Privacy Policy
Last updated: 16 July 2026
This Privacy Policy explains how [Legal Entity Name] ("bossradar", "we") handles personal data in connection with the bossradar service ("Service"). We act as a controller for account data, and process professional data about third parties as described in section 3.
1. Data we collect about you (our customer)
- Account data — your name, email address, and authentication provider, handled through our authentication provider (Clerk) when you sign up or sign in.
- Usage data — API requests, jobs you submit, timestamps, and basic logs, used to operate, secure, and improve the Service.
- Communications — messages you send us and email engagement (e.g. whether a message was opened).
2. How we use your data and the legal basis
We use account and usage data to provide the Service, authenticate you, prevent abuse, comply with legal obligations, and communicate with you. The legal bases are performance of our contract with you, our legitimate interests in running a secure service, and your consent where required (e.g. non-essential communications).
3. Professional data about third parties
The Service surfaces information about individuals in a professional context (for example, name, role, employer, and public profile links). We process this information to provide the Service to our customers. Our legal basis is legitimate interest in enabling lawful business-to-business outreach and research, balanced against the rights of the individuals concerned.
Rights of individuals. An individual whose data appears in the Service may request access to, correction of, or erasure of their information by emailing [email protected]. We will handle such requests in line with applicable law. Customers are independently responsible for using this information lawfully.
4. Sharing and sub-processors
We do not sell personal data. We share data with service providers who process it on our behalf, including our authentication provider (Clerk), email provider (Resend), and infrastructure and network providers (e.g. hosting and Cloudflare). Each is bound to appropriate confidentiality and data-protection obligations.
5. International transfers
Our providers may process data outside your country. Where required, transfers are covered by appropriate safeguards such as standard contractual clauses.
6. Retention
We keep account data for as long as your account is active and as needed for legal and security purposes. Usage logs are kept for a limited period. We delete or anonymise data when it is no longer needed.
7. Security
We use technical and organisational measures to protect data, including hashing of API keys, encrypted transport, and access controls. No system is perfectly secure.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. To exercise these rights, contact [email protected]. You may also complain to your local data-protection authority.
9. Cookies
We use essential cookies to keep you signed in. See our Cookie Policy.
10. Changes and contact
We may update this Policy; material changes will be posted here with a new date. Contact us about privacy at [email protected].