advertising
  • Human access to Google user data is limited to security purposes, compliance with applicable law, or when aggregated and anonymised for internal operations
  • All transfers of Google user data comply with the Google API Services User Data Policy

6. Data Sharing & Third Parties

We do not sell your personal data. We share information only in the following circumstances:

6.1 AI Processing Providers

We use third-party AI providers (including via OpenRouter) to power our generative features. When processing such requests, we send contextual business data (prospect information, email content, meeting context) but minimise the transmission of personally identifiable information (PII). AI providers process data according to their data processing agreements and do not use your data to train their models.

6.2 Google APIs

We access Google services (Gmail, Calendar) through authenticated API calls using OAuth tokens you grant. Data flows are governed by Google's Terms of Service and our Limited Use compliance (see Section 5).

6.3 CRM Integrations

When you connect a CRM (e.g., HubSpot), we sync prospect, company, and deal data between Relish Demand and your CRM as configured by you. Data shared is limited to what is necessary for the sync features you enable.

6.4 Infrastructure Providers

We use Google Cloud Platform (Firebase, Cloud Functions, Cloud Storage) to host and operate the Service. These providers act as data processors under appropriate data processing agreements.

6.5 Payment Processing

Stripe processes all payment transactions. We do not store your full credit card details. Stripe's privacy policy governs the handling of your payment information.

6.6 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Relish Demand, our users, or others.

7. International Data Transfers

Relish Demand is operated from the United Kingdom. Your data may be transferred to and processed in countries outside your country of residence, including the United States and other countries where our infrastructure providers operate.

For transfers from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organisational measures where necessary.

Switzerland: For transfers from Switzerland, we rely on the Swiss-US Data Privacy Framework (Swiss-US DPF) and Standard Contractual Clauses as approved under the Swiss Federal Act on Data Protection (nDSG / revised FADP).

APAC Adequacy Assessments: For transfers involving data from Australia, Japan, South Korea, or Singapore, we conduct transfer impact assessments and rely on SCCs, binding corporate rules, or applicable adequacy frameworks where available. Japan holds an EU adequacy decision (December 2018); for other APAC jurisdictions we apply appropriate supplementary safeguards.

8. Data Retention

We retain your data for the following periods:

  • Account data: For the duration of your account, plus 30 days after deletion request
  • Email and calendar data: Cached temporarily during active sessions; not permanently stored beyond what is needed for the features you use
  • Knowledge Base content: For the duration of your account; deleted within 30 days of account termination
  • AI-generated content: Stored as part of your account data for the duration of your subscription
  • Usage and analytics data: Up to 24 months, then aggregated or deleted
  • Billing records: As required by applicable tax and financial regulations (typically 7 years)

You may request deletion of your data at any time by contacting us at info@relishdemand.com. We will process deletion requests within 30 days, subject to any legal retention obligations.

9. Your Rights

9.1 GDPR Rights (EEA & UK Residents)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

9.2 CCPA/CPRA Rights (California Residents)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information)
  • Non-Discrimination: Not receive discriminatory treatment for exercising your rights
  • Correct: Request correction of inaccurate personal information
  • Limit Use of Sensitive PI: Limit the use and disclosure of sensitive personal information

9.3 Other Jurisdictions

  • UK GDPR: UK residents enjoy equivalent rights under the UK General Data Protection Regulation and Data Protection Act 2018
  • Brazilian LGPD: Brazilian residents have rights including access, correction, anonymisation, portability, and deletion under the Lei Geral de Proteção de Dados
  • Australian Privacy Act: Australian residents have rights to access and correct personal information under the Privacy Act 1988 and Australian Privacy Principles. You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

9.4 DACH Region (Germany, Austria, Switzerland)

In addition to GDPR rights, residents of the DACH region have specific rights under their national data protection laws:

  • Germany (BDSG): German residents have rights under the Bundesdatenschutzgesetz (BDSG), including enhanced rights relating to automated decisions and profiling. You may lodge a complaint with the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) at bfdi.bund.de
  • Austria (DSG): Austrian residents have rights under the Datenschutzgesetz (DSG). You may lodge a complaint with the Datenschutzbehörde (DSB) at dsb.gv.at
  • Switzerland (nDSG): Swiss residents have rights under the revised Federal Act on Data Protection (nDSG / revised FADP), including rights of access, rectification, erasure, and data portability. You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at fdpic.ch

9.5 APAC Region

  • Singapore (PDPA): Singapore residents have rights under the Personal Data Protection Act (PDPA), including the right to access and correct personal data and to withdraw consent. The PDPC (Personal Data Protection Commission) oversees compliance at pdpc.gov.sg
  • Japan (APPI): Japanese residents have rights under the Act on the Protection of Personal Information (APPI), including rights of disclosure, correction, addition, deletion, and cessation of use. The Personal Information Protection Commission (PPC) oversees compliance at ppc.go.jp
  • South Korea (PIPA): South Korean residents have rights under the Personal Information Protection Act (PIPA), including rights of access, correction, deletion, and suspension of processing. The Personal Information Protection Commission (PIPC) oversees compliance

To exercise any of these rights, contact us at info@relishdemand.com. We will respond to verified requests within 30 days (or as required by applicable law).

10. California Privacy Notice (CCPA/CPRA)

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

10.1 Categories of Personal Information Collected

  • Identifiers: Name, email address, IP address, account credentials
  • Commercial information: Subscription history, credit usage, billing records
  • Internet or electronic network activity: Dashboard usage data, interaction logs
  • Professional or employment information: Job title, company, professional role (as provided by you or from public sources)
  • Inferences: AI-generated prospect insights and sales recommendations derived from collected data

10.2 Sale & Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. We have not sold or shared personal information in the preceding 12 months.

10.3 Retention

We retain each category of personal information for the periods described in Section 8 of this Privacy Policy.

11. Cookies & Tracking Technologies

  • Dashboard Cookies: Our web dashboard uses essential cookies for authentication (Firebase Auth session tokens) and functionality. We do not use third-party advertising cookies
  • Analytics: We may use analytics services to understand how users interact with the Service. Analytics data is aggregated and does not identify individual users. Analytics cookies are only loaded after you have provided consent via our cookie banner

For full details of how we use cookies and how to manage your preferences, see our Cookie Policy.

12. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: Data stored in our databases and cloud storage is encrypted using AES-256 encryption
  • Access controls: Role-based access controls limit data access to authorised personnel only
  • Firebase Security Rules: Granular security rules enforce data isolation between users and companies
  • OAuth token security: Google OAuth tokens are stored securely and refreshed automatically; we do not store your Google password
  • Regular reviews: We periodically review and update our security practices

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

13. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at info@relishdemand.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you by email or through a prominent notice on the Service
  • Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

16. Automated decision-making and AI personalisation (GDPR Article 22)

Some of our processing involves automated decision-making, including AI-driven content personalisation and qualification scoring of profiling-question responses. We use Article 22(2)(c) explicit-consent grounds for this processing. You may request human intervention, contest the outcome, or withdraw consent at any time by contacting privacy@relishdemand.com. Automated qualification does NOT determine your access to gated content, every visitor receives the requested asset regardless of qualification status.

17. AI personalisation: how it works

When you engage with a partner-hosted landing page, we may generate two additional framing pages that append to the front of the partner's content. These pages are produced by combining your profile, your answers to the partner's questions, account enrichment data, and the asset content itself, using large language models hosted in EU regions. We retain the personalised PDF for up to 90 days as part of capture records.

18. Capture data retention

Lead capture records (including email, name, profiling answers, IP-derived signals, and the personalised PDF) are deleted automatically 90 days after capture via a daily scheduled job. Aggregated, non-identifying analytics persist beyond this window.