Njor Connect
Book a demoRequest access

Legal

Privacy Policy

This Privacy Policy explains how The Red Process Ltd(“Njor Connect,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you use Njor Connect, the AI podcast outreach platform — including data from connected Google (Gmail) and Microsoft (Outlook) accounts.

Last updated: June 15, 2026

Quick summary (not a substitute for the full policy):We collect the account details you give us, the content you create in Njor Connect, usage data, and — only if you connect an inbox — the email content and metadata needed to run your outreach. We use it to provide and secure the Service. We do not sell your data, do not use it for advertising, and do not use Google or Microsoft mailbox data to train generalized AI models. Our use of Google user data follows the Google API Services User Data Policy, including the Limited Use requirements. You can disconnect an inbox or exercise your data rights at any time by contacting kasper@njorconnect.com. If you use our done-for-you agency services, we also collect the details you choose to share for your pitches and share them with podcast hosts to book you — see Section 16.

1. Who we are and scope

Njor Connect is a brand and trading name of The Red Process Ltd, a company registered in England and Wales, with its registered office at Suite 4, Second Floor, Viscount House, River Lane, Saltney, Chester, CH4 8RH, United Kingdom. The Red Process Ltdis the data controller for personal data processed through the Njor Connect website, applications, and APIs (the “Service”). This policy applies to that processing and should be read together with our Terms of Service.

Where you use Njor Connect to process other people’s personal data through your own account — for example, the contacts and recipients in your outreach — you act as the controller of that data and we act as your processor, processing it on your instructions to provide the Service.

If you engage us for our done-for-you agency services (for example, podcast guest booking), Section 16 explains how we handle your data; for that service, The Red Process Ltd is the controller of the personal data you give us about yourself.

2. Quick summary

We process only the data needed to run the features you use. The most sensitive category is the content of any email account you choose to connect, which we access under strict limits described in Sections 4 to 8. We do not sell personal data, do not use it for advertising, and apply Google’s Limited Use rules to Gmail data and equivalent restraint to Microsoft data.

3. The data we collect

Data you provide

  • Account data— name, email address, password or authentication identifiers, organization, and role.
  • Content you create— guest profiles, target lists, pitches, campaigns, notes, contacts, leads, and other content you submit.
  • Billing data— if you buy a paid plan, billing details processed by our payment provider; we do not store full card numbers.
  • Communications— messages you send us for support or enquiries.

Data we collect automatically

  • Usage and device data— log data, IP address, browser and device information, pages and features used, and timestamps, used for security, debugging, and improving the Service.
  • Cookies and similar technologies— as described in Section 14.

Data from connected accounts and third parties

  • Connected email account data— if you connect Gmail or Outlook, the message content, metadata, drafts, and contacts needed to run your inbox and outreach (see Section 4).
  • Podcast and opportunity data— information about podcasts, episodes, hosts, and events gathered from public and third-party sources to power discovery and qualification.

4. Connected email accounts (Gmail and Outlook)

Connecting an email account is optional. If you connect one through Google or Microsoft, you authorize Njor Connect to access it on your behalf through their official APIs (the Gmail API and Microsoft Graph), using OAuth tokens. Depending on the permissions you grant, we may:

  • read messages, threads, and metadata to display and organize your inbox, replies, and drafts;
  • send pitches and follow-up messages you compose, review, or schedule;
  • create and manage drafts; and
  • maintain a synced, local-first copy of relevant messages so the inbox stays responsive.

We access this data only to provide the features you use, and we request the minimum Google and Microsoft permission scopes needed for those features. Message content is stored or fetched as needed to operate your inbox and outreach, and is processed under the restrictions in Sections 6 to 8. You can disconnect an account at any time in Njor Connect settings or revoke access through your Google account or Microsoft account settings. Revoking stops further sync and sending for that account.

5. How we use data and our legal bases

Under the UK GDPR, we rely on the following legal bases to process personal data:

  • Performance of a contract— to create your account, provide the Service, run discovery, generate pitches, sync your inbox, send the outreach you set up, and provide support.
  • Legitimate interests— to secure, maintain, debug, and improve the Service, prevent abuse and fraud, and understand how features are used, balanced against your rights.
  • Consent— where required, for example when you connect an email account and grant specific permissions, or for non-essential cookies. You can withdraw consent at any time.
  • Legal obligation— to comply with applicable law, tax, and accounting requirements, and lawful requests.

We do not use the content of connected email accounts for any purpose other than providing the Service to you.

6. Google API Services and Limited Use

Njor Connect’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • we use Google user data only to provide and improve the user-facing features that you actively request and that are prominent in the Service;
  • we do not transfer or sell Google user data to third parties, except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition with notice to users;
  • we do not use Google user data for serving advertisements, including personalized, retargeted, or interest-based advertising; and
  • we do not allow humans to read Google user data unless (a) you give specific consent to access specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized and used to improve or maintain the Service.

7. Microsoft and Outlook data

When you connect a Microsoft or Outlook account, we access your data through Microsoft Graph under the permissions you grant and in accordance with the Microsoft APIs Terms of Use. We apply the same restraint as for Google data: we use it only to provide the features you request, we do not sell it, we do not use it for advertising, and we do not use it to train generalized AI or machine learning models.

8. AI features and no model training on your mail

Njor Connect includes AI-assisted features such as match scoring and pitch generation. When these features operate on your data, they do so only to produce outputs for you within the Service (for example, drafting or organizing your own outreach).

We do not use Google Workspace or Gmail data, or Microsoft / Outlook mailbox data, to develop, improve, or train generalized or non-personalized AI or machine learning models. AI outputs are suggestions you review and control; you decide what is sent.

9. How we share data and sub-processors

We do not sell personal data. We share it only as needed to run the Service:

  • Service providers (sub-processors)— vetted vendors that host and operate the Service on our behalf, such as cloud hosting and storage, database and queue infrastructure, email delivery, payment processing, and error or product analytics, all bound by confidentiality and data-protection terms.
  • Your own collaborators— where you use team or client-review features, the data you share is visible to the users, clients, or teammates you grant access.
  • Legal and safety— where required to comply with law, enforce our terms, or protect rights, safety, and security.
  • Business transfers— in connection with a merger, acquisition, or sale of assets, with notice consistent with this policy.

A current list of sub-processors is available on request at kasper@njorconnect.com.

10. International data transfers

We are based in the United Kingdom, and we and our sub-processors may process data in countries outside the UK and the European Economic Area. Where we transfer personal data internationally, we use appropriate safeguards required by UK data protection law, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or transfers to jurisdictions with an adequacy decision.

11. Data retention

We keep personal data only as long as needed for the purposes in this policy: for the life of your account, plus a reasonable period afterwards for backups, legal, tax, and dispute-resolution needs. When you disconnect an email account, we stop syncing it and delete or de-identify the associated synced content within a reasonable period, except where retention is required by law. You can request deletion as described in Section 13.

12. Security

We use technical and organizational measures to protect personal data, including encryption in transit, access controls, scoped multi-tenant isolation, and OAuth tokens rather than stored passwords for connected accounts. No system is perfectly secure, but we work to protect your data and to respond to incidents appropriately.

13. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. To exercise these rights, contact kasper@njorconnect.com.

Where you have connected an email account and we act as your processor for the personal data of your recipients, requests from those individuals should usually be directed to you as the controller; we will assist you in responding as required.

14. Cookies and analytics

We use cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in) and, where you consent, a limited set for analytics to understand and improve usage. You can control non-essential cookies through your browser or any cookie controls we provide. We do not use connected-account data for advertising.

15. Children

The Service is not directed to children, and you must be at least 18, or the age of majority in your jurisdiction, to use it. We do not knowingly collect personal data from children.

16. Done-for-you Agency Services

Separately from the self-serve platform, we also offer done-for-you agency services (the “Agency Services”) — such as podcast guest booking, TEDx coaching and application, and brand-growth coaching — described on our Services page and governed by Section 21 of our Terms of Service. When you engage us for Agency Services, The Red Process Ltd is the controller of the personal data you give us about yourself for that purpose.

What we collect for Agency Services

We collect the information you choose to share with us for your pitches and campaign — for example your name and contact details, bio and story, topics and talking points, goals, links, photos or headshots, scheduling and availability, and any supporting materials you provide. We use only what you choose to share and authorize us to use for pitches. We run this work through the Njor Connect platform, so the security, sharing, transfer, retention, and AI commitments in this policy apply.

How we use and share it

  • We use your information to research and qualify shows, write pitches in your voice, contact hosts on your behalf, manage bookings and scheduling, and prepare you for appearances.
  • To pitch and book you, we share the materials you provide with third parties— podcast hosts, producers, event organizers, and similar contacts — so they can consider and schedule your appearance. By giving us materials for this purpose, you authorize that sharing.
  • Our legal bases are performance of our contract with you (delivering the Agency Services) and, for the specific details you choose to release for pitches, your consent, which you can withdraw at any time by contacting kasper@njorconnect.com (this will not affect outreach already sent).

We keep this information for the duration of your engagement and a reasonable period afterwards for records, legal, tax, and dispute-resolution needs, then delete or de-identify it, except where the law requires us to keep it. Your rights in Section 13 apply to this data, and our sharing, transfers, retention, and security practices (Sections 9 to 12) apply to the Agency Services as well.

17. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect means you accept the updated policy.

18. Contact and complaints

For privacy questions or to exercise your rights, contact The Red Process Ltd at kasper@njorconnect.com, or by post at Suite 4, Second Floor, Viscount House, River Lane, Saltney, Chester, CH4 8RH, United Kingdom. You can also reach us through njorconnect.com.

If you are in the UK and believe we have not handled your data properly, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first.