Privacy Policy

OutreachAI ("we," "us," or "our") is a cold-email outreach platform operated by Diop Digital. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our service at outreachai.com (the "Service").

By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

1. Information we collect

Account information

When you sign up, we collect your email address, password (hashed with bcrypt — we never store it in plain text), company name, and physical mailing address. The mailing address is included in compliance footers on emails you send through the Service to satisfy CAN-SPAM requirements.

Gmail connection (OAuth)

If you connect your Gmail account, we receive an OAuth access token and refresh token from Google. We use these solely to:

• Send emails on your behalf from your Gmail address (with your explicit approval)
• Read incoming replies to messages you've sent through the Service, so we can show them to you and AI-classify them

We do not read, store, or analyze any Gmail content unrelated to outreach you initiated through the Service. We do not use Gmail data to train AI models. You can revoke our access at any time via your Google Account settings or by clicking "Disconnect Gmail" in OutreachAI Settings.

Prospect data

When you add prospects manually, upload CSVs, or use the scraping tool, the resulting business contact information (business name, email, phone, city, industry, website) is stored in our database and used only by you.

Usage data

We log basic application activity: which features you use, how many emails you send, scrape counts, and timestamps. This helps us enforce plan quotas and improve the Service.

Email tracking

If you enable open and click tracking, we embed a 1×1 pixel and rewrite links in emails you send so we can report opens and clicks back to you. We do not use this data for any purpose other than reporting it in your dashboard.

Payment data

If you upgrade to a paid plan, payment is processed by Stripe. We never see or store your full card number. We retain only a Stripe customer ID and subscription metadata.

Cookies

We use a single session cookie to keep you signed in. We do not use third-party analytics or advertising cookies.

2. How we use information

• To provide and operate the Service
• To enforce plan limits and prevent abuse
• To send transactional emails (account verification, billing receipts, account notifications)
• To respond to support requests
• To improve the Service (in aggregate, never identifying individual users)

3. Google API user data — specific disclosures

OutreachAI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Gmail data to provide user-facing features in the Service (sending and receiving outreach emails)
• We do not transfer Gmail data to third parties except as necessary to provide and improve the Service, or as required by law
• We do not use Gmail data for advertising
• We do not allow humans to read Gmail data, except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations

4. How we share information

We do not sell, rent, or trade your data. We share information only with:

• Service providers that help us operate (DigitalOcean for hosting, Stripe for billing, OpenAI for AI email generation, Google for OAuth + Maps). These providers have their own privacy policies and access only the data they need.
• Legal authorities if required by law, court order, or to protect rights, property, or safety.

Note: when you generate an AI email, the prospect's basic information (business name, industry, city) is sent to OpenAI for processing. OpenAI's API terms state they do not train on this data.

5. Data retention

We retain your account data while your account is active. If you delete your account, we delete your personal data and prospects within 30 days. Aggregate, anonymized data may be retained longer for product analytics.

6. Your rights

You can:

• Access and update your account information in Settings
• Export your prospect list (CSV download)
• Delete your account by emailing privacy@diopdigital.com
• Disconnect Gmail OAuth at any time

If you are in the EU/UK, you also have rights under GDPR including the right to access, correct, port, or erase your data. To exercise these rights, contact privacy@diopdigital.com.

7. Security

We use industry-standard practices: passwords hashed with bcrypt, sessions signed with itsdangerous, all traffic over HTTPS (when on our production domain), OAuth tokens stored encrypted at rest. No system is 100% secure, but we work hard to protect your data.

8. Children

OutreachAI is not directed to anyone under 18. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify active users by email before the change takes effect.

10. Contact

For privacy questions or to exercise your rights:

OutreachAI (operated by Diop Digital)
Email: privacy@diopdigital.com
Marysville, WA, USA