Privacy Policy

1. Information We Collect

1.1 From Users (Account Holders)

Account Information: When you create an account, we collect your email address and name. We do not store your passwords — all authentication is handled through magic links or OAuth providers.

Google Sign-In: If you sign in with Google, we request access to your basic profile information via the following OAuth scopes: email, profile, and openid. We receive your name, email address, and profile picture URL. We use this data solely to create and authenticate your prospiq account. We do not access your Google contacts, Gmail, Google Drive, or any other Google service data. We do not share your Google user data with third parties except as required to operate the Service (e.g., storing your email in our database hosted on Supabase).

Microsoft Sign-In: If you sign in with Microsoft, we request the same limited scopes: email, profile, and openid. We receive your name and email address only. We do not access your Outlook, OneDrive, Teams, or any other Microsoft service data.

Usage Data: We collect data about how you use the Service, including search queries (names and companies you look up), enrichment results, credit usage, and feature interactions. This data is tied to your account and used to provide the Service.

Payment Information: When you purchase credits or subscriptions, payment details are processed by our third-party payment providers — Razorpay for customers in India, and LemonSqueezy as merchant of record for international payments (rolling out on a phased basis). We do not store your credit card numbers, bank account details, or other financial information on our servers.

Technical Data: We automatically collect your IP address, browser type, device information, and referring URLs when you access the Service. This is used for security, analytics, and improving the Service.

1.2 About Data Subjects (People in Enrichment Results)

prospiq is a B2B contact enrichment tool. When our users search for a professional contact, we use third-party data providers to locate professional contact information. The data we may process about Data Subjects includes: professional email addresses, phone numbers (work/direct/mobile), job titles, and company associations.

This information is sourced exclusively from publicly available professional sources, including company websites, professional directories, and business databases maintained by reputable third-party B2B data providers. We do not collect personal email addresses, home addresses, social media profiles, or any data unrelated to professional business contact.

2. Legal Basis for Processing

For Users: We process your personal data based on contractual necessity (to provide the Service you signed up for) and legitimate interest (to improve the Service and prevent abuse).

For Data Subjects (GDPR — EU/EEA): We process professional contact data under the lawful basis of legitimate interest (Article 6(1)(f) of the GDPR). Our legitimate interest is to maintain an accurate B2B contact enrichment database that enables professional business communications. We have assessed that this interest is not overridden by the rights of Data Subjects, given that we process only professional contact information from publicly available sources, we provide a clear opt-out mechanism, and the data is used for lawful B2B prospecting purposes.

For Data Subjects (DPDP Act — India): We process professional contact data under the legitimate use provisions of India's Digital Personal Data Protection Act, 2023, as the data has been made available by the Data Principal in a professional context and processing is reasonably expected for B2B communications.

For Data Subjects (CCPA — California): Professional contact information processed through our Service is categorized as business contact data. California residents may exercise their right to opt out of the sale of personal information through our Data Removal page.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your enrichment requests and deliver results
• Manage your account, credits, and subscriptions
• Send transactional emails (welcome, low credit warnings, receipts)
• Detect and prevent abuse, fraud, and unauthorized access
• Comply with legal obligations
• Improve our enrichment accuracy through domain intelligence learning

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Enrichment Data and Third-Party Services

To provide email and phone enrichment, we work with reputable third-party B2B contact data providers. When a user submits a search, the name and company provided may be sent to these providers to locate professional contact information. All providers operate under data protection agreements and comply with applicable privacy laws (GDPR, DPDP Act, CCPA).

We cache enrichment results in our database to improve speed and reduce costs for repeat searches. Cached results may be served to other users who search for the same contact. The search queries users submit (names and companies) are visible only to their account.

We also use the following services:

• Supabase — authentication and database hosting
• Vercel — application hosting
• Resend — transactional email delivery
• Razorpay — payment processing (India)
• LemonSqueezy — payment processing and merchant of record (international)

5. Data Retention

User Account Data: We retain your account information and search history for as long as your account is active. If you delete your account, we will remove your personal information (name, email, account data) within 30 days. Inactive accounts with no login activity for 24 months may be deleted following advance notice.

Enrichment Data: We retain enriched professional contact data for as long as it serves our legitimate business purpose of maintaining an accurate B2B contact database. We take reasonable steps to ensure data accuracy. Data Subjects may request deletion at any time through our opt-out page at prospiq.net/opt-out.

Bulk Processing Results: Bulk job data is retained for 6 months following job completion. Users can export results at any time before expiry.

Domain Intelligence: Aggregated, non-personal pattern data (e.g., "this company uses first.last email format") is retained indefinitely as it does not identify any individual.

6. Your Rights

6.1 Rights of Users (Account Holders)

Depending on your location, you may have the following rights:

• Access — request a copy of the data we hold about you
• Correction — request we update inaccurate information
• Deletion — request we delete your account and personal data
• Export — request a portable copy of your data
• Objection — object to certain processing of your data

To exercise any of these rights, contact us at support@prospiq.net. We will respond within 30 days.

6.2 Rights of Data Subjects (People in Enrichment Results)

If your professional contact information appears in prospiq's enrichment results and you wish to have it removed, you can submit a data removal request at prospiq.net/opt-out. Upon verification of your identity (via email confirmation), we will:

• Remove all records associated with your email from our database
• Scrub your email, phone number, and job title from any cached search results
• Add your email to a permanent suppression list to prevent future collection

This opt-out mechanism is provided in accordance with GDPR (right to erasure), DPDP Act (right to correction and erasure), and CCPA (right to opt out of sale). Requests are processed within 5 business days of email verification.

For users in the European Economic Area (EEA), these rights are provided under the GDPR. For users in India, these rights are provided under the Digital Personal Data Protection Act (DPDP Act), 2023.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR and DPDP Act. We will also notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights.

8. Cookies and Tracking

We use essential cookies to maintain your login session and preferences. We do not use third-party tracking cookies or advertising pixels. We may use basic analytics to understand how the Service is used, but we do not track you across other websites.

9. Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication (OAuth 2.0, magic links), and access controls on our database. However, no system is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Our Service is hosted on infrastructure located in the United States (Vercel, Supabase). If you are accessing the Service from outside the United States, your data may be transferred to and processed in the United States. We rely on appropriate safeguards for international data transfers as required by applicable law.

11. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact us at:

prospiq — a product of Pathweavers LLP
Email: support@prospiq.net
Website: prospiq.net
Data Removal: prospiq.net/opt-out