General Data Protection Regulation (GDPR)
OutreachPilotPro is fully committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This regulation gives you control over your personal data and ensures transparency in how we collect, use, and protect your information.
Your Rights Under GDPR
As a data subject, you have the following rights:
- Right to Access: You can request a copy of all personal data we hold about you
- Right to Rectification: You can request correction of inaccurate personal data
- Right to Erasure: You can request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: You can request limitation of how we process your data
- Right to Data Portability: You can request your data in a structured, machine-readable format
- Right to Object: You can object to processing of your personal data
- Right to Withdraw Consent: You can withdraw consent at any time
How We Collect and Use Your Data
We collect and process personal data for the following purposes:
- To provide our email discovery and outreach services
- To process payments and manage subscriptions
- To send service-related communications
- To improve our services and user experience
- To comply with legal obligations
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract: Processing necessary to provide our services
- Legitimate Interest: Improving our services and preventing fraud
- Consent: Marketing communications (where applicable)
- Legal Obligation: Compliance with applicable laws
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account data: Retained while your account is active and for 7 years after deactivation
- Email discovery data: Retained for 2 years from last activity
- Campaign data: Retained for 3 years from campaign completion
- Payment data: Retained for 7 years for tax and accounting purposes
Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication
- Employee training on data protection
- Incident response procedures
International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure such transfers comply with GDPR requirements through:
- Adequacy decisions by the European Commission
- Standard contractual clauses
- Binding corporate rules
- Other appropriate safeguards
Third-Party Processors
We use trusted third-party service providers who process data on our behalf:
- Cloud hosting providers (AWS, Google Cloud)
- Payment processors (Stripe)
- Email service providers
- Analytics and monitoring tools
All third-party processors are bound by data processing agreements and GDPR compliance requirements.