Privacy Policy

1. Who we are

ProspectFlow ("we", "us", "our") is a B2B lead generation platform operated by Sajeel Ahmad, based in the United Kingdom. We are committed to protecting your personal data and complying with the UK GDPR and EU GDPR.

Contact: sajeel.ahmed@live.com

2. Data we collect

We collect the following categories of data:

• ▸Account data: Username, email address, and password (hashed) when you register.
• ▸Usage data: Searches performed, prospects saved, emails sent, and call logs — to provide the service.
• ▸Billing data: Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status — never your card details.
• ▸Prospect data: Business names, websites, phone numbers, and email addresses sourced from Google Places — publicly available business data used under Legitimate Interest (GDPR Art. 6(1)(f)).
• ▸Technical data: IP address, browser type, and access logs for security and rate limiting.

3. How we use your data

• ▸To provide, maintain, and improve the ProspectFlow service
• ▸To process payments and manage your subscription via Stripe
• ▸To send transactional emails (subscription receipts, password resets)
• ▸To enforce rate limits and protect against abuse
• ▸To comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

4. Prospect data & GDPR (B2B cold outreach)

ProspectFlow is a B2B tool. The business contact data we surface (business names, publicly listed phone numbers, website emails) is collected from Google Places — publicly accessible directories.

Our lawful basis for processing this data is Legitimate Interest under GDPR Article 6(1)(f), as we assess that B2B marketing outreach to businesses represents a legitimate interest that is not overridden by the rights of the data subjects.

Every email sent through ProspectFlow includes a one-click unsubscribe link. We maintain a suppression list and honour all opt-out requests immediately.

5. Third-party services

• ▸Stripe — Payment processing. Privacy policy
• ▸Resend — Transactional email delivery. Privacy policy
• ▸Google Places API — Business data source. Privacy policy
• ▸VAPI — AI voice calling (Pro feature). Privacy policy
• ▸Google Gemini — AI content generation. Privacy policy
• ▸OpenAI — AI demo website generation. Privacy policy

6. Data retention

• ▸Account data: Retained for the duration of your account plus 30 days after deletion
• ▸Prospect data: Retained until you delete it or close your account
• ▸Billing records: Retained for 7 years to comply with financial regulations
• ▸Email logs: Retained for 90 days

7. Your rights (GDPR)

Under UK/EU GDPR, you have the right to:

• ✓Access — Request a copy of the personal data we hold about you
• ✓Rectification — Correct inaccurate data
• ✓Erasure — Request deletion of your data ("right to be forgotten")
• ✓Portability — Receive your data in a machine-readable format
• ✓Object — Object to processing based on legitimate interest
• ✓Restrict — Request restriction of processing

To exercise any right, email us at sajeel.ahmed@live.com. We will respond within 30 days.

8. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, secure session cookies, CSRF protection, and rate limiting. Data is stored on servers located in the EU/UK.

9. Cookies

We use only essential cookies: session cookies for authentication and CSRF tokens for security. We do not use tracking or advertising cookies.

10. Changes to this policy

We may update this policy periodically. We will notify you by email for material changes. Continued use of ProspectFlow after changes constitutes acceptance of the updated policy.

Contact & complaints

For privacy queries: sajeel.ahmed@live.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.