coldio
Start free
Privacy

Privacy Policy

How Coldvio collects, uses and protects your data. Last updated: June 2, 2026.

1. Who we are

Coldvio is a LinkedIn content and outreach platform operated by Coldvio [CVR: TBD], a company registered in Denmark. Our registered address is Tinbergens Allé 123, 9260 Gistrup, Denmark.

We are the data controller for personal data you provide directly to us. Where you use our leads and enrichment features, you act as data controller for contact data you upload or enrich — and Coldvio acts as your data processor for that data.

2. Data we collect

  • Account dataEmail address, name, and password (hashed) when you sign up.
  • Voice profileText samples, interview answers, and writing preferences you provide to train your voice profile.
  • LinkedIn usage dataPost drafts, scheduled content, campaign configurations, and engagement metrics from your connected LinkedIn account.
  • Usage dataFeature usage, credit consumption, session logs, and error data used to operate and improve the service.
  • Payment dataBilling is processed by Stripe. We store your subscription tier and credit balance. Card numbers are never stored by Coldvio.
  • Lead dataContact data you upload or enrich via the leads feature. You are the data controller for this data; Coldvio processes it on your behalf as a data processor.

3. How we use your data and our legal basis

We process your personal data only for specific purposes and under a lawful basis under Article 6 of the GDPR.

  • Service deliveryTo provide, maintain and improve Coldvio — including authentication, billing, and feature access. Legal basis: performance of contract (Art. 6(1)(b)).
  • AI content generationTo generate content, replies, and outreach in your voice using your voice profile. Legal basis: performance of contract (Art. 6(1)(b)).
  • LinkedIn actionsTo execute actions you explicitly request — posting, scheduling, connection requests, or messages. Legal basis: performance of contract (Art. 6(1)(b)).
  • PaymentsTo process subscriptions and credit top-ups. Legal basis: performance of contract and legal obligation (Art. 6(1)(b) and (c)).
  • Transactional emailTo send receipts, password resets, and service updates. Legal basis: performance of contract (Art. 6(1)(b)).
  • Service improvement and securityTo analyse usage patterns, diagnose errors, and prevent abuse. Legal basis: legitimate interests (Art. 6(1)(f)) — our interest in operating a reliable and secure service.
  • Analytics cookies (optional)If you accept analytics cookies, to understand how the product is used. Legal basis: consent (Art. 6(1)(a)). You may withdraw consent at any time via cookie settings.
  • No sellingWe do not sell your data to third parties.
  • No model trainingWe do not use your voice profile, drafts, or content to train public AI models.

4. International data transfers

Coldvio stores account, voice, and usage data on Supabase infrastructure located in the European Union. However, some data processing involves services based outside the EU.

When you use content generation or AI features, your voice profile and request content are sent to LLM providers — currently Groq, OpenAI, and Anthropic — all based in the United States. This is the core mechanism that powers AI generation on Coldvio.

We also use US-based infrastructure providers — Railway (hosting) and Vercel (frontend) — and US-based services including Stripe (payments) and People Data Labs (enrichment).

For transfers to these US-based providers, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR, as included in or referenced by each provider's Data Processing Agreement.

A full list of sub-processors is provided in Section 5.

5. Sub-processors

We use the following third-party processors. Each is engaged under a written data processing agreement.

  • SupabaseDatabase and authentication. Data stored in EU region. supabase.com
  • StripePayment processing. stripe.com — subject to Stripe's DPA and privacy terms.
  • GroqLLM inference for AI content generation. US-based. groq.com
  • OpenAILLM inference for AI content generation (fallback). US-based. openai.com
  • AnthropicPremium LLM inference. US-based. anthropic.com
  • People Data LabsContact data enrichment, only when you explicitly trigger enrichment. pdl.co
  • ZernioLinkedIn Marketing API integration for content publishing and analytics.
  • UpstashRedis queue for campaign and content scheduling.
  • RailwayBackend application and LLM proxy hosting. Deployed on Railway EU region. railway.com
  • VercelFrontend application hosting. Deployed on Vercel EU infrastructure. vercel.com

6. LinkedIn data

Coldvio accesses your LinkedIn account via the official LinkedIn Marketing API for content publishing and via a cloud browser session for outreach actions. You authorise this access explicitly.

We access only what is needed to perform the specific actions you request. We do not store your LinkedIn password — access uses OAuth tokens and session credentials you provide.

7. Chrome extension

The Coldvio Chrome extension reads LinkedIn page content to assist with drafting and CRM sync. It communicates with Coldvio servers using your account API token and does not share page content with any third party directly.

8. Data retention

Account data, voice profiles, and content history are retained for as long as your account is active. When you delete your account, personal data is deleted within 30 days.

Lead data can be deleted at any time from within the app — list by list or in full.

Payment records are retained for the period required by applicable accounting and tax law (7 years in Denmark).

9. Your rights under GDPR

As a data subject under GDPR, you have the following rights:

  • Access (Art. 15)Request a copy of the personal data we hold about you.
  • Rectification (Art. 16)Correct inaccurate or incomplete personal data.
  • Erasure (Art. 17)Request deletion of your personal data, subject to legal retention obligations.
  • Restriction (Art. 18)Request that we limit the processing of your data in certain circumstances.
  • Data portability (Art. 20)Receive your data in a structured, machine-readable format.
  • Objection (Art. 21)Object to processing based on legitimate interests.
  • Withdraw consentWhere processing is based on consent (e.g. analytics cookies), withdraw it at any time without affecting prior processing.

10. Right to lodge a complaint

If you believe we are processing your personal data in breach of GDPR, you have the right to lodge a complaint with the Danish Data Protection Authority:

Datatilsynet · Carl Jacobsens Vej 35 · 2500 Valby · Denmark · [email protected] · datatilsynet.dk

You may also contact the data protection authority in your country of residence.

11. Security

Data is encrypted in transit (TLS) and at rest where supported by our infrastructure providers. Access to production systems and databases is restricted to authorised personnel.

12. Changes to this policy

We may update this policy. Material changes will be communicated to account holders by email before taking effect.

13. Contact

Questions, requests, or to exercise your rights: [email protected]
Coldvio [CVR: TBD]
Tinbergens Allé 123
9260 Gistrup, Denmark

Terms of ServiceData Processing AgreementBack to Coldvio