Larenio

Privacy Policy

Last updated: 1 June 2026

This Privacy Policy explains how Larenio ("Larenio", "we", "us") collects, uses, stores and protects personal data when you use the Larenio application at app.laren.io and related services (the "Service"). It also explains, specifically, how we handle data accessed through Google and Microsoft APIs when you choose to connect a calendar.

Who is responsible for your data.
The Service is operated by [Legal entity name, e.g. Larenio Ltd], [registered address], United Kingdom ([company number, if registered]). For accounts created by an accountancy firm or other organisation, that organisation is the data controller for the client records it enters, and Larenio acts as its data processor. For account and authentication data, Larenio is the controller. Contact: privacy@laren.io.

1. What data we collect

Category	Examples
Account & sign-in	Your name, work email address, the organisation you belong to, and authentication details from your chosen sign-in method (email/password, Google, or Microsoft).
Client/customer records	Information your firm enters about its own clients — names, contact details, custom fields, notes, activity, and (for accountancy firms only, optionally) identifiers such as UTR/NI which are stored encrypted.
Deadlines & reminders	Due dates and reminder settings you create.
Calendar data (optional)	If you connect Google Calendar or Microsoft 365, an access/refresh token and the identifier of the calendar Larenio writes deadline events to.
Email activity	Metadata about reminder and client emails sent through the Service (recipient, subject, send status), to provide an activity record and handle bounces.
Technical/usage	Log data needed to operate and secure the Service. We deliberately redact sensitive identifiers (e.g. UTR/NI, tokens) from logs.

2. Google user data (calendar connection)

If you choose to connect Google Calendar, Larenio requests the https://www.googleapis.com/auth/calendar.app.created scope. This narrow scope lets Larenio create and manage only a dedicated "Larenio" calendar that the app itself creates in your account, where it writes the deadlines you track in Larenio. It does not give Larenio access to your existing or primary calendars. We do not use Google data for advertising, and we do not sell it.

Limited Use disclosure. Larenio's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google calendar access tokens are stored encrypted, used only to perform the calendar actions described above, and can be revoked at any time by disconnecting the integration in Larenio's settings or in your Google Account.

3. Microsoft data (calendar connection)

If you connect Microsoft 365, Larenio requests the Calendars.ReadWrite permission and uses it only to create and update calendar events for your Larenio deadlines. The same protections apply: tokens are stored encrypted, access is used solely for that purpose, and you can revoke it at any time.

4. How we use data

To provide the Service — storing client records, calculating and showing deadlines, sending reminders.
To write deadline events to a calendar you have connected, at your request.
To send reminder and client emails you initiate, and to record their delivery status.
To look up public company information from Companies House when you enter a company number (UK accountancy features).
To secure, maintain, debug and improve the Service.
To comply with our legal obligations.

5. Legal bases (UK GDPR)

We process personal data on the bases of performance of a contract (providing the Service to your organisation), legitimate interests (securing and operating the Service), consent (where you connect an optional calendar or send optional emails), and legal obligation where applicable.

6. Where data is stored and how it is protected

Data is hosted on Amazon Web Services in the United Kingdom / EU (London region). Tenant data is logically isolated per organisation. Particularly sensitive identifiers (such as UTR/NI) and third-party access tokens are encrypted. Access to production systems is restricted and audited.

7. Sharing & sub-processors

We do not sell personal data. We share data only with service providers that help us run the Service:

Provider	Purpose
Amazon Web Services	Hosting, storage, encryption, email delivery (eu-west-2, London)
Google	Optional calendar connection and Google sign-in
Microsoft	Optional calendar connection and Microsoft sign-in
Companies House	Public company lookup (read-only), when you enter a company number

8. Retention

We retain personal data for as long as your organisation maintains its account, and then delete or anonymise it within a reasonable period, unless we are required to keep it longer by law. You can request export or erasure as described below.

9. Your rights

Under UK GDPR you have rights to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. If your data was entered by an accountancy firm or other organisation using Larenio, please contact that organisation first, as they control those records; we will assist them. To exercise rights directly, email privacy@laren.io.

10. Cookies

Larenio uses only strictly necessary cookies required to keep you signed in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies.

11. Children

The Service is intended for business use and is not directed at children under 16.

12. Changes

We may update this policy from time to time. We will change the "last updated" date above and, for material changes, notify account administrators.

13. Contact & complaints

Questions or requests: privacy@laren.io. If you are in the UK and believe we have not handled your data properly, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk. [ICO registration number, if registered]