Outfound ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our B2B lead generation platform at outfound.ai and app.outfound.ai (the "Service").
This Privacy Policy should be read together with our Cookie Policy and Terms of Service. If you do not agree with this Policy, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
Email address (required for authentication)
Full name
Phone number (optional)
Company name and company domain
Company size and industry
Country and timezone
This information is used to create and manage your account, set up your workspace, and personalize your experience.
1.2 Billing Information
When you purchase credits or a subscription, we collect:
Billing contact name and email
Billing address (street, city, postal code, country)
Tax identification number (where applicable, for invoicing)
We do not store your full credit card numbers. All payment processing is handled securely by İyzico, our PCI-DSS compliant payment processor. İyzico processes your payment details on our behalf.
1.3 Usage Data
When you use the Service, we automatically collect certain technical and usage information, including:
Log data: IP address, browser type, pages visited, referring/exit pages, timestamps
Device information: Operating system, device type
Feature usage: Which features you use, which pages you access, and how often
Performance data: Error logs, response times, load times, and crash reports
We use this data to operate, secure, and improve the Service.
1.4 Lead & Contact Data You Generate
Outfound is a B2B lead generation and outreach platform. When you use our Service to find and manage leads, we process:
Target market criteria you define (e.g., industry, geography, company size, technology stack)
Pain points, value propositions, and messaging inputs you provide
Generated lead information such as:
Company names and domains
Publicly available or business contact details (e.g., work email, job title, LinkedIn URL)
Information about the company or contact that is relevant for B2B outreach
We treat lead data as business contact data used for B2B communications. We do not intentionally collect or process special category (sensitive) personal data (e.g., health, religion, political opinions).
You control which lead data is stored in your account and may delete leads at any time from within the Service.
1.5 Communication & Support Data
When you contact us (for example, via email, in-app chat, or support forms), we may collect:
Your name and contact details
The content of your message and any attachments
Internal notes about the request and our responses
We use this information to provide customer support and improve our services.
1.6 Cookies and Similar Technologies
We use cookies and similar technologies to:
Keep you logged in and maintain your session
Remember your preferences (e.g., language, timezone)
Analyze traffic and usage for improving the Service
For more information, please see our Cookie Policy.
1.7 AI Input Data
When you run lead generation jobs or AI personalization features, we process:
Prompts and instructions you provide
Lead lists and targeting criteria
Email drafts, templates, and personalization snippets
This data is used to generate AI-powered outputs (e.g., personalized emails, summaries, and relevance scores) as part of the Service.
2. How We Use Your Information
2.1 To Provide and Operate the Service
We use your information to:
Create and manage your account and workspaces
Process your lead generation and enrichment jobs
Generate AI-personalized email content and recommendations
Manage your credit balance and billing
Provide technical and customer support
Enable collaboration within your organization (if applicable)
2.2 To Improve the Service
We analyze usage and performance data to:
Understand how the Service is used
Improve existing features and develop new ones
Monitor and improve performance, reliability, and usability
Debug errors and resolve incidents
Where possible, we use aggregated or de-identified data for these purposes.
2.3 To Communicate With You
We use your contact information to:
Send transactional emails (e.g., job completions, invoice receipts, account notifications)
Notify you about important service changes, security updates, or policy updates
Respond to your questions and support requests
We may also send you product updates or marketing communications where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us.
2.4 For Security, Abuse Prevention, and Legal Compliance
We use your information to:
Detect, investigate, and prevent fraud, abuse, or security incidents
Protect the integrity and availability of our systems
Enforce our Terms of Service
Comply with legal and regulatory obligations (e.g., tax, accounting, data protection)
3. Data Processing and Third-Party Services
To provide our Service, we use carefully selected third-party service providers ("processors") who act on our behalf. These processors are contractually required to protect your data and use it only for the specific purposes we define.
Key categories and examples include:
3.1 Authentication & Identity
Clerk – User authentication, session management, and identity services. We share your email, name, and profile data with Clerk to enable secure login and account management.
3.2 Payments & Billing
İyzico – Payment processing and billing. When you make a purchase, your billing information and transaction details are processed by İyzico. We do not store full credit card numbers.
3.3 Hosting & Infrastructure
Vercel and other infrastructure providers – Hosting of our website and application, content delivery, and performance monitoring. These providers may process IP addresses, log data, and usage data to deliver the Service.
3.4 Analytics & Monitoring
Google Analytics – Website and product analytics to understand usage and improve the user experience.
Sentry and similar tools – Error tracking and monitoring, which may include technical error logs, IP addresses, and device information.
3.5 AI & Lead Enrichment Providers
We may use third-party providers for:
AI model inference and text generation
Lead enrichment and verification
Email deliverability and spam checking
These providers process lead and job data strictly to perform the tasks we instruct them to do. We work to ensure appropriate data protection agreements are in place and, where possible, configure providers so that your data is not used to train their general models.
3.6 Email Delivery & Communications
We may use email delivery providers (e.g., transactional email services) to send:
Account and billing notifications
System alerts and security notifications
Outbound emails you send through the platform (where applicable)
We may update our list of processors over time. Where required by law, we will notify you of material changes.
4. AI Processing
Outfound uses AI models to generate and improve B2B outreach content and insights. When you use AI features:
Your prompts, lead data, and email drafts are sent to AI models (our own or third-party providers) to generate the requested output.
We use this data only to provide you with the Service (e.g., to generate personalized emails, relevance scores, or summaries).
We do not sell your data to AI providers.
We do not use your customer data to train our own general-purpose foundation models without your consent.
Where possible, we configure AI providers and contractually require them:
To act as processors on our behalf
To process your data only to perform the services we request
Not to use your data for their own advertising or profiling purposes
We retain AI input and output data only for as long as necessary to provide the Service, improve quality and safety, and comply with our legal obligations.
5. Data Security
We implement a combination of technical and organizational measures to protect your data.
5.1 Encryption
In transit: All data transmitted between you and our servers is encrypted using TLS 1.2+
At rest: Sensitive personal data (such as email addresses, names, phone numbers) is encrypted using strong encryption (e.g., AES-256 / Fernet)
Authentication: We do not store plaintext passwords; authentication is securely handled by Clerk and other identity providers
5.2 Access Control & Architecture
Role-based access control (e.g., Owner, Admin, Member, Viewer) within your organization
Multi-tenant architecture with strict logical data isolation between organizations
Principle of least privilege for internal access
Audit logging of sensitive data access and administrative actions
5.3 Infrastructure Security
Encrypted databases and backups
Regular updates, patches, and security hardening of systems
Security monitoring and incident response procedures
Secure secrets management for API keys, credentials, and certificates
No method of transmission or storage is completely secure. However, we work continuously to protect your data and improve our security posture.
6. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law.
Data Type | Retention Period | Purpose |
|---|---|---|
Account data (profile, workspace) | Until account deletion + 30 days | Account management & recovery |
Generated leads & contact records | Until you delete them or account deletion | Providing the Service |
Job logs & AI outputs (non-billing) | Typically up to 12 months (unless deleted) | Service quality, debugging, abuse detection |
Audit logs | Up to 2 years | Security & compliance |
Usage analytics | Up to 1 year (aggregated/de-identified) | Product analytics & improvement |
Support tickets & communications | Up to 2 years after ticket closure | Support history & quality assurance |
Billing records & invoices | 10 years | Legal & tax obligations |
Marketing preferences (opt-in/opt-out) | Until you change your preferences or delete account | Compliance with consent and opt-out |
Where possible, we will anonymize or aggregate data so that it is no longer associated with an identifiable individual.
7. Your Rights
Depending on your location and applicable law (e.g., GDPR in the EEA, KVKK in Turkey), you may have the following rights regarding your personal data:
7.1 Right of Access
You can request confirmation of whether we process your personal data and receive a copy of that data.
7.2 Right to Rectification
You can request that we correct inaccurate or incomplete personal data.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data, subject to our legal retention obligations (for example, billing records cannot be deleted immediately due to tax laws).
7.4 Right to Restriction of Processing
You can request that we restrict how we use your data in certain circumstances.
7.5 Right to Object
You may object to processing based on our legitimate interests, including profiling related to those interests. You may also object at any time to the use of your data for direct marketing.
7.6 Right to Data Portability
You can request to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller, where technically feasible.
To exercise these rights, please contact us at:
Email: privacy@outfound.ai
We will respond within 30 days or within the timeframe required by applicable law. We may ask you to verify your identity before acting on your request.
8. International Data Transfers
Your data may be processed and stored in countries outside your country of residence, including countries that may not have the same level of data protection laws as your jurisdiction.
When transferring personal data internationally, we implement appropriate safeguards, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with our processors
Technical and organizational safeguards to protect your data
We comply with the requirements of GDPR, KVKK, and other applicable data protection laws when transferring data.
9. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal bases:
Purpose | Legal Basis |
|---|---|
Account creation and service delivery | Performance of a contract |
Billing, payments, and invoicing | Performance of a contract; legal obligation |
Security, fraud prevention, abuse control | Legitimate interest |
Service improvement and analytics | Legitimate interest (balancing test applied) |
Marketing communications (email etc.) | Consent; or legitimate interest where permitted |
Legal and regulatory compliance | Legal obligation |
You may withdraw your consent at any time, where processing is based on consent. This will not affect the lawfulness of processing before the withdrawal.
10. Children's Privacy
Our Service is intended for business users and is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 18, we will take steps to delete such information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and/or a prominent notice within the Service before the changes become effective.
Your continued use of the Service after the updated Policy becomes effective will indicate that you have read and understood the changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:
Email: privacy@outfound.ai
Address: İzmir Bilişim Vadisi, Teknopark, İzmir, Turkey
13. Supervisory Authorities
If you are in the EEA or UK and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
For users in Turkey, you may contact:
Kişisel Verileri Koruma Kurumu (KVKK)
Website: https://www.kvkk.gov.tr
If there is any inconsistency between translated versions of this Policy, the English version will prevail.