# Privacy Policy -- Salesly AI

**Effective date:** October 1, 2025 | **Last updated:** October 1, 2025

Salesly.ai ("Salesly," "we," "us," or "our") provides AI-assisted software and services that help businesses discover, enrich, and reach relevant decision-makers and accounts, and to analyze and automate sales workflows. We respect your privacy and are committed to being transparent about how we collect, use, disclose, and protect personal information.

## Plain-English Summary

- We collect personal information you provide, data we get from your use of our Services, and B2B contact data from public/licensed sources.
- If you're a professional whose business contact details appear in our datasets, you can **opt out** and **request deletion/suppression**; we also honor **Global Privacy Control (GPC)** signals.
- We do **not** knowingly collect data about children.
- For California residents, we disclose whether we "sell" or "share" personal information (as those terms are defined by CPRA) and provide a **"Do Not Sell or Share My Personal Information"** choice.
- For EEA/UK residents, we identify our **lawful bases** and your **GDPR rights**.

## 1. Scope & Who This Policy Covers

This Policy applies to:
- Websites and apps we operate that link to it;
- Products and services (collectively, the "Services");
- Business contact data we license or compile from third-party sources for our B2B datasets.

This Policy doesn't apply to third-party services that integrate with Salesly or that you access via links; those are governed by their own policies.

## 2. Information We Collect

### Information You Provide
- Account data (name, business email, password, role, company, team members)
- Billing & transactions (billing contact, address, payment method)
- Content & uploads (lists, notes, outreach content, CRM sync)
- Communications (support inquiries, feedback, call transcripts)

### Automatic Data
- Log & usage (pages viewed, actions, timestamps, referral URLs)
- Device/tech (IP address, approximate location, device and browser type, OS)
- Cookies/SDKs for functionality, analytics, A/B testing, and advertising

### Information from Other Sources (B2B)
- Publicly available sources (company sites, professional profiles, corporate filings)
- Licensed providers/partners (data contributors and enrichment vendors)
- User-contributed data (customers verify B2B contacts)
- Derived/enriched data (standardized job titles, firmographics, scores)

**Categories (CPRA):** Identifiers, professional/work information, commercial and internet activity, inferences; we do not collect sensitive personal information for our lead datasets.

## 3. How We Use Information

**Service Delivery & Operations:** Provide, secure, troubleshoot, and improve the Services; personalize features; maintain integrity and prevent abuse/fraud.

**Lead Intelligence & Enrichment:** Build, verify, update, and deliver B2B contact and company datasets and enrichment outputs to customers; assess relevance and quality.

**Outreach & Communications (B2B):** Support, product updates, onboarding, surveys, and--where permitted--Salesly and partner marketing. You can opt out of marketing anytime.

**Compliance & Defense:** Meet legal obligations, enforce terms, protect rights, safety, and security.

**Automated decision-making / profiling:** We may compute scores (e.g., match quality or role likelihood) to help customers prioritize outreach. You can object where required by law.

## 4. Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on:

- **Performance of a contract:** to provide the Services you request.
- **Legitimate interests:** e.g., B2B marketing; dataset quality and security; product analytics.
- **Consent:** where required for certain cookies/ads or communications.
- **Legal obligations:** e.g., tax, accounting, regulatory.

## 5. When We Disclose Information

- **Service Providers / Processors:** Hosting, infrastructure, analytics, payments, communications, customer support, anti-abuse.
- **Integration/Implementation Partners:** At your request or where you connect a partner/CRM.
- **Customers:** Delivery of B2B datasets and enrichment outputs, consistent with this Policy and applicable law.
- **Corporate Transactions:** Merger, acquisition, financing, or sale of assets.
- **Legal & Safety:** To comply with law or protect rights, security, or property.

We do **not** permit processors to use personal information for their own purposes.

## 6. Your Privacy Choices & Rights

### Opt Out of Sales/Sharing (California)
If you are a California resident, you may opt out of the sale or sharing of your personal information and limit use of any sensitive personal information. We also honor Global Privacy Control (GPC) signals.

### B2B Dataset Removal & Suppression
If your professional contact information appears in our B2B datasets, you can access what we have about you, request deletion, and ask us to place your record on a suppression list.

### Email/SMS/Calls
- **Marketing emails/SMS:** use the unsubscribe instructions in the message or your account settings.
- **Telephony compliance:** we respect applicable do-not-call and consent rules.

### EEA/UK Data Subject Rights
You may have rights to access, rectify, erase, restrict, object, and data portability. If we rely on consent, you can withdraw it at any time.

We will not discriminate against you for exercising privacy rights.

## 7. Cookies & Tracking

- **Essential Cookies:** For login, security, fraud prevention.
- **Analytics/Measurement:** Performance metrics, product analytics.
- **Functional:** Remember settings and preferences.
- **Advertising/Attribution:** Where permitted and subject to your choices/consent.

Manage preferences via our Cookie Settings banner, browser settings, or platform controls (including GPC).

## 8. Data Sources

- Publicly available web pages and documents
- Licensed third-party providers and data contributors
- Customer-provided lists and end-user inputs
- Our own processing and inference (standardization, verification, scoring)

## 9. Retention

We retain personal information only as long as needed for the purposes in this Policy, to comply with legal obligations, or to resolve disputes. For opted-out individuals, we maintain suppression records to prevent re-adding data.

## 10. Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the data and our business. No system is 100% secure; we monitor for vulnerabilities and maintain incident response procedures.

## 11. International Data Transfers

Where we transfer personal information internationally (including to the U.S.), we use appropriate safeguards (e.g., Standard Contractual Clauses and supplementary measures) and conduct transfer assessments when required.

## 12. Children's Privacy

Our Services are for business use only and not directed to children under 16. We do not knowingly collect children's personal information.

## 13. State-Specific Notices (U.S.)

### California (CPRA)
- Notice at collection: see Sections 2-3 for categories, purposes, retention, and sources.
- Sale/Share: If our provision of B2B contact data to customers or use of certain advertising/analytics tools is deemed a "sale" or "share" under CPRA, California residents can opt out; we honor GPC.
- Right to know, delete, correct, opt out, limit sensitive PI, and appeal.
- Non-discrimination: we won't retaliate for exercising CPRA rights.

### Other U.S. States
Where state privacy laws provide similar rights (e.g., CO, CT, VA, UT, OR, TX), we will honor valid requests received through our Data Request Form.

## 14. EEA/UK Addendum

- **Controller:** Salesly.ai for most processing described here.
- **Lawful bases:** see Section 4.
- **Complaints:** You may contact your local data protection authority.

## 15. Data Brokers & Transparency

We support strong transparency standards for the B2B data ecosystem and avoid practices regulators consider "dark patterns."

## 16. Third-Party Websites & Services

Our Services may include links or integrations to third-party sites and platforms. Their privacy practices are not governed by this Policy.

## 17. Changes to This Policy

We may update this Policy to reflect changes to our practices or the law. We'll post updates with a new "Last updated" date and, where required, notify you and/or seek consent.

## 18. Contact Us

- **Email:** privacy@salesly.ai

## 19. How to Exercise Your Rights

Use our Privacy Choices / Data Request Form to submit requests (access/know, deletion, correction, opt-out of sale/share, limit sensitive PI, appeal). We will respond within applicable statutory timeframes.

## 20. Additional Disclosures for Enterprise Customers

When Salesly processes personal information solely on behalf of a customer (e.g., syncing to the customer's CRM), our Data Processing Addendum (DPA) applies. Enterprise customers can request our current DPA at legal@salesly.ai.

## 21. Definitions

- **"Personal information / personal data"** -- information that identifies or can be linked to an individual.
- **"Sale" / "Share" (CPRA)** -- broadly defined disclosures that may include exchanging data for valuable consideration or cross-context behavioral advertising.
- **"GPC"** -- Global Privacy Control, a browser signal communicating your opt-out choice.


---
*[Salesly AI](https://salesly.ai) -- B2B Sales Prospecting & Lead Generation Platform*