← PROSPECTSENTINEL

Privacy Policy

LAST UPDATED · 2026-05-12
Template — review with counsel before production use. The language below is a reasonable starting point for a B2B SaaS, not legal advice. Replace bracketed values, confirm jurisdiction, and have a lawyer review before relying on these terms in a customer contract.

This Privacy Policy describes how [Company Legal Name] ("we", "us", "our") collects, uses, and discloses information when you use the Prospect Sentinel platform ("Service"). It applies to information about you as an account holder and information you provide about your business contacts.

1. Information we collect

Account information. Email address, name, and workspace name you provide at signup. Authentication tokens and session metadata necessary to maintain your login.

Workspace data. Prospect records (company name, contacts, phone, email, addresses), activity history, notes, attached files, and any other data you upload or generate within the Service.

Usage data. Pages visited, features used, AI calls made, errors encountered. We log this to operate, debug, and improve the Service.

Billing information. Stripe processes payments on our behalf and stores card data; we receive only the subscription metadata (status, billing period, plan id).

Technical data. IP address, browser type, device type, and operating system, logged for security and debugging purposes.

2. How we use information

  • To provide, maintain, and improve the Service.
  • To authenticate you and protect your account.
  • To process billing through our payment processor.
  • To send transactional emails (signup confirmation, billing receipts, security alerts).
  • To respond to support requests and communicate with you about the Service.
  • To detect, prevent, and address technical issues, fraud, and security incidents.
  • To comply with legal obligations.

We do not sell personal information or share it with third parties for their marketing purposes.

3. AI processing and third-party sub-processors

The Service uses third-party providers ("sub-processors") to deliver functionality. Information you upload may be processed by these providers as needed to operate the Service:

  • Supabase — database, authentication, and file storage. Hosted infrastructure.
  • Vercel — application hosting and edge compute.
  • Anthropic — AI model processing for features like call scripts, email drafts, and summaries. Anthropic's API does not use customer data to train models per their terms.
  • Stripe — payment processing and subscription management.
  • Sentry — error tracking and performance monitoring (PII-scrubbed by default in our configuration).
  • Railway — Python worker hosting for scheduled data enrichment.

See our Data Processing Agreement for a current list of sub-processors and their roles.

4. Data retention

  • Active workspace data is retained for the life of the subscription.
  • After cancellation, Customer Data remains accessible for export for [30 days], then is permanently deleted from production systems.
  • Daily database backups are retained for [7-30 days] depending on the database tier.
  • Audit logs are retained for [90 days] by default (workspace-configurable).
  • Aggregated, anonymized usage metrics may be retained indefinitely for analytics.

5. Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information ("right to be forgotten").
  • Export your data in a portable format.
  • Object to certain processing activities.
  • Withdraw consent at any time.

To exercise these rights, contact us at privacy@example.com.

6. Security

We protect Customer Data with industry-standard measures including TLS 1.2+ in transit, encryption at rest, role-based access controls within the application (workspace-scoped row- level security), regular security reviews, and least-privilege access for our team. No system is perfectly secure; we cannot guarantee absolute security.

7. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information, contact us to delete.

8. International data transfers

Our infrastructure may store and process data in multiple regions. When transferring data across borders we rely on appropriate safeguards (Standard Contractual Clauses, adequacy decisions where available).

9. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least [30 days] before the changes take effect.

10. Contact

Privacy questions? Contact us at privacy@example.com. For mailing address: [Company Legal Address].

Terms of ServicePrivacy PolicyData Processing AgreementSign in →