Privacy Policy

This Privacy Policy describes what information we collect, how we use it, who we share it with, and how we protect it when you use ProfileScout.

Account Information: When you register, we collect your full name, email address, and encrypted password. For Enterprise plans, we may collect company name and additional team member information.

Billing Information: Payment processing is handled by Stripe. We do not store your credit card details. Stripe collects billing information (card number, expiry, CVV) and shares transaction status with us. We store your Stripe customer ID and subscription details.

Usage Data: We collect information about how you use ProfileScout, including:

• LinkedIn search queries and results
• Email enrichment requests and results
• Lists created, profiles saved, and tags applied
• Feature usage, clicks, and navigation patterns
• Device information (browser type, OS, IP address)
• Log data (timestamps, errors, API calls)

LinkedIn Profile Data: When you search LinkedIn, we temporarily cache profile information (names, titles, companies, LinkedIn URLs) to display results. This data is sourced from publicly available LinkedIn profiles.

Third-Party Data: We enrich profiles with email addresses using Hunter.io API. Email data includes email address, confidence score, and verification status.

Provide & Improve the Service: We use your information to operate ProfileScout, including processing searches, enriching profiles, managing lists, and delivering features. We analyze usage patterns to improve AI accuracy, optimize performance, and develop new features.

Customer Support: We use account and usage data to respond to support requests, troubleshoot issues, and provide assistance.

Billing & Payments: We use subscription and payment data to process charges, send invoices, manage plan changes, and handle refunds.

Security & Fraud Prevention: We monitor for suspicious activity, prevent unauthorized access, detect abuse of usage limits, and ensure compliance with our Terms of Service.

Communications: We send transactional emails (signup confirmations, password resets, billing notifications) and occasional product updates. You can opt out of marketing emails but not transactional ones.

Legal Compliance: We may use or disclose information to comply with laws, regulations, legal processes, or governmental requests.

We share information with trusted third-party service providers:

• Stripe: Payment processing (billing info, transaction data)
• Hunter.io: Email enrichment API (LinkedIn URLs, names for email lookup)
• Cloud Hosting: Vercel/AWS for application hosting and data storage
• Analytics: Usage analytics for product improvement (anonymized where possible)
• Email Service: Transactional email delivery (SendGrid, Postmark, or similar)

Security Measures: All data transfers use encrypted connections (HTTPS/TLS). Third parties are bound by data processing agreements and prohibited from using your data for their own purposes.

We Do Not Sell Your Data: We never sell, rent, or trade your personal information to third parties for marketing purposes.

Legal Requirements: We may disclose information if required by law, subpoena, court order, or to protect our rights, property, or safety.

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted to/from ProfileScout uses TLS encryption (HTTPS)
• Password Protection: Passwords are hashed using bcrypt with salt
• Access Controls: Strict authentication required for all account actions
• Data Minimization: We only collect data necessary to provide the service
• Regular Backups: Automated database backups for disaster recovery
• Monitoring: Continuous monitoring for suspicious activity and security threats

Your Responsibility: Keep your password confidential, use a strong unique password, and log out from shared devices.

Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you via email within 72 hours as required by applicable laws.

If you are in the EU, EEA, UK, or California, you have additional rights:

• Access: Request a copy of personal data we hold about you
• Rectification: Correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Export your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing emails (transactional emails remain)
• Restriction: Limit how we process your data in certain circumstances

To exercise these rights, contact us at privacy@profilescout.app. We will respond within 30 days.

Active Accounts: We retain your data for as long as your account is active or as needed to provide services.

After Account Deletion: When you delete your account, we permanently delete your personal data within 30 days, except for:

• Billing records retained for 7 years (tax/accounting compliance)
• Anonymized usage data for analytics (cannot identify you)
• Data required to be retained by law