Privacy Policy
Last updated 17 June 2026
Xello ("we", "us") provides a calendar layer for Trello. This policy explains what personal data we process, why, and the rights you have. We act as data controller for the data described below.
Data we process
- Account data: your Trello member id, name, avatar and (when Trello provides it) email address, created when you sign in with Trello.
- Trello content: cards, boards, lists, due dates, comments and attachments that you choose to view or schedule in Xello. We read this from Trello using OAuth tokens you grant, and write back only the changes you make (for example a new due date). Your Trello access tokens are stored encrypted.
- Usage and preferences: your settings, calendar layout, board selections, search history (used to enforce plan limits) and basic login logs (timestamp, IP, user agent) kept for security.
- Billing data: if you subscribe, your subscription status and Stripe customer/subscription identifiers. We never see or store your full card number; payment is handled by Stripe.
- Optional integrations: if you connect Google or GitHub, we process the data those scopes return (for example Google Drive/Docs/Gmail/Calendar metadata, or a GitHub repository) only to deliver the feature you enabled. You can disconnect them at any time.
Why we process it
To provide the calendar and scheduling features you ask for, to operate your account and subscription, to send service emails, to enforce plan limits, and to keep the service secure. The legal bases are performance of our contract with you, your consent for optional integrations, and our legitimate interest in security.
Sub-processors
We share data only with providers that help us run the service:
- Atlassian / Trello -- the source of your boards and cards (your existing Trello relationship).
- Stripe -- payment processing and subscription management.
- Amazon SES (Paris region, via our self-hosted mail service) -- delivery of transactional emails.
- Self-hosted object storage (MinIO) on our French infrastructure -- inbox and attachment files you upload.
- Google (optional) -- Drive/Docs/Gmail/Calendar access when you connect a Google account.
- GitHub, Anthropic, Mistral, Jina, Firecrawl (optional) -- only used by the Claude Project / RAG export feature when you enable it.
The full, current list with each provider's purpose and location is on our Sub-processors page.
AI processing
If you enable the optional Claude Project / RAG export, the content you export (board cards, comments and selected attachments) is sent to an AI provider (Anthropic, with Mistral as a fallback) to generate the knowledge base. We do not use your data to train our own models, and we only send what the feature needs to function. This feature is off by default.
International transfers
Our database and object storage are hosted in France. Some sub-processors (for example Stripe, Trello/Atlassian, Google, Anthropic, GitHub) are based outside the EU; transfers to them are covered by the appropriate safeguards (EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework). We never sell your personal data.
Retention
We keep your data while your account is active. When you delete your account, your account, settings, tokens and Xello-side data are deleted. Trello remains the source of truth for your cards and is unaffected.
Your rights
Under the GDPR you can access, correct, export or delete your personal data, and object to or restrict processing. You can delete your account and all Xello-side data yourself from Settings > Plan > Danger zone. For any other request, contact us at the address below and we will respond within one month.
Cookies
We use only strictly necessary cookies (your session and OAuth flow). We do not use advertising or third-party tracking cookies.
Contact
For any privacy request, email privacy@xello.pro.