Leosoft Curio Logo
Leosoft Curio
Open App
Back to Home

Privacy Policy

Last updated: December 29, 2025

1. Introduction

Leosoft Limited ("we", "our", or "us"), a company registered in England and Wales (Company No. 16934445), operates Curio (the "Service"), a personal intelligence platform that helps users stay informed through AI-powered briefings, news aggregation, and productivity integrations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of data protection law, Leosoft Limited is the data controller.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address via Microsoft Entra ID)
  • Profile preferences and content interests
  • Notes and content you create
  • Feedback and communications with us

2.2 Google Services Data

If you connect your Google account, we access:

  • Calendar Events: Title, time, location, attendees, description - for briefings and event dossiers
  • Sent Emails: Email content during send operation only - for AI-assisted email sending
  • User Profile: Email address - to identify your connected account

Note: We request permission to send emails on your behalf. We do not read or access your Gmail inbox or existing emails.

2.3 Microsoft Services Data

If you connect your Microsoft account, we access:

  • Email Messages: Sender, subject, body content - for inbox digest summaries
  • Calendar Events: Event details - for briefings and dossiers
  • Tasks: Task lists and items from Microsoft To Do

2.4 Automatically Collected Information

  • Device information and browser type
  • Usage data and feature interactions
  • Log data and error reports

3. How We Use Your Information

  • Provide personalized morning briefings and news feeds
  • Generate event dossiers with relevant background information
  • Extract tasks and events from your notes using AI
  • Enable AI-assisted email composition and sending
  • Improve and develop new features
  • Ensure security and prevent fraud

4. AI Processing

Curio uses artificial intelligence (Google Gemini) to process your data:

  • Event dossier generation with background research
  • Task and calendar event extraction from notes
  • Email drafting assistance
  • Content categorization and recommendations

Important: Processing occurs in real-time. Raw content is not persistently stored by AI providers. Google does not use API data to train their models. We do not use your data to train any AI models.

5. Google User Data Disclosure

This section specifically addresses our use of Google user data to comply with Google's API Services User Data Policy.

5.1 Limited Use Disclosure

Curio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy , including the Limited Use requirements.

5.2 Google Scopes We Request

Scope Purpose
gmail.send Send emails via AI assistant
calendar.readonly Read events for briefings and dossiers
calendar Create events from notes (with confirmation)
userinfo.email Identify connected account

We do NOT request gmail.readonly or gmail.modify scopes. We cannot read your Gmail inbox.

5.3 How We Use Google Data

  • We do not sell Google user data
  • We do not use Google data for advertising
  • We do not transfer Google data to third parties except as necessary to provide the service (AI processing via Gemini API)

5.4 Revoking Google Access

You can disconnect your Google account at any time in Settings > Connected Accounts. You can also revoke access directly from Google Account Permissions .

6. Microsoft User Data Disclosure

6.1 What Microsoft Data We Access

Permission Data Accessed Purpose
Mail.Read Read email messages Generate inbox digest
Mail.Send Send emails AI-assisted email sending
Calendars.ReadWrite Read/write calendar Briefings and event creation
Tasks.ReadWrite Read/write tasks Sync with Microsoft To Do
User.Read User profile Identify account

6.2 How We Use Microsoft Data

  • We do not sell Microsoft user data
  • We do not use Microsoft data for advertising
  • Email content is used only to generate inbox digest summaries

6.3 Revoking Microsoft Access

You can disconnect your Microsoft account at any time in Settings > Connected Accounts. You can also revoke access directly from Microsoft Account Permissions .

7. Todoist Integration Data

If you connect your Todoist account, we access:

  • Projects: Project names and IDs for task organization
  • Tasks: Task content, due dates, priority, labels
  • User Profile: Account email for identification

Tasks are synced in real-time and not persistently stored. OAuth tokens are encrypted at rest. You can disconnect Todoist at any time in Settings > Integrations.

8. Data Storage and Security

  • Encryption in Transit: All data via HTTPS (TLS 1.2+)
  • Encryption at Rest: Database encryption + OAuth token encryption
  • Access Control: Strict user isolation - you can only access your own data
  • Authentication: Microsoft Entra External ID

8.1 Data Retention

  • Account data: Until account deletion
  • Email cache (Microsoft): 24 hours
  • Calendar cache: Up to 30 days
  • Notes: Until deleted by you

9. Data Sharing

We do not sell your personal information. We share data with:

  • Google Cloud Platform: Infrastructure hosting
  • MongoDB Atlas: Database hosting
  • Google Gemini API: AI processing (data not stored)
  • Microsoft Entra ID: User authentication

10. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience on our website. A cookie is a small text file stored on your device when you visit a website.

10.1 Cookies We Use

Cookie Type Purpose Duration
curio_cookie_consent Necessary Stores your cookie consent preference Persistent
_ga Analytics Google Analytics - distinguishes unique users 2 years
_ga_* Analytics Google Analytics - maintains session state 2 years

10.2 Cookie Categories

  • Necessary Cookies: Essential for the website to function. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our website. These are only set if you accept cookies.

10.3 Managing Cookies

When you first visit our website, you will see a cookie banner asking for your consent to use analytics cookies. You can change your preference at any time by:

  • Clearing your browser's localStorage (this will reset your cookie preference)
  • Using your browser settings to block or delete cookies

Please note that blocking analytics cookies will not affect the functionality of the website.

11. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your data and account
  • Export your notes
  • Disconnect integrations at any time
  • Withdraw consent

To delete your account, email contact@leosoft.company with the subject "Account Deletion Request". We will process your request within 30 days.

12. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy and updating the "Last updated" date. For significant changes, we will send an email notification.

15. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: contact@leosoft.company

Company: Leosoft Limited

Company Number: 16934445

Registered in: England and Wales

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk/make-a-complaint