Privacy Policy

AskScout.ai ("AskScout," "we," "us," or "our") is committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your personal data when you use our B2B prospecting platform at askscout.ai (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account registration information: name, email address, company name, job title.
• Payment and billing information (processed by our third-party payment processor; we do not store full credit card numbers).
• Ideal Customer Profile (ICP) criteria and prospect search queries you enter into the Service.
• Communications you send to us (e.g., support requests, feedback).

1.2 Information from Connected Google Accounts

When you authorize AskScout to access your Google account, we collect the following data exclusively for network graph generation and warm introduction facilitation:

• Email metadata (sender, recipient, timestamps, subject lines) from Gmail — not email body content.
• Calendar event metadata (attendees, timestamps, recurrence patterns) from Google Calendar.
• Contact information (names, email addresses, and related fields) from Google Contacts.

1.3 Information Collected Automatically

• Device and browser information (type, operating system, browser version).
• IP address and approximate geolocation.
• Usage data: pages visited, features used, search queries performed, timestamps.
• Cookies and similar tracking technologies (see Section 8).

1.4 Information from Public Sources

When you perform web-based prospect searches, the Service gathers publicly available information from websites, social media profiles, company pages, press releases, and other public sources to generate Prospect Intelligence. This data is about third-party prospects, not about you.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Building and maintaining your network graph, executing prospect searches, matching prospects to network connections, and facilitating warm introductions.
• Account Management: Creating and managing your account, processing payments, and communicating with you about your subscription.
• Service Improvement: Analyzing aggregated, anonymized usage patterns to improve Service functionality, performance, and user experience. This does NOT include using your personal data or Google data for AI/ML training.
• Security: Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues.
• Legal Compliance: Complying with applicable laws, regulations, legal processes, or governmental requests.
• Communications: Sending you transactional emails (account confirmations, security alerts, billing notifications) and, with your consent, product updates and tips. See Section 15 for details on email categories and your unsubscribe options.

3. What We Do NOT Do With Your Data

We believe in absolute clarity about data use. AskScout makes the following binding commitments:

• We do NOT sell your data. We will never sell, rent, lease, or commercially transfer your personal information or Customer Data to any third party. This is an unconditional commitment.
• We do NOT train AI/ML models on your data. Your Customer Data, including all data obtained from Google APIs, is never used to train, fine-tune, improve, or develop any artificial intelligence models, machine learning algorithms, large language models, or neural networks — whether owned by AskScout or any third party.
• We do NOT share your data with advertisers. We do not serve ads, and we do not provide your data to advertising networks, ad exchanges, or marketing platforms.
• We do NOT act as a data broker. We do not aggregate, package, or distribute your data to data brokers or analytics companies.
• We do NOT read your emails. Our systems process email metadata (sender, recipient, timestamps) programmatically. No human at AskScout reads your email content. Our systems do not access email body text.
• We do NOT combine data across customers. Your network data is siloed within your workspace. It is never combined with, cross-referenced against, or made available to other AskScout customers outside of your explicitly authorized team.

4. Google API Services User Data Policy Compliance

AskScout's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements (developers.google.com/terms/api-services-user-data-policy).

In accordance with the Limited Use requirements:

• We only use Google user data to provide or improve user-facing features that are prominent in the AskScout application's user interface.
• We do not transfer Google user data to third parties except: (a) to provide or improve user-facing features with the user's consent; (b) for security purposes; or (c) to comply with applicable laws.
• We do not allow humans to read Google user data unless: (a) we first obtain the user's affirmative agreement; (b) it is necessary for security purposes; or (c) it is necessary to comply with applicable law.
• All other transfers, uses, or sale of Google user data are completely prohibited, including transferring or selling data to third parties, using data for advertising, or using data for surveillance.

5. When We Share Your Information

We share your information only in the following limited circumstances:

5.1 Within Your Team

If you invite team members to your AskScout workspace, aggregated network connection data (not raw email/calendar data) may be visible to team administrators for the purpose of identifying warm introduction paths. Team members cannot see each other's raw email content, full contact lists, or calendar details.

5.2 Service Providers

We use trusted third-party service providers to operate the Service (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to use your data only to provide services to AskScout and are subject to confidentiality obligations equivalent to those in this Privacy Policy. Our current infrastructure providers include:

• Cloud hosting and data storage providers
• Payment processing services (we never store full credit card numbers)
• Email delivery services: We use SendGrid (a Twilio company) to deliver transactional and marketing emails. SendGrid processes your email address and engagement data (such as open and click events) solely to deliver emails on our behalf. SendGrid is contractually prohibited from using your data for any purpose other than providing email delivery services to AskScout.
• LinkedIn integration services: If you choose to connect your LinkedIn account for outreach features, we use Unipile as a third-party integration provider to facilitate sending connection requests and messages on your behalf. Unipile processes your LinkedIn session credentials, profile data, and messaging activity solely to provide this integration. Your LinkedIn password is never shared with or stored by AskScout. For details on how Unipile handles your data, see Unipile's Privacy Policy. For information on LinkedIn-specific rate limits and account risks, see Unipile's Provider Limits and Restrictions.
  
  Risk disclosure: Connecting your LinkedIn account for automated outreach carries inherent risks, including possible account restrictions or suspension by LinkedIn. AskScout does not control LinkedIn's detection systems or enforcement decisions, and cannot guarantee that your account will not be flagged. AskScout assumes no liability for any consequences to your LinkedIn account, connections, data, or professional reputation resulting from your use of this integration. By connecting your LinkedIn account, you acknowledge these risks and agree to the liability limitations described in our Terms of Service.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your data before any such transfer.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption of data in transit using TLS 1.2+ and at rest using AES-256 encryption.
• OAuth 2.0 token-based authentication for all Google API access — we never store your Google password.
• Access controls and role-based permissions limiting employee access to user data on a strict need-to-know basis.
• Regular security assessments and vulnerability testing.
• Secure, SOC 2-compliant cloud infrastructure.
• Automated monitoring for anomalous access patterns and potential breaches.
• Employee security training and confidentiality agreements.

While we take extensive precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users and relevant authorities in the event of a data breach in accordance with applicable law.

7. Data Breach Notification

In the event of a security breach affecting your personal data, AskScout will:

• Notify affected users via email within seventy-two (72) hours of becoming aware of the breach.
• Notify relevant supervisory authorities as required by applicable law (e.g., GDPR, state breach notification laws).
• Provide a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken to address the breach.
• Report the breach to Google if it involves data obtained through Google APIs.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for the Service to function (authentication, session management, security). These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service to improve functionality. These are anonymized and aggregated.

We do NOT use advertising or tracking cookies. We do not participate in cross-site tracking. You can manage cookie preferences through your browser settings.

9. Your Rights

9.1 All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data and account.
• Data Portability: Request your data in a structured, commonly used, machine-readable format.
• Revoke Google Access: Disconnect your Google account at any time through your Google Account settings or the AskScout dashboard.
• Opt-Out of Communications: Unsubscribe from non-essential emails at any time.
• Object to Processing: Object to certain processing of your personal data.

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete your personal information.
• Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information if we ever change this practice.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information.

To exercise these rights, contact kris@vinly.co. We will respond within forty-five (45) days.

9.3 European Economic Area, UK, and Swiss Residents (GDPR)

If you are in the EEA, UK, or Switzerland, the legal bases for processing your data are:

• Consent: When you authorize Google account access or opt into communications.
• Contract Performance: When processing is necessary to provide the Service you've subscribed to.
• Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement), balanced against your rights.
• Legal Obligation: When processing is required by law.

You have the right to lodge a complaint with your local supervisory authority. You also have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

10. Data Retention

We retain your data according to the following schedule:

• Account and profile data: Retained while your account is active plus thirty (30) days after deletion request.
• Google API data (network graph): Retained while your Google account is connected. Deleted within thirty (30) days of OAuth revocation or account deletion.
• Payment records: Retained for seven (7) years as required by tax and financial regulations.
• Usage logs and analytics: Anonymized and aggregated within ninety (90) days of collection.
• Support communications: Retained for two (2) years after resolution, then deleted.

11. Children's Privacy

The Service is designed for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will promptly delete such information. If you believe a child has provided us data, please contact kris@vinly.co immediately.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where required by GDPR. By using the Service, you consent to the transfer of your data to the United States and other jurisdictions as described in this Privacy Policy.

13. Third-Party Links and Services

The Service may contain links to third-party websites or display information from public sources. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit. Our Prospect Intelligence is gathered from public sources and is subject to the accuracy and availability of those sources.

14. Do Not Track Signals

The Service respects Do Not Track (DNT) signals transmitted by your browser. When we detect a DNT signal, we disable non-essential analytics tracking for your session.

15. Email Communications, Tracking, and Preferences

15.1 Types of Emails

AskScout sends the following categories of email communications:

• Transactional emails: Account confirmations, password resets, security alerts, and billing receipts. These are essential to operating your Account and cannot be unsubscribed from.
• Onboarding emails: A series of product guidance emails sent during your first days on the platform to help you connect Gmail, run your first search, and invite team members. You may unsubscribe from onboarding emails at any time.
• Weekly digest: A personalized summary of your Scout activity, including searches performed and warm introduction paths found.
• Product updates: Notifications about new features, improvements, and usage tips.
• Newsletter: Occasional content about B2B prospecting, warm introductions, and professional networking best practices.

15.2 Email Tracking

Our marketing and onboarding emails may include open tracking (a small transparent pixel) and click tracking (wrapped links) to help us understand engagement and improve the relevance of our communications. This data is associated with your Account and is never shared with third parties or used for advertising. If you prefer not to be tracked, most email clients allow you to disable remote image loading, which prevents open tracking.

15.3 Unsubscribe and Email Preferences

Every non-transactional email includes an unsubscribe link at the bottom. Clicking it lets you opt out of that specific email category (e.g., onboarding, weekly digest, product updates, or newsletter) without affecting other categories. You may also access a preference center through the unsubscribe link to manage all email categories at once. Unsubscribe requests are processed by SendGrid and take effect immediately — you will not receive further emails in that category.

15.4 Email Delivery Provider

All AskScout emails are delivered through SendGrid (a Twilio company). When we send you an email, SendGrid processes your email address and basic engagement metadata (delivery status, opens, clicks) on our behalf. SendGrid is bound by a data processing agreement and is prohibited from using your information for any purpose other than delivering our emails. For more information, see Twilio's Privacy Policy.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by sending an email to the address associated with your Account and by posting a notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.