Privacy Policy

How we collect, use, and protect your data

Last updated: January 10, 2025

1. Data Controller

The data controller for ProspectFlow is:

BLATT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Address: ALEJA JANA PAWŁA II 43A /37B, 01-001 Warsaw, Poland

NIP: 5272964393

KRS: 0000911375

REGON: 38948237400000

Email: privacy@prospectflow.ai

Phone: +48 225928817

2. Data We Collect

Account Information:

  • Google account ID and email address (via OAuth2)
  • Your product/service description and ICP criteria
  • Subscription and billing information

LinkedIn Profile Data:

  • Public profile information from LinkedIn Sales Navigator searches
  • Company information, job titles, and professional experience
  • Profile view tracking data (when you view profiles)

Usage Data:

  • Extension usage statistics and feature interactions
  • Error logs and performance data
  • Browser and device information

Important:

We never collect or store LinkedIn private messages, connection requests, or any private account data.

3. How We Use Your Data
  • Service Provision: To provide ProspectFlow functionality, including AI scoring and lead export
  • AI Processing: Public LinkedIn profile data is processed by secure AI services (OpenAI GPT-4) for lead scoring
  • Account Management: To manage your subscription, billing, and customer support
  • Product Improvement: To analyze usage patterns and improve our service
  • Legal Compliance: To comply with applicable laws and regulations
4. Data Processing Legal Basis (GDPR)
  • Contract Performance: Processing necessary to provide our service
  • Legitimate Interest: Product improvement and customer support
  • Consent: For marketing communications (opt-in only)
  • Legal Obligation: For tax, accounting, and regulatory compliance
5. Data Sharing and Third Parties

We share data only with:

  • OpenAI: For AI scoring of public LinkedIn profiles (EU servers when available)
  • Stripe: For payment processing and subscription management
  • Google: For authentication services
  • Microsoft Azure: For secure cloud hosting (EU region)

All third-party processors are GDPR-compliant and bound by data processing agreements.

6. Data Retention
  • Account Data: Retained while your account is active, plus 30 days after deletion
  • LinkedIn Profile Data: Processed temporarily for AI scoring, not permanently stored
  • Usage Logs: Retained for 12 months for security and improvement purposes
  • Billing Data: Retained for 7 years for tax and legal compliance
7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: For processing based on consent

To exercise these rights, contact us at: privacy@prospectflow.ai

8. Security Measures
  • All data transmission is encrypted using HTTPS/TLS
  • Data is stored on secure, GDPR-compliant servers in the EU
  • Access controls and authentication for all systems
  • Regular security audits and vulnerability assessments
  • Incident response procedures for data breaches
9. International Transfers

When data is transferred outside the EU (e.g., to OpenAI in the US), we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Certification schemes and codes of conduct
10. Contact Information

For privacy-related questions or to exercise your rights:

Data Protection Officer:

Email: privacy@prospectflow.ai

Address: BLATT SP. Z O.O., ALEJA JANA PAWŁA II 43A /37B, 01-001 Warsaw, Poland

You also have the right to lodge a complaint with the Polish Data Protection Authority (UODO) if you believe your rights have been violated.