AttnSetter← Back to app
Template — not legal advice. This is a starting-point document generated for AttnSetter and must be reviewed and adapted by qualified legal counsel before you rely on it. Replace every [BRACKETED] placeholder (company name, addresses, governing law, dates).

Privacy Policy

Last updated: [DATE]

This Privacy Policy explains how [COMPANY] (“we”) collects, uses, and shares personal data in connection with the AttnSetter platform (the “Service”). For personal data of your prospects that you upload and process through the Service, you are the controller and we act as your processor — see our Data Processing Addendum.

1. Data we collect

  • Account data you provide: name, email, company, password hash, billing details (handled by our payment processor).
  • Customer Data you upload: prospect names, business email addresses, phone numbers, titles, companies, and any notes/tags — processed on your behalf to run your campaigns.
  • Connected-mailbox data: with your authorization, OAuth tokens and the message metadata/content needed to send and read replies for your campaigns.
  • Usage & device data: log data, IP address, browser type, and product analytics needed to operate and secure the Service.

2. How we use it

To provide, secure, and improve the Service; to send and track your campaigns; to generate AI copy and reply suggestions; to bill you; to provide support; and to comply with legal obligations. We do not sell personal data.

3. Subprocessors we share with

We share data with vetted service providers strictly to operate the Service, including: [Supabase] (database/hosting), [Render] (application hosting), [Anthropic] (AI copy/classification), [Google] (Gmail send/read via OAuth), [Twilio] (SMS), and [Stripe] (payments). A current subprocessor list is in the DPA. We may also disclose data where required by law.

4. Retention

We retain account data for the life of your account and as needed for legal/accounting purposes. Customer Data is retained while your account is active and deleted or returned on termination per the DPA, subject to backups expiring on a rolling basis.

5. Your rights

Depending on your jurisdiction (e.g. GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. Prospects whose data you process may exercise rights against you as controller; we provide tools (suppression, erasure, export) to help you honor them. To exercise rights regarding your own account data, contact [PRIVACY EMAIL].

6. Security

We use industry-standard measures including encryption in transit, access controls, tenant isolation, and least-privilege practices. No method of transmission or storage is 100% secure.

7. International transfers

Data may be processed in [REGION/COUNTRY]. Where required, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses.

8. Children

The Service is not directed to children and is intended for business use only.

9. Changes

We may update this Policy; material changes will be notified. The “Last updated” date reflects the latest revision.

10. Contact

[COMPANY], [ADDRESS]. Privacy questions / data-protection contact: [PRIVACY EMAIL].