Privacy Policy

1. Introduction and Data Controller

ScrapedContact, Inc. ("ScrapedContact," "we," "our," or "us") is committed to protecting your privacy and ensuring transparency in how we process your personal data. This Privacy Policy explains how we collect, use, disclose, safeguard, and otherwise process your information when you visit our website at scrapedcontact.com and use our B2B contact data subscription service (collectively, the "Service").

Data Controller: ScrapedContact, Inc., Delaware, USA (sam@scrapedcontact.com)

Privacy Officer/Data Protection Officer: privacy@scrapedcontact.com

By accessing or using ScrapedContact, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service. Your continued use of our Service following the posting of revised Privacy Policy means that you accept and agree to the changes.

2. Scope and Regulatory Applicability

This Privacy Policy applies to all personal data we process, whether collected online or offline, and covers data processed under the following regulatory frameworks:

• GDPR (EU): General Data Protection Regulation (EU) 2016/679 for EU/EEA residents
• CCPA/CPRA (California): California Consumer Privacy Act and California Privacy Rights Act for California residents
• CASL (Canada): Canada's Anti-Spam Legislation for Canadian residents
• PIPEDA (Canada): Personal Information Protection and Electronic Documents Act
• LGPD (Brazil): Lei Geral de Proteção de Dados for Brazilian residents
• US State Privacy Laws: Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state-level regulations
• UK Data Protection: Data Protection Act 2018 and UK GDPR

Different rights and protections apply depending on your jurisdiction. Please review the section applicable to your location.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us, including:

• Account Registration Information: Name, business email address, phone number, company name, job title, industry, and password
• Billing and Payment Information: Credit card number, card expiration date, billing address, and payment history (processed by PCI-compliant payment processors)
• Profile Information: Company size, targeted industries, geographic preferences, team member details, and business objectives
• Communications: Support requests, feedback, inquiries, testimonials, and correspondence with our support team
• Uploaded Content: Any lists, documents, or files you upload for data enrichment or analysis purposes
• Voluntary Information: Information provided in surveys, webinars, events, or user research activities

3.2 Automatically Collected Information

When you access our Service, we automatically collect certain information:

• Usage Data: Pages viewed, features accessed, searches performed, filters used, data downloads, time spent on the platform, and interaction with specific elements
• Device Information: IP address, device type, browser type and version, operating system, device identifiers, and hardware model
• Network Information: ISP, connection type, bandwidth, and geolocation data inferred from IP address
• Cookies and Tracking Technologies: First-party and third-party cookies, pixel tags, web beacons, and local storage identifiers (see Section 9)

3.3 Information from Third Parties

We may receive personal information about you from:

• Business Partners: Referral partners, affiliate networks, and integrated platforms
• Service Providers: Payment processors, analytics providers, and cloud infrastructure providers
• Publicly Available Sources: Publicly available business directories and professional networks (for account verification purposes only)
• Legal Authorities: Government agencies and law enforcement (when required)

4. Legal Bases for Processing (GDPR Article 6)

We process your personal data based on one or more of the following legal bases as permitted by GDPR:

4.1 Performance of Contract (Article 6(1)(b))

We process your account information, billing data, and service usage data to enter into and perform our service agreement with you. This includes:

• Creating and maintaining your account
• Processing subscription payments
• Delivering contact data you request
• Providing customer support
• Enforcing terms of service

4.2 Legitimate Interests (Article 6(1)(f))

We process certain information to pursue legitimate business interests, provided such interests do not override your rights and freedoms:

• Service Improvement: Analyzing usage patterns to improve features, usability, and performance
• Fraud Prevention: Detecting and preventing unauthorized access, fraudulent transactions, and abuse
• Marketing: Sending promotional emails and product updates (only if you have not opted out)
• Analytics: Understanding user behavior to optimize our platform
• Security: Maintaining and protecting against security threats

4.3 Consent (Article 6(1)(a))

For certain processing activities, we obtain your explicit consent, including:

• Marketing communications and newsletters
• Cookies and similar tracking technologies (for non-essential cookies)
• Profiling for personalization purposes
• Third-party data sharing (beyond service delivery)

4.4 Legal Obligation (Article 6(1)(c))

We process personal data when required by law, including:

• Compliance with tax, accounting, and financial reporting requirements
• Responses to law enforcement requests and court orders
• Prevention of illegal activities
• Regulatory compliance and audit requirements

5. Purposes of Processing

We use the information we collect for the following specific purposes:

5.1 Service Delivery

• Creating and managing your account
• Processing subscription payments and billing
• Delivering contact data and search results
• Managing access to premium features
• Tracking usage for quota and credit management

5.2 Communications

• Responding to inquiries and customer service requests
• Sending transactional emails (receipts, confirmations, password resets)
• Providing technical support and troubleshooting
• Notifying you of policy changes or service updates

5.3 Marketing and Engagement

• Sending newsletters and promotional content (only with consent)
• Announcing new features and product updates
• Conducting surveys and user research
• Personalizing user experience based on preferences

5.4 Analytics and Improvement

• Analyzing trends, usage patterns, and engagement metrics
• Identifying which features are most valuable to users
• Optimizing platform performance and user interface
• Conducting A/B testing and user experience research

5.5 Security and Compliance

• Detecting, investigating, and preventing fraudulent activity
• Preventing unauthorized access and security breaches
• Enforcing our terms of service and other agreements
• Protecting against legal liability and disputes
• Complying with legal, regulatory, and governmental requests

5.6 Business Operations

• Aggregate statistical analysis (anonymized and de-identified data)
• Creating backups and disaster recovery
• Maintaining system security and integrity

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. However, we may share your information in the following specific circumstances:

6.1 Service Providers and Data Processors

We share your information with third-party service providers who perform services on our behalf. These providers are contractually bound to process data only as instructed and to maintain confidentiality. Our primary service provider categories include:

• Payment Processors: Stripe, PayPal (for processing credit card payments)
• Cloud Infrastructure: AWS, Google Cloud Platform (for data storage, hosting, and backup)
• Email Service Providers: SendGrid, Mailgun (for transactional and marketing emails)
• Analytics Providers: Google Analytics, Mixpanel, Segment (for usage analytics and insights)
• Customer Support Tools: Intercom, Zendesk (for support tickets and communications)
• Monitoring and Logging: Datadog, LogRocket (for performance monitoring and error tracking)
• Authentication Services: Auth0, Firebase Authentication (for account security)

For all service providers in the EU, we execute Data Processing Agreements (DPAs) including Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

6.2 Legal Requirements and Law Enforcement

We may disclose your information if legally required to do so or in response to valid requests by public authorities, including:

• Subpoenas, court orders, or legal process
• Law enforcement requests (local, state, federal, or international)
• Regulatory investigations or government inquiries
• Prevention of imminent harm or illegal activity

We will notify you of such requests unless legally prohibited from doing so, except in circumstances where notification would be futile, ineffective, or harmful.

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, asset sale, reorganization, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice and, where applicable, an opportunity to opt-out before such transfer occurs.

6.4 Affiliate Disclosure

We may share your information with affiliated companies within our corporate family for administrative purposes, service improvement, and marketing (only where permitted by law and your preferences).

6.5 Aggregate and De-identified Data

We may disclose aggregated, anonymized, or de-identified data that cannot reasonably identify you to third parties for research, marketing, analytics, and other purposes without restriction.

6.6 Your Consent

We may share your information with third parties when you explicitly consent or request such sharing for specific purposes.

7. Responsibility for Contact Data We Provide

The contact data (email addresses, phone numbers, company information, and professional details) we deliver through our Service is compiled from publicly available information, business registries, professional networks, and public data sources. When you download or use contact data:

7.1 Your Responsibilities as a Data User

• Compliance with Laws: You are solely responsible for complying with all applicable laws, regulations, and industry standards regarding the use of this data
• Spam Compliance: You must comply with CAN-SPAM (US), CASL (Canada), GDPR (EU), LGPD (Brazil), and similar anti-spam laws in all jurisdictions where you communicate
• Respect Privacy Requests: You must honor opt-out requests, unsubscribe requests, and privacy-related communications from individuals
• Prohibited Uses: You shall not use contact data for illegal, fraudulent, harassing, defamatory, or unethical purposes
• Data Protection: You must implement appropriate security measures to protect the data from unauthorized access
• No Redistribution: You may not resell, republish, or redistribute the contact data to third parties
• Accurate Representation: You must accurately identify yourself and your business purpose when contacting individuals

7.2 Indemnification

You agree to indemnify and hold ScrapedContact harmless from any claims, damages, penalties, or fines arising from your misuse of contact data, violation of applicable laws, or breaches of this Privacy Policy. This includes any fines imposed by GDPR, CCPA, CASL, or similar regulatory bodies due to your use of the data.

7.3 Data Accuracy Disclaimer

While we strive to provide accurate contact information, we do not guarantee that all contact data is 100% accurate or current. Contact information may become outdated or incorrect over time. You should verify contact information before using it for critical communications or business decisions.

8. Data Security and Protection

We implement comprehensive technical, organizational, and administrative measures designed to protect your personal information against unauthorized access, alteration, disclosure, loss, or destruction. Our security measures include:

8.1 Technical Safeguards

• Encryption: End-to-end SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
• Firewalls and Network Security: Multi-layered firewall protection and DDoS mitigation
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
• Intrusion Detection: Continuous monitoring for unauthorized access attempts
• Regular Backups: Automated daily backups with disaster recovery protocols

8.2 Organizational Safeguards

• Limited Access: Employee access limited to personal data necessary for job functions
• Confidentiality Agreements: All employees sign data protection and confidentiality agreements
• Training: Regular privacy and security training for all personnel
• Incident Response: Documented procedures for responding to security breaches

8.3 Administrative Safeguards

• Data Minimization: We collect and retain only the minimum data necessary
• Regular Audits: Periodic security assessments and vulnerability testing
• Compliance Standards: Compliance with PCI-DSS, SOC 2, and ISO 27001 standards
• Vendor Management: Rigorous security review of third-party service providers

8.4 Limitation of Liability

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept the inherent risks of internet-based communications. In the event of a data breach, we will notify affected individuals as required by law.

9. Data Retention and Deletion

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and enforce our agreements. Specific retention periods are as follows:

9.1 Retention Schedule by Data Type

• Account Information: Retained for the duration of your account plus 1 year after account termination (to resolve disputes and comply with tax laws)
• Billing and Payment Records: Retained for 7 years (per US tax and accounting requirements)
• Communications with Support: Retained for 3 years from last interaction
• Marketing Communications: Retained until unsubscribe, then 1 year for compliance verification
• Usage and Analytics Data: Retained for 12 months for analysis purposes, then anonymized
• Cookies and Tracking Data: Varies by cookie type (see Section 9)
• Dispute Records: Retained for 3 years (statute of limitations)
• IP Logs and Security Data: Retained for 90 days (or longer if required for investigation)

9.2 Deletion Upon Request

Upon your request and subject to certain exceptions, we will delete your personal information. We may retain data that is:

• Necessary to fulfill legal or contractual obligations
• Required for fraud detection or security purposes
• Necessary to resolve disputes or enforce agreements
• Required to comply with tax or financial regulations
• Anonymized or aggregated such that you are no longer identifiable

9.3 Account Deletion

You may request complete account deletion at any time by contacting privacy@scrapedcontact.com. Upon your request, we will delete your account data within 30 days, subject to the exceptions listed above.

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small data files stored on your device that contain information about your browsing activity. We use cookies and similar tracking technologies (pixels, web beacons, local storage, session storage) to enhance your experience and understand how you use our Service.

10.2 Types of Cookies We Use

• Essential/Strictly Necessary Cookies: Required for core functionality (authentication, security, basic service delivery). No consent required.
• Analytical/Performance Cookies: Track usage patterns and performance metrics (Google Analytics). Consent required (except anonymous data).
• Functional Cookies: Remember your preferences and settings. Consent required.
• Marketing/Targeting Cookies: Track behavior for promotional purposes. Explicit consent required.
• Third-Party Cookies: Set by external partners (analytics, advertising, social media). Separate consent required.

10.3 Consent Management

We obtain explicit consent for non-essential cookies through a cookie banner on first visit. You can:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences
• Withdraw consent at any time through your account settings or by contacting us

10.4 Managing Cookies

Most browsers allow you to refuse cookies or alert you when cookies are being sent. You can delete cookies through your browser settings. Note that refusing cookies may limit your ability to use certain features of our Service. Consult your browser's help function for instructions on managing cookies.

10.5 Do Not Track (DNT)

We do not currently respond to "Do Not Track" browser signals. However, you can manage tracking preferences through your cookie settings or browser controls.

11. Your Privacy Rights and How to Exercise Them

Depending on your jurisdiction, you have certain rights regarding your personal information. Below is a summary of rights by jurisdiction.

11.1 GDPR Rights (EU/EEA Residents)

If you are located in the European Economic Area, you have the following rights under GDPR Articles 15-22:

• Right of Access (Article 15): Request a copy of all personal data we hold about you in a structured, commonly used, machine-readable format
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Article 17): Request deletion of your personal data ("Right to be Forgotten"), subject to legal exceptions
• Right to Restrict Processing (Article 18): Request limitation of how we process your data for specific purposes
• Right to Data Portability (Article 20): Request transfer of your data to another service provider in a structured format
• Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
• Rights Related to Automated Decision Making (Article 22): Request human review of automated decisions that significantly affect you
• Right to Withdraw Consent (Article 7(3)): Withdraw consent for processing at any time without affecting prior processing

To exercise these rights, contact us at privacy@scrapedcontact.com with "GDPR Data Request" in the subject line. We will respond within 30 days (extendable by 60 days for complex requests).

11.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request what personal information we collect, use, and share about you
• Right to Access: Request a copy of the specific personal information we have collected
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information (CPRA)
• Right to Opt-Out of Sale or Sharing: Instruct us not to sell or share your personal information (see "Do Not Sell My Personal Information" link below)
• Right to Limit Use: Limit our use of sensitive personal information to purposes necessary to provide our service
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights
• Right to Opt-Out of Automated Decision Making: Request human review of automated decisions (CPRA)

Do Not Sell My Personal Information - Click this link to submit a request to opt-out of any sale or sharing of your personal information.

To exercise other CCPA/CPRA rights, contact us at privacy@scrapedcontact.com with "CCPA Data Request" in the subject line, or call 1-XXX-XXX-XXXX [UPDATE WITH ACTUAL NUMBER]. We will respond within 45 days. You may also designate an authorized agent to submit requests on your behalf.

11.3 CASL Rights (Canadian Residents)

Canada's Anti-Spam Legislation (CASL) requires us to:

• Obtain your express or implied consent before sending commercial electronic messages
• Identify ourselves clearly in all communications
• Include a functional unsubscribe mechanism in all marketing emails
• Honor unsubscribe requests within 10 business days

You have the right to withdraw consent and opt-out of marketing communications at any time. Every marketing email includes an unsubscribe link, or you can contact privacy@scrapedcontact.com.

11.4 LGPD Rights (Brazilian Residents)

If you are a Brazilian resident, you have rights under the Lei Geral de Proteção de Dados (LGPD):

• Right to confirmation of processing
• Right to access your personal data
• Right to request correction of incomplete or inaccurate data
• Right to anonymization or deletion of unnecessary data
• Right to opt-out of processing for certain purposes

Contact privacy@scrapedcontact.com to exercise these rights. We will respond within 15 days.

11.5 General Process for Data Requests

To submit a data access, deletion, or correction request:

• Email privacy@scrapedcontact.com with your request
• Include your name, email address, and account details
• Clearly state which right(s) you wish to exercise
• We will verify your identity before processing your request
• We will respond within applicable timeframes (30-45 days depending on jurisdiction)

12. International Data Transfers and Adequacy

12.1 Data Transfer Locations

ScrapedContact is based in the United States. Your personal information will be transferred to, processed, and stored in the United States and may be transferred to other countries where we or our service providers operate. Data protection laws in these countries may differ from your home jurisdiction.

12.2 Standard Contractual Clauses (SCCs)

For transfers of personal data from the EU/EEA to the United States and other non-adequate countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. We execute Data Processing Agreements (DPAs) incorporating SCCs with:

• Our organization (intra-group transfers)
• All third-party service providers and data processors
• Subprocessors engaged by service providers

12.3 Adequacy Decisions

We monitor European Commission adequacy decisions regarding data transfer mechanisms. Currently, transfers to the US are conducted under SCCs. If new legal frameworks (such as an EU-US data transfer agreement) become available, we will update our mechanisms accordingly.

12.4 Your Consent to International Transfer

By using our Service, you consent to the transfer of your personal information to countries outside your country of residence, which may have different data protection rules. We implement safeguards to ensure that international transfers maintain the same level of protection as afforded in the EU.

13. Data Breach Notification Procedures

13.1 Notification Requirements

In the event of a confirmed data breach that compromises the security or privacy of personal information, we will:

• Notify affected individuals without undue delay (and, for GDPR, within 72 hours of discovery)
• Notify relevant data protection authorities as required by law
• Provide notification to the media if required by law
• Describe the nature and scope of the breach
• Explain potential risks and measures taken to mitigate harm
• Provide contact information for assistance

13.2 Breach Assessment

Upon discovery of a potential breach, we will:

• Investigate the nature, scope, and extent of the breach
• Determine which individuals and data are affected
• Assess whether notification is legally required
• Implement remedial measures to prevent future breaches
• Document the breach for regulatory compliance

13.3 Breach Notification Procedures

Individuals affected by a breach will be notified via:

• Email to the email address registered with their account
• Notice on our website or service dashboard
• Phone call or postal mail if email contact is unavailable

14. Automated Decision Making and Profiling

14.1 Use of Automated Processing

We use automated decision-making for certain limited purposes, including:

• Fraud Detection: Automated systems screen for suspicious transactions and access patterns
• Service Personalization: We use algorithms to personalize your experience and content recommendations
• Usage-Based Pricing: We automatically calculate credits and usage against your subscription tier
• Spam Filtering: Automated systems filter support tickets and communications

14.2 Right to Human Review (GDPR Article 22)

Under GDPR, you have the right to request human review of automated decisions that produce legal or similarly significant effects on you. These include:

• Account suspension or termination
• Denial of service access
• Pricing adjustments based solely on profiling

To request human review, contact privacy@scrapedcontact.com with details of the automated decision.

14.3 Profiling

We may create profiles based on your usage patterns, industry, company size, and engagement level to:

• Improve our Service and features
• Personalize marketing communications
• Detect fraud and security threats

These profiles are not used to make decisions that have legal effects or similarly significant impacts without your consent.

15. Third-Party Links and External Services

Our Service may contain links to third-party websites, applications, and services (including LinkedIn, Twitter, GitHub, and other integrations). We are not responsible for the privacy practices of these external sites. We recommend reviewing their privacy policies before providing any personal information.

If you access our Service through third-party platforms (e.g., through an OAuth provider), we receive limited information according to your privacy settings with that platform.

16. Children's Privacy (COPPA Compliance)

Our Service is not intended for individuals under 18 years of age, and we do not knowingly collect personal information from minors. If you are under 18, please do not provide information to us.

If we become aware that we have collected personal information from a child under 13 (in the US) or equivalent age in other jurisdictions, we will delete such information and terminate the child's account. Parents or guardians who believe their child has provided information may contact us at privacy@scrapedcontact.com.

17. Compliance Certifications and Standards

We maintain compliance with:

• PCI-DSS: Payment Card Industry Data Security Standard for secure payment processing
• SOC 2 Type II: Service Organization Control audits demonstrating security and availability
• ISO 27001: Information security management systems certification
• GDPR: General Data Protection Regulation compliance for EU residents
• CCPA/CPRA: California consumer privacy law compliance

These certifications are independently audited and demonstrate our commitment to data protection and privacy.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page with a revised "Last Updated" date
• Sending you an email notification if changes significantly affect your rights
• Requiring your explicit consent for material changes (where legally required)

Your continued use of our Service following the posting of changes constitutes your acceptance of the revised Privacy Policy. We recommend that you review this policy periodically to stay informed about how we protect your information.

19. Contact Information and Data Subject Rights Requests

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Data Subject Access Request Process

To submit a data subject access request or exercise your privacy rights:

1. Email privacy@scrapedcontact.com with your request and the specific right you wish to exercise
2. Include sufficient information to identify yourself (name, email, account details)
3. Include "Data Subject Access Request" or the applicable jurisdiction in the subject line
4. We will respond within 30 days (GDPR) or 45 days (CCPA) with further instructions if verification is required
5. We may request additional information to verify your identity and protect your data security

20. Additional Resources and Links

For more information about data protection rights and regulations:

• GDPR: GDPR Info and European Commission Data Protection
• CCPA/CPRA: California Attorney General CCPA Resources
• CASL: Government of Canada CASL Resources
• LGPD: Brazilian Government LGPD Resources