Privacy Policy
Last updated: January 1, 2025
1. Information We Collect
We collect information you provide: name, email, company name, billing details, and account preferences. We also collect data automatically: IP address, browser type, device info, usage patterns, pages visited, and referral URLs. When you integrate CRM or email accounts, we access contact data and communication metadata necessary for platform functionality.
2. How We Use Your Data
We use your data to: (a) operate, maintain, and improve the Platform; (b) generate AI-powered outreach content; (c) analyze prospect engagement and optimize campaigns; (d) process payments and send invoices; (e) communicate product updates and support; (f) detect and prevent abuse or fraudulent activity; (g) comply with legal obligations. We do not sell your personal information.
3. Cookies & Tracking
We use essential cookies for authentication and security. Analytics cookies (Google Analytics, PostHog) help us understand usage patterns. You can disable cookies in browser settings, though some features may not function properly. We also use session storage for temporary data. We do not use third-party advertising cookies.
4. Data Sharing & Third Parties
We share data with: (a) service providers (cloud hosting via AWS, payment processing via Stripe, email delivery via SendGrid); (b) integrated third-party services you authorize (CRM, email, LinkedIn); (c) legal authorities when required by law. All service providers are contractually bound to protect your data and use it only for specified purposes.
5. Data Security
We implement comprehensive security measures: AES-256 encryption at rest, TLS 1.3 encryption in transit, SOC 2 compliant infrastructure, regular security audits, access controls, and employee security training. However, no method of transmission is 100% secure. We cannot guarantee absolute security but follow industry best practices.
6. Data Retention
We retain your data for as long as your account is active. After account deletion, we delete your data within 30 days unless retention is required by law. Anonymized analytics data may be retained indefinitely. Backup data is retained for 90 days. You can request data export at any time.
7. GDPR Compliance
For EU/EEA users: (a) legal basis for processing is consent, contract performance, or legitimate interests; (b) you have rights to access, rectify, erase, restrict, port, and object to processing; (c) you may withdraw consent at any time; (d) data may be transferred to countries with adequate safeguards; (e) our Data Protection Officer can be reached at dpo@offdx.in. Complaints may be filed with your local supervisory authority.
8. CCPA Compliance
California residents have the right to: (a) know what personal information is collected and shared; (b) request deletion of personal information; (c) opt out of sale of personal information (we do not sell data); (d) non-discrimination for exercising these rights. To exercise your rights, email privacy@offdx.in with 'CCPA Request' in the subject line.
9. Children's Privacy
The Platform is not intended for users under 18 years of age. We do not knowingly collect data from children. If we discover a child under 18 has provided personal information, we will delete it immediately. Parents or guardians can contact us at privacy@offdx.in to request deletion.
10. International Data Transfers
Your data may be processed on servers located in India, the United States, or other countries where our service providers operate. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with all data processors.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or platform notice. Your continued use after changes constitutes acceptance. We encourage you to review this policy regularly. Previous versions are available upon request.
12. Contact Us
For privacy-related inquiries: Email: privacy@offdx.in. Address: OutreachAI, Mumbai, India. For data subject requests, we will respond within 30 days. You may also lodge a complaint with your local data protection authority.