Prospecco

Privacy Policy

Last updated: February 2026

Introduction

Prospecco ("we", "our", or "us") operates a self-service data enrichment platform that helps businesses enhance their contact and company data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at prospecco.com (the "Website"), use our platform, access our API, or otherwise interact with our services.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to all users of our services, whether you are a visitor, free trial user, or paid subscriber.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services.

Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

  • Service: The Prospecco data enrichment platform, including the Website, web application, API, browser extensions, and any related tools or features provided by Prospecco.
  • Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself, such as the duration of a page visit, pages accessed, IP address, browser type, and device information.
  • Cookies: Small files placed on your device (computer, tablet, or mobile) by a website, containing details of your browsing history on that website and used for various purposes.
  • Data Controller: The natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or will be, processed. For the purposes of this Privacy Policy, Prospecco is the Data Controller of your Personal Data.
  • Data Processor: Any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various third-party Data Processors in order to process your data more effectively.
  • Data Subject: Any living individual who is the subject of Personal Data.
  • User: The individual or entity using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
  • Account: A unique account created for you to access our Service and its features.
  • Enrichment Data: Data that you upload or submit to the Service for the purposes of enrichment, including but not limited to contact lists, company records, email addresses, and other business information.

Information Collection and Use

We collect several different types of information for various purposes to provide, maintain, and improve our Service to you. The types of data collected and the purposes for which they are used are described in the sections below.

Personal Data

When you create an Account, subscribe to our Service, or interact with our platform, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

  • Full name
  • Email address
  • Phone number
  • Company name, job title, and business address
  • Billing information, including payment card details processed securely through our PCI-DSS compliant payment provider (Stripe)
  • Data you upload for enrichment, such as contact lists, company records, and email addresses
  • Communications you send to us, including support requests, feedback, and correspondence
  • Profile information and preferences you set within your Account

Usage Data

We automatically collect certain information when you access and use our Service ("Usage Data"). This Usage Data may include:

  • Your device's Internet Protocol address (IP address)
  • Browser type and version
  • Operating system
  • The pages of our Service that you visit, the time and date of your visit, and the time spent on those pages
  • Unique device identifiers and session information
  • Referring website addresses and search terms
  • API call logs, enrichment request history, and feature usage patterns
  • Diagnostic data, including crash reports and performance metrics

Data Collected from Third-Party Sources

As a data enrichment platform, we aggregate information from various publicly available and licensed third-party sources to provide our enrichment services. This may include:

  • Publicly available business information such as company registrations, filings, and corporate records
  • Professional contact information from publicly accessible sources, including business directories and professional networking platforms
  • Company data including industry classifications, employee counts, revenue estimates, and technology usage
  • Email verification data used to validate the deliverability of email addresses

This third-party data is used solely to deliver enrichment results to our Users and is processed in accordance with applicable data protection laws.

Tracking and Cookies Data

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

We use the following types of cookies:

  • Essential Cookies: These cookies are necessary for the Service to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. These include session cookies and authentication cookies.
  • Preference Cookies: These cookies allow the Service to remember choices you make, such as your language preference, theme settings, or display options, and provide enhanced, personalised features.
  • Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Service. They help us understand which pages are the most and least popular and see how visitors move around the site.
  • Security Cookies: These cookies help identify and prevent security risks. They are used to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some features of our Service. Most web browsers allow some control of cookies through browser settings. For more details on cookies and how to manage them, please see our Cookie Policy.

Use of Data

Prospecco uses the collected data for the following purposes:

  • To provide, operate, and maintain our data enrichment Service
  • To process your enrichment requests and deliver accurate results
  • To manage your Account, process payments, and track credit usage
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support and respond to your enquiries
  • To provide analysis or valuable information so that we can improve the Service
  • To monitor the usage and performance of the Service
  • To detect, prevent, and address technical issues
  • To detect, prevent, and address fraud, abuse, and security incidents
  • To send transactional communications, such as service updates, billing receipts, and account notifications
  • To send promotional communications about products, services, offers, and events (only where you have consented to receive such communications, and with the ability to opt out at any time)
  • To comply with legal obligations and enforce our Terms of Service

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, we are required to have a lawful basis for processing your Personal Data. We rely on the following legal grounds:

  • Performance of a Contract (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This includes providing our enrichment services, managing your Account, processing payments, and delivering enrichment results.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving and optimising our Service, preventing fraud and misuse, ensuring network and information security, and marketing our platform to relevant B2B audiences.
  • Consent (Article 6(1)(a) GDPR): Where you have given clear, affirmative consent for us to process your Personal Data for specific purposes, such as receiving marketing communications or enabling non-essential cookies. You have the right to withdraw your consent at any time.
  • Legal Obligation (Article 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which we are subject, such as tax reporting, anti-money laundering regulations, or responding to lawful requests from public authorities.

Retention of Data

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account data: Retained for the duration of your active Account and for up to 12 months after account closure, to allow for account reactivation and to address any outstanding matters
  • Enrichment data and results: Retained in your Account for as long as your subscription is active, unless you delete them earlier. Upon account closure, enrichment data is deleted within 90 days
  • Billing and transaction records: Retained for up to 7 years as required by UK tax and accounting regulations
  • Usage logs and analytics data: Retained for up to 24 months for analytics, security monitoring, and service improvement purposes
  • Communications and support records: Retained for up to 36 months after resolution to provide context for future support interactions and to improve our services

When the retention period expires, we will securely delete or anonymise your Personal Data so that it can no longer be associated with you.

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it there. Our primary data infrastructure is hosted by Convex (United States) and Cloudflare (global edge network).

When we transfer Personal Data outside of the UK or the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office (ICO)
  • Adequacy decisions for countries recognised as providing an adequate level of data protection
  • Binding Corporate Rules where applicable with our service providers
  • Additional technical and organisational measures to protect your data in transit and at rest, including encryption and access controls

Disclosure of Data

We may disclose your Personal Data in the good faith belief that such action is necessary in the following circumstances:

Legal Requirements

Prospecco may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (for example, a court order, government agency request, or law enforcement request).

Business Transactions

If Prospecco is involved in a merger, acquisition, asset sale, or similar business transaction, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Other Circumstances

We may also disclose your Personal Data to:

  • Enforce our Terms of Service and other agreements
  • Protect and defend the rights, property, or safety of Prospecco, our Users, or others
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Data

The security of your data is important to us. We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms, including role-based access control
  • DDoS protection and web application firewall (provided by Cloudflare)
  • Secure payment processing through PCI-DSS compliant infrastructure (Stripe)
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

"Do Not Track" Signals

We respect Do Not Track ("DNT") signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the preferences or settings page of your web browser.

When we detect a DNT signal, we limit our data collection to what is strictly necessary for the operation of the Service and do not use analytics or preference cookies.

Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights under the GDPR and the UK Data Protection Act 2018. Prospecco aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

You have the following data protection rights:

  • Right of access: You have the right to request copies of your Personal Data. We may charge a small fee for this service in certain circumstances.
  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to erasure: You have the right to request that we erase your Personal Data, under certain conditions.
  • Right to restrict processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
  • Right to object to processing: You have the right to object to our processing of your Personal Data, under certain conditions, including where we process your data for direct marketing purposes.
  • Right to data portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
  • Right to withdraw consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

If you wish to exercise any of these rights, please contact our Data Protection Officer at dpo@prospecco.com. We will respond to your request within one calendar month.

You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO), which can be contacted at ico.org.uk.

Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your Personal Data. This section describes your CCPA rights and explains how to exercise them.

  • Right to know: You have the right to request that we disclose what Personal Data we collect, use, disclose, and sell about you. This includes the categories and specific pieces of Personal Data collected, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request the deletion of Personal Data we have collected from you, subject to certain exceptions provided by law.
  • Right to opt-out of sale: You have the right to opt-out of the sale of your Personal Data. Prospecco does not sell your Personal Data and has not sold Personal Data in the preceding 12 months.
  • Right to non-discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest that you would receive a different price or quality of service for exercising your rights.

To exercise your CCPA rights, please contact us at support@prospecco.com. We will verify your identity before processing your request and respond within 45 days.

Service Providers

We employ third-party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services, or assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  • Convex: Backend infrastructure and real-time database. Convex provides serverless functions and data storage for our platform. Data is processed in the United States.
  • Cloudflare: Hosting, content delivery network (CDN), security, and DDoS protection. Cloudflare processes data across its global network of data centres to deliver our Service securely and performantly.
  • Stripe: Payment processing. Stripe handles all payment card data in a PCI-DSS compliant environment. We do not store your full payment card details on our own servers.
  • Google (Generative AI): AI-powered data analysis and enrichment insights. Google processes certain data to provide AI-generated analysis within our platform.
  • Analytics providers: We use privacy-focused analytics tools to understand how our Service is used, measure performance, and identify areas for improvement. Analytics data is collected in aggregate where possible.
  • Email service providers: Transactional and marketing email delivery for account notifications, service updates, and promotional communications (where consented to).

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children's Privacy

Our Service is designed for business use and is not directed at individuals under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

For material changes, we will provide additional notice, such as sending an email notification to the address associated with your Account or displaying a prominent notice within our Service, prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, your Personal Data, or wish to exercise your data protection rights, please contact us:

Prospecco is a company registered in England and Wales. This Privacy Policy is governed by the laws of England and Wales.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom at ico.org.uk, or with your local supervisory authority if you are located in the EEA.