legal and compliance
Last updated May 25, 2026
This Privacy Policy explains how OutPulse (operated by OutPulse Technologies) collects, uses, stores, and protects personal data across our platform, marketing site, API, Chrome extension, and related services. This policy applies globally and addresses requirements under the India DPDP Act 2023, EU GDPR, UK GDPR, US CAN-SPAM, California CCPA/CPRA, Canada CASL, Brazil LGPD, Australia Spam Act, Singapore PDPA, and other applicable data protection laws.
OutPulse Technologies is the data controller for personal data processed through the OutPulse platform. For questions about this policy or to exercise your data rights, contact: privacy@outpulse.io.
Registered address: [Your registered business address]. Data Protection Officer (DPO) contact: dpo@outpulse.io.
Account Data: Name, email address, company name, password (hashed), billing information (processed by Stripe - we do not store card numbers).
Usage Data: API calls, verification results, email finder queries, sequence activity, credit consumption, login timestamps, IP addresses.
Contact Data Processed on Behalf of Users: Email addresses, names, company information, and verification results that users upload or discover through our platform. Users are the data controller for this data; OutPulse acts as a data processor.
Marketing Site Data: Browser type, device information, pages visited, referral source, approximate location (country/city level via IP), cookie identifiers.
Chrome Extension Data: LinkedIn profile information (name, company, headline) extracted locally on the user's device. Only sent to OutPulse API when the user explicitly clicks "Find Email".
Contract Performance: Processing account data to provide the OutPulse service you signed up for.
Legitimate Interest: Processing usage data for service improvement, security monitoring, and fraud prevention. Processing business contact data for B2B email discovery (where the data subject has a reasonable expectation of business contact).
Consent: Marketing communications, cookie tracking, and newsletter subscriptions. You may withdraw consent at any time.
Legal Obligation: Retaining billing records for tax compliance, responding to lawful data access requests.
OutPulse complies with the Digital Personal Data Protection Act, 2023 (India). We obtain explicit, free, informed, and specific consent before collecting personal data from Indian data principals.
Data Erasure: We honour erasure requests within 7 days of verification, as required by the DPDP Act.
Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board of India (DPBI) within 72 hours and affected data principals without unreasonable delay.
Data Principal Rights: Access, correction, erasure, grievance redressal, and nomination of a representative. Exercise these rights via privacy@outpulse.io or the in-app account settings.
Consent Withdrawal: You may withdraw consent at any time through your account settings. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
California residents have the right to: know what personal information is collected, request deletion, opt out of the sale or sharing of personal information, and not be discriminated against for exercising these rights.
OutPulse does NOT sell personal information. We do not share personal information for cross-context behavioral advertising.
To exercise CCPA rights: email privacy@outpulse.io with subject "CCPA Request" or use the in-app data export/deletion feature at /app/settings.
We will respond to verified requests within 45 days.
Provide, maintain, and improve the OutPulse platform and services.
Process email verification requests and email finder queries.
Manage billing, subscriptions, and credit allocation.
Send transactional emails (account verification, password reset, billing receipts, job completion notifications).
Send marketing communications (only with explicit consent; unsubscribe available in every email).
Monitor for abuse, fraud, and security threats.
Comply with legal obligations and respond to lawful requests.
We share personal data only with the following categories of subprocessors, each bound by Data Processing Agreements:
• Supabase (database hosting, authentication) - US/EU
• Stripe (payment processing) - US
• Resend (transactional email delivery) - US
• Sentry (error monitoring - anonymized) - US
• Hetzner (server infrastructure) - EU/US
• Cloudflare (CDN, DDoS protection) - Global
• Prospeo / Clearbit / People Data Labs (email discovery - only when user initiates a search) - US
We do NOT sell personal data. We do NOT share data with advertisers. We do NOT use personal data for AI model training.
Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
Verification results: Retained for 12 months for caching purposes, then automatically purged.
Billing records: Retained for 7 years as required by tax law.
Marketing site analytics: Aggregated after 26 months; individual records deleted.
Server logs: Retained for 90 days for security monitoring, then deleted.
OutPulse may transfer personal data outside your country of residence. For transfers from the EU/EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
For transfers from India, we comply with DPDP Act requirements regarding cross-border data transfer to permitted jurisdictions.
All subprocessors maintain appropriate security certifications (SOC 2, ISO 27001, or equivalent).
Encryption at rest (AES-256) and in transit (TLS 1.2+).
API keys hashed with SHA-256 before storage.
Row-Level Security (RLS) enforced at the database level.
Rate limiting on all API endpoints.
Regular security audits and dependency scanning.
HMAC-signed webhooks for outgoing data.
See our Security Policy (/security-policy) for full details.
Depending on your jurisdiction, you may have the right to: access your data, correct inaccuracies, request deletion, restrict processing, data portability, object to processing, and withdraw consent.
Exercise your rights: Email privacy@outpulse.io, use the in-app GDPR data export/delete feature (/app/settings), or contact our DPO at dpo@outpulse.io.
We will respond within 30 days (GDPR), 7 days (DPDP Act), or 45 days (CCPA) depending on your jurisdiction.
We use essential cookies for authentication and session management. We use analytics cookies only with your consent. See our Cookie Policy (/cookie-policy) for full details.
You can manage cookie preferences at any time via the cookie banner or browser settings.
OutPulse is a B2B platform not directed at individuals under 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email to registered users and posted on this page with an updated "Last Updated" date.
Privacy inquiries: privacy@outpulse.io
Data Protection Officer: dpo@outpulse.io
General support: hello@outpulse.io
Grievance Officer (India DPDP Act): grievance@outpulse.io
Contact OutPulse if your team needs DPAs, vendor-security documentation, or clarification on how marketing-site policies map to the application workspace.