SalesQL Privacy Policy
This Privacy Policy explains how SALESQL LTD ("SalesQL", "we", "us", or "our") collects, uses, shares and protects personal data in connection with its business-to-business sales intelligence platform, browser extension, web application, REST API, Model Context Protocol (MCP) server, in-product AI Assistant, Campaigns outbound communications product, and related services (collectively, the "Services").
SalesQL is a private limited company registered in England and Wales under company number 11982774, with registered office at 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.
Our Services are designed for use by businesses and other organisations and are not intended for personal, family, or household use. Much of the personal data we process relates to individuals in their professional or employment capacity. Other categories — such as website, account, billing, support, security and rights-request data — may also be personal data under applicable law and are handled as described in this Policy.
If you have any questions, want to exercise your rights, or need to contact us regarding this Privacy Policy, please use the SalesQL Privacy Center at https://salesql.com/privacy-center or email privacy@salesql.com.
#1. Scope and key definitions
| You are a... | Description |
|---|---|
| Visitor | An individual who visits salesql.com or our public-facing web properties without being logged in. |
| End User | An individual who has been granted access to the Services through a SalesQL account, whether on a free, trial, or paid plan, and whether as a Customer's authorised user or as an individual subscriber. |
| Customer | The legal entity that has entered into a written or click-through agreement with SalesQL for the use of the Services. |
| Business Contact | An individual whose professional contact information is included in the SalesQL B2B database (the "Profiles Database") and may be made available to Customers and End Users. |
| Recipient | An individual who receives an email, message or other communication sent by a Customer through the SalesQL outbound features (when those features are used by the Customer). |
This Privacy Policy applies to personal data we process in the following capacities:
Throughout this Privacy Policy:
- "personal data" has the meaning given in the UK GDPR and the EU GDPR.
- "Customer Data" means personal data uploaded, submitted or otherwise made available to the Services by a Customer or its End Users for processing by SalesQL on the Customer's behalf.
- "Profile Data" means personal data about Business Contacts that we collect, generate, verify, and maintain in the Profiles Database.
- "Services" includes our website, web application, browser extension, REST API, the SalesQL Model Context Protocol (MCP) server (an interface that allows third-party large language models to invoke the same functionality available through our API on the Customer's behalf, including any official SalesQL plugin distributed for compatible LLMs), the in-product AI Assistant (where enabled — an in-application sidebar that interacts with a third-party large language model on the End User's behalf), Campaigns (our outbound communications product), and any related products or features we offer.
#2. Roles: when we are a controller and when we are a processor
We act in different roles depending on the data and the context of processing.
#2.1 SalesQL as controller
SalesQL is the controller of personal data when:
- An individual visits our website or interacts with our marketing communications.
- A Customer or End User registers and uses an account.
- We collect, generate, verify or maintain Profile Data in the Profiles Database (regardless of whether that Profile Data is later disclosed to Customers).
- We process payment, billing and contractual data with our Customers and End Users.
- We process security, fraud-prevention, audit, or legal-compliance data.
Where we act as controller, we determine the purposes and means of processing and we are responsible for the lawful basis under which the processing takes place.
#2.2 SalesQL as processor
SalesQL acts as a processor of personal data on behalf of a Customer when:
- A Customer uploads or submits Customer Data (e.g., a list of contacts to enrich, a CRM export, leads imported from a third-party system) to be processed through the Services.
- A Customer uses the SalesQL outbound communications features to send messages to its own Recipients, where SalesQL processes those communications and associated metadata on the Customer's instructions.
- A Customer uses the API or the MCP server to process its own contact lists.
Where we act as processor, we process Customer Data only on the Customer's documented instructions, in accordance with the SalesQL Data Processing Addendum (the "DPA"), available at https://salesql.com/legal/dpa.
#2.3 Independent controller-to-controller transfer
When a Customer or End User obtains Profile Data from the Profiles Database (for example, by performing a search, viewing a profile, or invoking the API), this is a controller-to-controller transfer. The Customer or End User then processes that Profile Data for its own purposes and as an independent controller. The Customer or End User is responsible for its own compliance with applicable data protection laws when processing Profile Data, including providing notice to data subjects, identifying a lawful basis, and honouring rights requests.
Customers' obligations in this regard are set out in our Terms of Service and our Acceptable Use Policy.
#3. Personal data we collect
#3.1 Visitor Data
When you visit our website or public web properties, we collect:
- IP address and approximate location (country/region) derived from it.
- Browser type and version, device type, operating system, screen resolution.
- Pages visited, referring URL, time spent, click and scroll events.
- Marketing campaign attribution parameters (e.g., UTM tags).
- Cookie identifiers and similar technology identifiers (see our Cookie Policy at https://salesql.com/legal/cookies).
Legal basis: legitimate interests (Article 6(1)(f) UK/EU GDPR) for the security and basic operation of the website; consent (Article 6(1)(a)) for non-essential cookies and analytics where required.
#3.2 Account Data
When you register or are added to a Customer account, we collect:
- Full name, work email address, work telephone number (optional).
- Job title, employer / organisation name (optional).
- Account credentials (password is hashed and salted; we never store passwords in plaintext).
- Authentication metadata (login times, IP addresses, session identifiers, multi-factor authentication artefacts).
- Plan, billing address, VAT/Tax ID, payment method tokens (we do not store full card numbers; payment information is processed by Stripe, our payment processor — see https://salesql.com/legal/subprocessors).
- Communications you have with us (support tickets, sales conversations, feedback, customer surveys including, but not limited to, Net Promoter Score (NPS) and product satisfaction surveys).
Legal basis: performance of contract (Article 6(1)(b)) for account creation, billing and provision of the Services; legitimate interests for security, fraud prevention and customer support; legal obligation for tax, accounting and anti-money-laundering records.
#3.3 Usage Data
When you use the Services as an End User, we collect:
- Searches you perform, profiles you view, exports you download, API and MCP requests you make.
- Features used, timestamps, error logs, performance metrics.
- Browser-extension activity strictly necessary to deliver the feature you invoked (see Section 3.5).
Legal basis: performance of contract; legitimate interests in service operation, debugging, abuse prevention, and product improvement.
#3.4 Profile Data — the SalesQL Profiles Database
The SalesQL Profiles Database contains professional contact data about Business Contacts. The categories of data we maintain are:
- Full name (first, middle, last).
- Email addresses associated with the individual. This includes professional email addresses on the employer’s domain. Where we have a reasonable basis to associate an email address hosted on a consumer-grade provider with a person’s professional role, we may include it as Profile Data, subject to the safeguards, source checks, suppression rights and opt-out mechanisms described in this Policy.
- Telephone numbers associated with the individual. This includes switchboard, work-line and direct numbers (which may be mobile). Where we have a reasonable basis to associate a direct or mobile number with a person’s professional role, we may include it as Profile Data, subject to the safeguards and opt-out mechanisms described in this Policy. Where Customers and End Users use such telephone numbers for outbound calls, voicemails, SMS or similar communications, they remain solely responsible for compliance with applicable telecommunications, telemarketing, do-not-call and call-recording laws (see the Acceptable Use Policy, Section 3).
- Job title, seniority, function, department.
- Employer / organisation name, location of employer (country, state/region, city), industry, organisation size and other firmographic attributes.
- Public professional profile URL (e.g., LinkedIn, GitHub, X/Twitter business profile).
- Past job titles and employers, where this information is publicly available.
- Skills, certifications, professional education, languages, where this information is publicly available.
- Month and day of professional anniversary or birthday (without year), where the individual has chosen to publish this information on a professional networking site for a professional purpose (such as networking and professional birthday outreach). This field is included in the SalesQL Privacy Center opt-out and suppression mechanisms. We do not collect or derive a year of birth or a full date of birth.
- A profile picture associated with a public professional profile, where one is available.
- Confidence scores, source-type indicators, last-seen / last-verified timestamps, and suppression flags we associate with each data point (see Section 3.4.4).
We do not collect or maintain in the Profiles Database:
- Home addresses or postal addresses other than the employer's address.
- Full dates of birth (year of birth is not collected).
- Marital, family or relationship status.
- Government identifiers (national ID numbers, passport numbers, driving-licence numbers, social-security numbers, tax IDs of individuals).
- Financial account information (bank account numbers, payment-card numbers, credit history).
- Health information.
- Any of the special categories of personal data listed in Article 9 UK/EU GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data used for unique identification, data concerning health, sex life, or sexual orientation).
- Data relating to criminal convictions or offences (Article 10 UK/EU GDPR).
If we identify that we have inadvertently collected any of the categories listed above, we suppress it and remove it from the Profiles Database in accordance with our internal data-minimisation procedures.
We exclude from the Profiles Database, where reasonably possible, individuals acting in their capacity as public servants or public figures who are not relevant to a business prospecting context. To operationalise this exclusion we maintain an internal exclusion list of organisational domains, role types and other identifiers (covering, for example, elected officials, judiciary, prosecutors, members of armed forces and law-enforcement personnel) and we apply it through our crawling and ingestion pipelines.
#3.4.1 How we collect Profile Data
We collect Profile Data using the following methods:
(i) Crawling of public web pages. Our crawler systematically visits publicly accessible web pages — corporate websites, professional directories, public registries, conference and event pages, press releases, news sites, and similar sources — and extracts professional contact information published on those pages. We design our crawling and ingestion processes to respect applicable technical access restrictions and to avoid sources that are not appropriate for B2B professional-data processing. If our crawler encounters non-business personal data of the categories we exclude (see Section 3.4 above), we do not retain it.
(ii) The SalesQL browser extension on professional networking sites (including LinkedIn). When an End User uses the SalesQL browser extension on a profile page on a professional networking site, the extension reads the professional information of the profile being viewed in order to deliver the feature requested by the End User (such as displaying enriched contact details, exporting the profile, or saving the profile to a list). The data the extension reads from the profile page may include: full name, current and past job titles, current and past employers, employment dates, education, skills, certifications, languages, professional summary, the public profile URL and avatar, and other professional fields rendered on the profile. The extension only accesses content rendered through the third-party site's authenticated user interface and only when the End User is actively interacting with a profile page through their own logged-in session on that third-party site. The browser extension operates as a tool that allows the End User to act on data accessible to them through their own session on the third-party site; it does not bypass any technical access controls of the third-party site, does not log in on behalf of the End User, and does not extract data from accounts the End User is not authorised to access.
In addition to enriching the End User's individual workflow, observations made by the browser extension are used to maintain the freshness, accuracy and quality of the Profiles Database (see "Contributor Program" below). For example, when the extension observes that a professional has changed employer, that observation is used as a freshness signal that updates the Profiles Database for all SalesQL Customers, with the End User's account recorded as one of the provenance signals associated with the underlying record.
The use of the SalesQL browser extension is subject to the terms of the third-party site. End Users are responsible for ensuring that their use of the browser extension complies with those terms. SalesQL's Browser Extension Notice, available at https://salesql.com/legal/browser-extension, sets out additional information about how the browser extension processes data.
(iii) Email-pattern generation (inference). When we have identified an individual's name and organisational affiliation from public sources but their professional email address is not published, we may infer a professional email address by:
- Pattern identification — we analyse the email-address formats actually used at the individual's organisation, based on professional email addresses we have previously collected from that organisation's domain.
- Email construction — we apply the identified pattern to the individual's name to construct a candidate email address.
- Validation — we verify, through technical signals, whether the constructed email address is technically deliverable to a mailbox at the organisation's domain. We do not send outbound email content to the candidate address as part of this validation.
- Quality assessment — we assign a confidence score to the constructed email address. We only retain and expose constructed email addresses that meet our minimum confidence threshold.
We maintain source-type and confidence metadata for each Profile Data record internally to support data quality and the handling of data-subject rights. We may display verification or confidence indicators in the Services.
(iv) Third-party data providers. As at the effective date of this Privacy Policy, SalesQL does not source Profile Data from third-party data providers, brokers, or licensed datasets. Should we begin to do so in the future, we will engage such providers under contractual arrangements that require them to warrant the lawfulness of their data sources, we will document them on our Subprocessors page (https://salesql.com/legal/subprocessors), and we will update this Privacy Policy accordingly.
(v) Enrichment requests submitted by Customers. When a Customer uploads or submits Customer Data to the Services for enrichment purposes (for example, a list of names and companies for which the Customer wants email addresses identified), we process that Customer Data on the Customer's behalf as a processor pursuant to the SalesQL Data Processing Addendum. The values submitted by the Customer in such an enrichment request are not, by themselves, incorporated into the Profiles Database for use by other Customers. The values returned by SalesQL through the enrichment response come from the Profiles Database and are governed by the rules described in (i)-(iv), (vi) and (vii) of this Section.
The SalesQL Contributor Program. SalesQL operates a Contributor Program through which the routine use of certain SalesQL features (the SalesQL browser extension and the Campaigns product) generates signals that maintain and improve the quality, freshness and accuracy of the Profiles Database for the benefit of all SalesQL Customers and End Users. Use of the SalesQL browser extension and use of the Campaigns product constitute participation in the Contributor Program. Customers and End Users who do not wish to contribute should not use the browser extension or Campaigns; the rest of the Services (web application, REST API, MCP server) can be used independently.
Campaign-related mailbox signals. Where a Customer connects a mailbox or sending domain to Campaigns, SalesQL may process limited business-contact fields found in campaign-related correspondence, such as signature-block or contact-card information, to verify or refresh Profile Data. We do not use unrelated mailbox correspondence for the Contributor Program, and we apply the safeguards described in the Contributor Program Terms. We maintain source, freshness, verification and confidence metadata internally; we do not disclose, to other Customers, the specific End User, Customer or workspace that contributed a given signal. The signals processed under the Contributor Program, the safeguards we apply, and the rights of Business Contacts are described in the Contributor Program Terms. The legal basis for SalesQL’s processing of professional contact information through the Contributor Program is legitimate interests under Article 6(1)(f) UK/EU GDPR, supported by a documented Legitimate Interests Assessment and a dedicated Data Protection Impact Assessment. A summary of the LIA and DPIA is available on request at privacy@salesql.com.
(vii) Email and phone verification signals. Verification operations performed at the request of a Customer or End User generate technical signals (deliverability, mailbox status, MX-record health, line-status checks for phone numbers) that are stored alongside the relevant Profile Data record to maintain the database's freshness and quality.
#3.4.2 Email and phone verification
When an End User invokes our verification feature, we test whether a given email address or phone number is technically valid and deliverable. Verification is performed using technical signals (such as SMTP responses, MX record checks, syntactic and pattern analysis, deliverability heuristics) and, where applicable, by querying our internal data. We do not send marketing or unsolicited communications as part of verification. Results of verification (verifiable, undeliverable, risky, etc.) and confidence scores are stored as part of the corresponding Profile Data record where applicable.
#3.4.3 Sources we exclude
We do not knowingly collect Profile Data from:
- Sources whose terms of use prohibit our access for the purposes for which we use the data, except where applicable law permits the access.
- Pages that are protected by authentication or other technical access restrictions and that we have not been authorised to access.
- Sources that contain primarily consumer (non-business) data, or that, in our reasonable assessment, are not appropriate for B2B professional-data processing.
#3.4.4 Confidence, freshness, and provenance markers
For each Profile Data record we maintain, we record metadata that enables internal quality management and data-subject-rights handling:
- Source type (public web page, browser-extension capture, generated through pattern inference, third-party provider, customer-contributed).
- Confidence score for inferred and verification-derived data points.
- Last verified / last seen timestamps.
- Suppression flags indicating that the data subject has opted out (see Section 11).
#3.5 Browser-extension data
When an End User has the SalesQL browser extension installed and is browsing a professional networking site through their own authenticated session, the extension processes:
- The URL of the profile page or other supported page being viewed.
- The professional information rendered on the page (as described in Section 3.4.1(ii)).
- The End User's SalesQL account identifier and authentication state, to ensure the End User is entitled to use the feature.
- Browser-extension version, browser type and operating system, for compatibility and bug reporting.
The browser extension is scoped to the supported third-party domains it is designed to integrate with; it does not access pages on unrelated domains. Granular permissions and a full description of the extension's behaviour are documented at https://salesql.com/legal/browser-extension. End Users who do not wish for their browsing of professional networking sites to generate Contributor Program signals (Section 3.4.1(vi)) can remove the extension from their browser.
#3.6 Communications data and outbound campaigns (when we act as processor)
When a Customer uses Campaigns (our outbound communications product) to send messages to its Recipients, we process, on behalf of the Customer:
- The Customer's recipient lists and message content as configured by the Customer.
- Engagement metadata, including deliveries, bounces, opens (tracked via tracking pixels enabled by default in Campaigns), link clicks, replies and unsubscribes.
- Mailbox-level metadata when the Customer connects its own mailbox to the Services (for example, via OAuth to Google or Microsoft).
- Message bodies, headers and email addresses of Recipients only as strictly necessary to deliver, deliver-track and report on the campaigns.
Open and click tracking is enabled by default in Campaigns. Customers may disable open tracking and click tracking on a per-campaign basis through the Campaigns user interface.
In this context, the Customer is the controller of the Recipients' personal data and SalesQL acts as processor on the Customer's documented instructions.
Customers are solely responsible for the lawfulness of their outbound communications, including:
- Obtaining the consent or relying on a valid lawful basis under applicable laws (UK GDPR, EU GDPR, ePrivacy Directive / PECR in the UK, applicable EU member-state ePrivacy implementations, CAN-SPAM in the United States, CASL in Canada, Brazilian LGPD, and other applicable national or state laws).
- Where required, obtaining the consent of Recipients for the use of tracking pixels, link redirects and similar tracking technologies that may store or access information on the Recipient's terminal equipment (under ePrivacy Directive / PECR rules in the UK and EU, this requires informed consent in many cases for non-strictly-necessary tracking).
- Providing the identifiers required by applicable anti-spam laws (e.g., a valid postal address and an unambiguous opt-out mechanism under CAN-SPAM, identification of the sender and an unsubscribe link under CASL, and equivalent disclosures under EU member-state laws).
- Honouring opt-out and unsubscribe requests promptly and not contacting Recipients who have opted out.
- Maintaining suppression and Do-Not-Contact lists.
The detailed processing terms applicable to Campaigns are set out in the SalesQL Data Processing Addendum and in the SalesQL Acceptable Use Policy. By using Campaigns, the Customer accepts and agrees to comply with those obligations.
#4. Legal bases for processing (UK GDPR / EU GDPR)
| Processing activity | Primary legal basis | Notes |
|---|---|---|
| Operating the website and basic security | Legitimate interests (Art. 6(1)(f)) | To run a secure, functioning service. |
| Setting non-essential cookies, analytics, marketing | Consent (Art. 6(1)(a)) | Where required by ePrivacy/PECR. |
| Account creation and Service delivery to Customers / End Users | Performance of contract (Art. 6(1)(b)) | Necessary to provide the Services. |
| Billing, invoicing, payment processing | Performance of contract; legal obligation (Art. 6(1)(c)) | Tax, accounting, AML records. |
| Customer support and communications | Legitimate interests; performance of contract | Resolving issues, maintaining the relationship. |
| Direct marketing of our own Services to existing customers (soft opt-in) | Legitimate interests | Subject to ePrivacy/PECR rules and easy opt-out. |
| Direct marketing of our own Services to new prospects | Legitimate interests or consent | Depending on jurisdiction and channel. |
| Building and maintaining the Profiles Database (collection, generation, verification of Profile Data) | Legitimate interests (Art. 6(1)(f)) | We have conducted a documented Legitimate Interests Assessment ("LIA") and a Data Protection Impact Assessment ("DPIA"). Summaries are available on request at privacy@salesql.com. |
| Contributor Program (use of browser-extension observations and Campaigns email-signature observations to maintain the Profiles Database) | Legitimate interests (Art. 6(1)(f)) | Dedicated LIA and DPIA. See Section 3.4.1(vi). |
| Disclosing Profile Data to Customers and End Users | Legitimate interests | Customers and End Users use Profile Data as independent controllers for their own B2B sales, marketing and recruiting activities. |
| Operating the in-product AI Assistant, where enabled (transmitting prompts and authorised workspace data to the LLM Provider for inference, on the End User's instruction) | Performance of contract; legitimate interests | LLM Provider engaged as subprocessor (Section 6.2). |
| Retention of inactive accounts pending deletion (free) and residual post-cancellation retention (paid) | Legitimate interests | Free accounts: notice + deletion after 12 months of inactivity (see Section 9). Paid accounts: residual retention for fraud-prevention, abuse-prevention and defence of legal claims; plus legal obligation for tax/accounting records. |
| Statistical analysis, aggregated reporting, model training (excluding special-category data) | Legitimate interests | Internal research and Service improvement. |
| Fraud prevention, abuse detection, security incident response | Legitimate interests; legal obligation | |
| Establishment, exercise, or defence of legal claims | Legitimate interests; legal obligation | |
| Compliance with UK / EU / other applicable laws | Legal obligation |
The table below summarises the lawful bases on which we rely for our processing activities as a controller. Activities can rely on more than one basis depending on context.
#4.1 Our legitimate interests assessment for the Profiles Database
Building and operating a B2B database of professional contact information is recognised as a legitimate business purpose under UK GDPR / EU GDPR Recital 47 and the EDPB / ICO guidance on legitimate interests. We have documented a balancing test that weighs:
- Our legitimate interest, and the legitimate interests of our Customers, in obtaining accurate professional contact information for B2B sales, marketing, recruiting, and verification activities.
- The data subjects' reasonable expectations regarding the use of professional contact information that is published on professional networks, corporate websites, and other public sources for professional purposes.
- The data minimisation safeguards we apply (only professional categories; no special categories; explicit exclusion of consumer data; documented source-type and confidence-score metadata).
- The transparency mechanisms we provide, including this Privacy Policy, the Privacy Center, and the suppression list.
- The data subject's rights, including the unconditional right to object and to be removed from the Profiles Database.
A summary of our LIA and our DPIA is available on request at privacy@salesql.com. Full versions are available to supervisory authorities on request.
#5. Purposes for which we use personal data
We use personal data for the following purposes, in addition to the activity-specific purposes set out in Sections 3 and 4:
- Service provision — operating the Services, building and maintaining the Profiles Database, verifying email addresses and phone numbers, delivering Customers' campaigns, processing payments, operating the AI Assistant on the End User's instruction.
- Service improvement and analytics — understanding usage, improving features, debugging, performance and security monitoring, developing new Services.
- Communications — replying to enquiries, sending administrative and transactional notices (account, billing, security, policy changes).
- Marketing — promoting our own Services, including by email, by remarketing, and on professional social networks, subject to applicable laws and easy opt-out.
- AI / machine learning — training and operating our internal models for entity resolution, name detection, email pattern detection, deliverability prediction, fraud detection, and quality assessment of Profile Data (see Section 6).
- Compliance — complying with applicable laws, responding to data-subject requests, responding to lawful requests from authorities, defending legal rights.
- Corporate transactions — facilitating mergers, acquisitions, restructuring, insolvency proceedings, and other corporate transactions.
#6. Use of artificial intelligence and automated processing
We use machine-learning and other automated techniques as part of the Services. We disclose these uses transparently and apply specific safeguards.
#6.1 SalesQL's own models
We operate internal machine-learning and rule-based models for the following purposes:
- Entity resolution and deduplication of Profile Data.
- Name detection and parsing.
- Identification of professional email-address patterns at organisations.
- Email-deliverability prediction and verification.
- Phone-number validation.
- Quality and confidence-score assessment of Profile Data records.
- Fraud, abuse, and bot detection on the Services.
Legal basis: legitimate interests, in line with the activities described in Section 4.
#6.2 The SalesQL AI Assistant (in-product)
The Services include a SalesQL AI Assistant — an in-product sidebar that interacts with a third-party large language model (the "LLM Provider") to allow End Users to perform natural-language operations within the SalesQL web application. The AI Assistant can, for example, run prospecting searches, request enrichment of selected contacts, save contacts to lists, draft Campaigns, and surface workspace data on request.
How the AI Assistant processes data:
- When an End User types a prompt or invokes an action through the AI Assistant, the prompt and any data the AI Assistant decides to send (which may include data fetched from the SalesQL API on the End User's behalf — for example, search results returned from the Profiles Database, contacts in the End User's workspace, or the content of a Campaign being drafted) are transmitted to the LLM Provider for inference.
- The LLM Provider returns a response that the AI Assistant displays to the End User, optionally executing API actions on the End User's behalf (for example, creating a Campaign, saving a contact). API actions are subject to the End User's permissions in their workspace.
- Where the AI Assistant is enabled for a workspace, workspace administrators can disable it through the workspace settings.
Safeguards applicable to the LLM Provider integration:
- Where the AI Assistant has been enabled, the LLM Provider engaged as a subprocessor of SalesQL under a written agreement aligned with Article 28 UK/EU GDPR is identified on our Subprocessors page. Until SalesQL has confirmed and named an LLM Provider on the Subprocessors page, the AI Assistant is not available.
- We require the LLM Provider not to use prompts, completions, or any data routed through the integration to train its own foundation models.
- Inputs and outputs are retained by the LLM Provider only for the periods strictly necessary for the operation of the Service and for the LLM Provider's abuse-monitoring obligations under its own terms.
- Access controls, audit logging, and role-based permissions apply within SalesQL.
- The AI Assistant is operated as an assistant to the End User: every action it takes is initiated by an End User prompt, the End User can review the AI Assistant's intended actions, and the End User can edit, undo, or discard them. The AI Assistant does not make solely automated decisions producing legal or similarly significant effects on individuals (Article 22 UK/EU GDPR).
#6.3 Other AI-assisted features
Where the Services include other AI-assisted features (for example, message-suggestion features in Campaigns, summarisation, or content recommendations), the same safeguards described in Section 6.2 apply: the underlying provider is engaged as a subprocessor, opt-out from training is contractually required, inputs and outputs are not retained by the provider beyond what is operationally necessary, and outputs are presented to End Users for review.
#6.4 The SalesQL MCP server and external LLMs
SalesQL operates a Model Context Protocol (MCP) server that allows third-party large language models — such as Anthropic Claude, Google Gemini, OpenAI ChatGPT, and similar agents — to invoke the same functionality available through the SalesQL REST API on a Customer's behalf. SalesQL also distributes plugins and connectors for compatible LLM clients.
When a Customer connects an external LLM client to the MCP server (or to a SalesQL plugin/connector), it does so using the Customer's own API key:
- The data flow between SalesQL and the external LLM client is governed by the same rules that apply to the SalesQL REST API. SalesQL acts as a processor of Customer Data sent through the MCP server in the same way as for the API. SalesQL is the controller of any Profile Data returned through the MCP server, and the Customer becomes an independent controller of that Profile Data once received, as described in Section 2.3.
- The Customer is solely responsible for the LLM client it chooses to use, for the data it instructs that LLM client to send to or receive from SalesQL, and for the LLM client's use of that data. The external LLM client is not a subprocessor of SalesQL — the contractual relationship and the data-controller responsibility for the external LLM client lie between the Customer and the LLM provider.
- Customers are responsible for ensuring that their use of the MCP server and any external LLM client complies with applicable law and with the terms of the LLM provider, and for not sending categories of data through the MCP server that exceed the scope of their workspace.
#6.5 Solely automated decision-making
SalesQL does not use personal data to make solely automated decisions that produce legal or similarly significant effects concerning data subjects within the meaning of Article 22 UK/EU GDPR. Where we use automated processing in the Services (for example, to score email deliverability, to suggest contacts, or to generate AI-Assistant outputs), the outputs are presented as informational signals or assistive content to the End User; consequential decisions about individuals are taken by humans, not by automated processing alone.
#7. How we share personal data
| Recipient category | Purpose | Role |
|---|---|---|
| Customers and End Users | Profile Data made available through searches, the API, the MCP server, the browser extension, and exports, for their B2B prospecting, marketing, recruiting and verification activities. | Independent controllers (controller-to-controller transfer) |
| SalesQL employees, contractors and authorised personnel | Operating, supporting, securing and improving the Services. Access is on a need-to-know basis, subject to confidentiality obligations and access controls. | — |
| Subprocessors (cloud hosting and infrastructure, payment processing via Stripe, the LLM Provider powering the AI Assistant, email and notification delivery, analytics, customer support, productivity and security tooling) | Providing technical, operational and infrastructure services on our behalf. | Processors |
| Affiliates and group entities of SALESQL LTD (including, where applicable, our European operating affiliate that provides product, engineering and operations services to SALESQL LTD under an intra-group services agreement) | Operational support — product development, engineering, customer support, security, finance and administration. | Processors acting on SALESQL LTD's documented instructions under an intra-group Data Processing Agreement |
| Professional advisers (lawyers, auditors, accountants, insurers) | Legal advice, accounting, tax, audit, insurance. Bound by confidentiality. | Independent controllers |
| Public authorities, regulators, law enforcement | Compliance with legal obligations, response to lawful requests, defence of legal claims. We notify the data subject where legally permitted. | Independent controllers |
| Acquirers / investors | Mergers, acquisitions, financings, restructuring, insolvency, sale of assets. | Independent controllers (subject to confidentiality and post-closing limitations) |
We share personal data with the following categories of recipients, only to the extent necessary and only with appropriate safeguards.
A current list of our subprocessors and their locations is published at https://salesql.com/legal/subprocessors. Customers may subscribe to notifications of changes to that list.
We do not sell personal data for monetary consideration. Disclosures of Profile Data to Customers and End Users in exchange for our subscription fees may be classified as a "sale" or "sharing" under certain US state privacy laws; we describe how we handle this in Section 12.
#8. International transfers of personal data
#8.1 Primary hosting region
The Services' production infrastructure and the personal data we process are primarily hosted on Amazon Web Services in the eu-central-1 (Frankfurt, Germany) region. Backups and disaster-recovery copies are kept within the European Union.
#8.2 Where personal data may be located or accessed from
Personal data we process may be located in, or accessed from, the following regions:
- The European Union (primary hosting region, see Section 8.1).
- The United Kingdom (where SALESQL LTD is established and where members of our team and certain professional advisers are located).
- The United States (where certain of our subprocessors are located, including — where the AI Assistant is enabled — our LLM Provider, certain support and operations tools, and certain analytics and security vendors).
- Other countries where individual subprocessors operate, as identified on the Subprocessors page.
- The country in which a Customer or End User uses the Services, where data is transmitted to that Customer or End User as part of the Services.
#8.3 Transfer mechanisms
When we transfer personal data outside the United Kingdom or the EEA to a country that does not benefit from a UK adequacy regulation or an EU adequacy decision, we put in place appropriate safeguards, which may include:
- The European Commission's Standard Contractual Clauses (SCCs), 2021 version, supplemented by the UK International Data Transfer Addendum where the data exporter is in the UK.
- The UK International Data Transfer Agreement (IDTA), where applicable.
- The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, where the recipient is certified.
- Where required, a Transfer Impact Assessment (TIA) documenting the destination country's legal regime and any supplementary measures, in line with the EDPB Recommendations 01/2020.
Data subjects can request a copy of the relevant safeguards by contacting privacy@salesql.com.
#9. Retention
| Data category | Retention period | Notes |
|---|---|---|
| Visitor Data (cookies, IP, analytics) | Up to 14 months | Aggregated analytics may be retained longer in aggregated form. |
| Account Data (active account) | For the duration of the account + applicable limitation period | |
| Account Data — free / freemium accounts (inactive) | Free or freemium accounts that have been inactive for 12 months are scheduled for deletion. SalesQL sends at least one notice email at least 30 days before the scheduled deletion, with at least one reminder before the cutoff. After deletion, account credentials, workspace data and the underlying Account record are deleted or anonymised, save for elements SalesQL is required or entitled to retain under another row of this table (e.g., suppression list entries, security logs, tax records). | Total retention from last activity: up to 12 months + the 30-day notice period. Legal basis: legitimate interests in maintaining a stable user experience and in giving the Customer the opportunity to retain the account before deletion. |
| Account Data — paid / formerly-paid accounts (cancelled or inactive) | Accounts that have paid for the Services at any point are retained for the duration of the active Subscription plus a residual retention period after cancellation or last activity, after which the account is deleted or anonymised. The residual retention period reflects (i) tax and accounting obligations (typically 6–10 years for billing records, see the row below), (ii) defence of legal claims, and (iii) prevention of abuse such as re-registration to reset credits. | Total retention from last activity (excluding tax/accounting records): up to 24 months. Legal basis: legitimate interests in fraud-prevention, abuse-prevention and defence of legal claims, plus legal obligation for tax/accounting records. |
| Billing and tax records | As required by applicable tax and accounting laws (typically 6–10 years) | |
| Profile Data | For as long as the underlying source remains available and the data is accurate; reviewed regularly. Suppression-list entries are retained as long as necessary to honour the opt-out. | If a profile is no longer present at its source, we typically remove it within 90 days. |
| Search queries and API request logs (content) | Up to 90 days | After 90 days, request bodies are deleted; aggregate counts and de-identified usage statistics may be retained for service-improvement purposes. |
| Aggregate usage counts and de-identified analytics | Up to 24 months | Used for capacity planning, abuse detection and product development. |
| Support tickets and communications | Up to 24 months after closure | |
| Security logs and audit trails | Up to 24 months | Or longer where required for security investigations or by law. |
| Suppression-list entries | Indefinitely, in a minimum-necessary form (typically a salted hash of the relevant identifier together with the suppression flag) to ensure ongoing honour of the opt-out. | See Section 11. |
We retain personal data only for as long as is necessary for the purposes for which it was collected, unless a longer retention is required or permitted by law (for example, for tax, accounting, or limitation-period purposes).
When the retention period expires, we delete or anonymise the personal data using techniques aligned with the principles of NIST SP 800-88 ("Guidelines for Media Sanitization") for data on managed storage.
#10. Your rights
Depending on where you are located and the lawful basis on which we process your data, you have the following rights.
#10.1 Rights under UK GDPR / EU GDPR
| Right | Summary |
|---|---|
| Right of access | Confirm whether we process your personal data and obtain a copy. |
| Right to rectification | Have inaccurate personal data corrected and incomplete data completed. |
| Right to erasure ("right to be forgotten") | Have your personal data deleted, subject to applicable exceptions. |
| Right to restriction of processing | Limit our processing in certain circumstances. |
| Right to data portability | Receive personal data you provided in a structured, machine-readable format and have it transmitted to another controller. |
| Right to object | Object to processing based on legitimate interests, including profiling and direct marketing. The right to object to direct marketing is unconditional. |
| Right to withdraw consent | Where we process data based on your consent, you can withdraw it at any time, without affecting prior lawful processing. |
| Right not to be subject to solely automated decisions | We do not engage in solely automated decision-making with legal or similarly significant effects (Article 22). |
| Right to lodge a complaint | With the supervisory authority where you live, work, or where the alleged infringement occurred. Our lead supervisory authority is the UK ICO (https://ico.org.uk). |
#10.2 Rights matrix by lawful basis
| Column 1 | Access | Rectification | Erasure | Restriction | Portability | Objection | Withdraw consent |
|---|---|---|---|---|---|---|---|
| Consent | Yes | Yes | Yes | Yes | Yes | — | Yes |
| Performance of contract | Yes | Yes | Limited | Yes | Yes | — | — |
| Legitimate interests | Yes | Yes | Yes | Yes | Limited | Yes | — |
| Legal obligation | Yes | Yes | No | Limited | No | No | — |
The availability of certain rights depends on the lawful basis on which we rely. The following matrix summarises this dependency.
#10.3 How to exercise your rights
You can exercise your rights through:
- The SalesQL Privacy Center at https://salesql.com/privacy-center, which offers:
- Opt-out / removal from the Profiles Database — a public, self-service form (no SalesQL account required) where you can submit an email address you control, confirm ownership through an email-verification link, and request that any Profile Data associated with that identifier be removed and added to our suppression list.
- Access — request a copy of your data — submit a request to receive a copy of the personal data we hold about you, after identity verification.
- Erasure — request deletion of your data — submit an erasure request beyond the opt-out described above (for example, where you wish to exercise the broader right to erasure under Article 17 UK/EU GDPR), after identity verification.
- Marketing preferences — opt out of direct marketing communications from SalesQL.
- For rectification (correction) of inaccurate data and for any request that is not currently available as a self-service option in the Privacy Center, please write to privacy@salesql.com. We handle such requests through a manual workflow and respond within the timeframes set out below.
- For all of the above, you can also write to us at the postal address listed in Section 18 or contact us through the EU and Swiss Representative listed in Section 17, where applicable.
We may need to verify your identity before fulfilling your request (typically by sending a confirmation link to the email address associated with the request, or by asking for additional information). We respond within the timeframes required by applicable law (within one month under UK/EU GDPR, extendable by two further months for complex requests).
For privacy questions and rights requests received from individuals located in the European Economic Area or Switzerland, our intake and response workflow is operated through our EU and Swiss Representative GDPR Local (see Section 17). Requests submitted directly to SalesQL receive the same response and timing. UK data subjects can contact SalesQL directly using the channels in Section 18.
#10.4 If you are a Customer or End User
If you are a Customer's End User, your account-level data is managed by your Customer (the organisation through which you accessed the Services). You may have additional rights or controls available in your account settings. If we receive a rights request that relates to data we process as a processor on behalf of a Customer, we will refer the request to the Customer and assist the Customer in responding.
#11. The SalesQL suppression list and the right to be removed from the Profiles Database
If you are a Business Contact whose data is in the Profiles Database, you have the unconditional right to object to our processing of your Profile Data and to be removed from the Profiles Database.
You can exercise this right at https://salesql.com/privacy-center/remove or by emailing privacy@salesql.com.
When we receive a valid suppression request:
- We delete the Profile Data we hold about you from the active Profiles Database (subject to the limited retention of legal-claims data).
- We add a minimum-necessary identifier (typically a salted hash of your professional email address and / or other identifiers you provide) to our suppression list, so that your data does not re-enter the Profiles Database through subsequent crawling, generation or third-party feeds.
- In accordance with Article 19 UK/EU GDPR, where your Profile Data has previously been disclosed to Customers, we notify those Customers of the erasure / objection so that they can act on their own records, unless this proves impossible or involves disproportionate effort.
- We confirm completion of your request to you.
Suppression-list entries are retained for as long as necessary to ensure that we continue to honour the opt-out.
#12. US state privacy rights
If you are a resident of a US state with a comprehensive privacy law, you have additional rights under applicable state law. We extend consumer rights and protections in line with the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and other comparable state privacy laws as they come into effect, including those of Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Kentucky, Minnesota, Maryland and Rhode Island. The specific rights and obligations that apply depend on the law of the state in which you reside.
#12.1 US state rights
Subject to applicable law, you have the right to:
- Know what personal information is collected, used, shared, or sold and obtain a copy.
- Delete personal information we hold about you, subject to applicable exceptions.
- Correct inaccurate personal information (in most states, except where state law provides otherwise).
- Data portability in a portable, readily usable format (in most states).
- Opt out of the sale of personal information, the sharing of personal information for cross-context behavioural advertising, and certain types of profiling.
- Limit the use of sensitive personal information, where applicable.
- Non-discrimination for exercising any of these rights.
- Appeal a denial of a rights request, where applicable.
#12.2 Universal opt-out preference signals
Where required by applicable state law, we recognise and honour browser-based universal opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the sale of personal information and the sharing of personal information for cross-context behavioural advertising, on the device or browser sending the signal.
#12.3 Sale or sharing of personal information
We do not sell personal data for monetary consideration. To the extent that providing Profile Data to our Customers in exchange for subscription fees, or providing analytics or measurement signals to third parties, may be considered a "sale" or "sharing" of personal information under certain US state laws, you can opt out via the SalesQL Privacy Center (https://salesql.com/privacy-center) or by following the link "Do Not Sell or Share My Personal Information" in our website footer.
#12.4 Authorised agents
You may use an authorised agent to submit requests on your behalf, in accordance with applicable state law. We may require verification of the agent's authority and your identity.
#12.5 Data broker registrations
Where applicable state law requires SalesQL to register as a data broker (Cal. Civ. Code § 1798.99.80 et seq. in California, Tex. Bus. & Com. Code Ch. 509 in Texas, ORS 646A.504 in Oregon, and similar laws elsewhere), we register and publish applicable registration information as those obligations apply to us based on our processing volumes and revenues in the relevant state.
#12.6 California-specific disclosures
Where required by California law, SalesQL will make available an annual CCPA/CPRA metrics table summarising the number of consumer requests received, complied with, and denied during the prior calendar year. Such metrics will be published once SalesQL has completed a full year of processing CCPA/CPRA requests under the framework.
#13. Cookies and similar technologies
We use cookies and similar technologies on our website and within the Services. Detailed information about the categories of cookies we use, the purposes for which we use them, and the third parties involved is set out in our Cookie Policy at https://salesql.com/legal/cookies.
Where required, we obtain your consent through our cookie banner before setting non-essential cookies. You can change your preferences at any time through the cookie preferences link in the website footer.
#14. Security
We maintain administrative, technical, and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction, including:
- Production hosting on Amazon Web Services in the EU (
eu-central-1, Frankfurt), within a hardened account configuration. - Encryption of personal data in transit (TLS) and at rest using industry-standard symmetric encryption with keys managed through a managed key-management service.
- Hashing and salting of credentials; we never store passwords in plaintext.
- Role-based access control, least-privilege principles, and Single Sign-On / multi-factor authentication for personnel access to production systems.
- Logging, monitoring, and alerting on production systems and access to personal data.
- Regular security assessments, vulnerability management, dependency monitoring and patching.
- Vendor risk-management procedures and contractual security obligations on subprocessors, including DPAs aligned with Article 28 UK/EU GDPR.
- Documented incident-response procedures and breach-notification capabilities (including a 48-hour notification commitment to Customers under our DPA — see https://salesql.com/legal/dpa).
- Employee security awareness, confidentiality obligations, and background checks where lawfully permitted.
A more detailed description of our technical and organisational measures is set out in Annex 2 to our DPA at https://salesql.com/legal/dpa.
#15. Children
The Services are not directed to, and we do not knowingly collect personal data from, individuals under the age of 18. If we become aware that we have collected personal data of an individual under 18, we will delete that information without undue delay. Parents or guardians who believe that we have collected such information should contact us at privacy@salesql.com.
#16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. Material changes will be communicated to active Customers through the Services or by email and, where required by applicable law, will be subject to additional notice or consent. We encourage you to review this Privacy Policy periodically.
#17. EU and Swiss Representatives
We have appointed GDPR Local as our Representative in the European Union under Article 27 EU GDPR and as our Representative in Switzerland under Article 14 of the Swiss Federal Act on Data Protection (FADP). As SALESQL LTD is established in the United Kingdom, we are not required to appoint a separate UK Representative under Article 27 UK GDPR; UK data subjects can contact SalesQL directly using the channels in Section 18. Data subjects located in the EEA or Switzerland (and supervisory authorities of those jurisdictions) can contact GDPR Local in connection with our processing activities, in addition to contacting SalesQL directly. SalesQL remains responsible for substantive responses and for compliance with applicable data-protection law.
- Intake portal: https://salesqlltd.gdprlocal.com/eu. For most privacy requests, the SalesQL Privacy Center offers a faster self-service experience with email verification; the GDPR Local intake portal is provided to satisfy the requirement under Article 27 EU GDPR that data subjects have direct access to the Representative.
- Postal contact (EU and Switzerland): GDPR Local, registered in the United Kingdom. Current postal addresses are published at https://gdprlocal.com.
The Representatives operate the intake and routing of privacy enquiries and rights requests received from EEA, UK and Swiss data subjects. SalesQL remains responsible for substantive responses and for compliance with applicable data-protection law.
#18. Contact us and data protection authority
#18.1 Contact
For any questions, requests, or concerns relating to this Privacy Policy or our processing of personal data, you can reach us at:
- SalesQL Privacy Center — https://salesql.com/privacy-center
- Email — privacy@salesql.com
- Postal address — SALESQL LTD, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
SalesQL is not, on the basis of its current processing activities, formally required to designate a Data Protection Officer under Article 37 UK/EU GDPR. We have nonetheless designated an internal Privacy Lead as the point of accountability for privacy and data-protection matters at SALESQL LTD; the Privacy Lead can be reached at privacy@salesql.com.
#18.2 Data Protection Authority
You have the right to lodge a complaint with a data protection authority if you believe that our processing of your personal data infringes data protection law. Our lead supervisory authority is the UK Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
EEA-based data subjects can lodge a complaint with their local supervisory authority. A list of EEA supervisory authorities is available on the European Data Protection Board's website (https://edpb.europa.eu).