Privacy policy
Last updated: 3 July 2026
This policy describes how Salesgram processes personal data, pursuant to Regulation (EU) 2016/679 (GDPR). Salesgram is a relationship intelligence service: it helps you surface latent opportunities within the network of contacts you already have.
1. Data controller
The controller of the data relating to your account is Playgram Studio di Mirko Lumina. For any privacy-related request you can write to info@playgram.studio.
2. Dual role: controller and processor
It is important to distinguish two sets of data:
- Your account data (e.g. your email): here Playgram Studio acts as the data controller.
- Your network data that you enter into the app (contacts, companies, notes, conversations, etc.): for this data you are the controller, and Playgram Studio acts as the data processor on your behalf, following your instructions. You are required to have a valid legal basis to process the personal data of the people in your network.
3. What data we process
- Registration and sign-in data: email, account identifier (via Google OAuth).
- Data you enter: contacts (name, role, company, email, phone, LinkedIn profile), companies, opportunities, projects, ideas, tags, notes, conversation transcripts and AI-extracted signals, introductions and provenance.
- AI-derived data: from the transcripts you import, the AI may infer tags, signals (needs/offers) and a communication style profile of your contacts (formality, directness, energy, focus). These are revisable hypotheses that can be deleted from the contact page, and are not shared with third parties. The active searches you save (what you look for/offer) also stay in your account.
- Feedback portal content: the ideas, votes and comments you post on salesgram.app/feedback are publicly visible (without your name or email: only the content). Do not enter personal data there.
- Technical data: application logs, error diagnostics, IP address and browser information, necessary for operation and security.
- Usage data (analytics): pages visited and interface interactions, in pseudonymised form and with page text masked, so as not to collect your network's data. It helps us understand how the product is used and improve it. We do not record sessions (no screen recording).
4. Purposes and legal basis
- Service delivery (contact management, tag matching engine, AI suggestions, enrichment) — legal basis: performance of the contract (art. 6.1.b GDPR).
- Security, abuse prevention, error diagnostics — legal basis: legitimate interest (art. 6.1.f GDPR).
- Usage analysis and product improvement (aggregated, pseudonymised statistics via PostHog) — legal basis: consent (art. 6.1.a GDPR), requested via the banner on your first visit and revocable at any time.
- Legal obligations and, in the future, billing — legal basis: legal obligation / performance of the contract.
5. Sub-processors (vendors)
To deliver the service we rely on the following vendors, who process data on our behalf:
- Supabase — database and file storage (data hosting).
- Hostinger — application hosting (servers).
- Anthropic (Claude) — AI text processing (tag suggestions, conversation extraction). The data sent is not used to train the models.
- Apify — enrichment of professional profiles (retrieval of public professional information), only at your explicit request.
- Google — authentication and, if you enable sync, import of your contacts.
- Sentry — application error tracking.
- PostHog — statistical analysis of application usage, active only with your prior consent (banner on your first visit; you can decline without limitations and change your mind at any time from the app, in Account → Preferences). Without session recording and with page text masked, so as not to collect your network's data. The statistical data is processed in the United States (see point 6).
- UptimeRobot — service availability monitoring.
- Stripe — payment processing (when active).
- Resend — sending transactional emails (support requests, periodic summaries). It processes your email address and the content of the messages you send to support.
- Plaud — only if you connect your Plaud account: import of the transcripts of your recordings, at your explicit request.
- Trello (Atlassian) — only if you connect your Trello account: sending cards/tasks to your board, at your explicit request.
6. Transfers outside the EU
Some vendors (e.g. Anthropic, Apify, Sentry, Stripe, PostHog, Resend) may process data outside the European Economic Area. In such cases, transfers take place on the basis of adequate safeguards, in particular the Standard Contractual Clauses approved by the European Commission.
7. Retention and deletion
We retain data for as long as your account is active. You can request complete deletion at any time from User area → Delete account: this permanently deletes the account and all associated data (including contacts, conversations, notes, attachments and images).
8. Your rights
As a data subject you have the right to:
- access your data and obtain a copy of it;
- rectify or update it;
- erase it (right to be forgotten — see point 7);
- export it in a structured format (portability — CSV export function in the app);
- restrict or object to its processing;
- lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
To exercise these rights, write to info@playgram.studio.
9. Security
We adopt appropriate technical and organisational measures: per-user data isolation (Row Level Security at the database level), encryption of communications in transit (HTTPS) and restricted access. No system, however, is 100% secure.
10. Changes
We may update this policy. In the event of material changes we will notify you. The date at the top indicates the last update.