Information We Collect
Account Information
When you create an account, we collect your name, email address, and password (hashed). If you upgrade to a paid plan, we collect billing information through our payment processors (Razorpay for India, Stripe for international customers).
Lead Data
You may upload or enter contact information for your leads, including names, email addresses, company names, job titles, and other professional details. You own this data and we process it only to provide the Service.
Email Content
When you connect a mailbox, we access your inbox via Microsoft OAuth (IMAP) to detect replies to your campaigns. We store inbound message content for AI classification and draft generation. Outbound email content (subjects, bodies) is stored to deliver your campaigns and provide tracking analytics.
Usage Data
We collect analytics about how you use the Service, including page views, feature usage, and error logs via Sentry. This helps us improve the product and investigate issues.
Workspace Configuration
We store settings you configure in SalesPipl, such as your brand name, tone of voice preferences, physical mailing address, email sequences, and campaign settings.
How We Use Your Information
- ✓To provide, operate, and maintain the Service
- ✓To send outbound emails on your behalf via AWS SES
- ✓To classify incoming replies using AI (OpenAI GPT-4o-mini)
- ✓To generate AI-drafted personalized email responses (OpenAI GPT-4o)
- ✓To process payments and manage subscriptions
- ✓To send you service-related transactional notifications
- ✓To improve the Service, fix bugs, and prevent abuse
- ✓To enforce these terms and our Acceptable Use Policy
Data Sharing
We do not sell your data or your lead data to third parties, ever. We share data only with the following sub-processors to operate the Service:
| Processor | Purpose |
|---|---|
| Supabase | Database hosting and authentication (Singapore/US) |
| AWS SES | Outbound transactional email delivery |
| OpenAI | AI email generation and reply classification |
| Razorpay | Payment processing (India) |
| Stripe | Payment processing (United States and international) |
| Microsoft | OAuth2 / IMAP access for connected mailboxes |
| Sentry | Error monitoring and crash reporting |
| Vercel | Web application hosting (CDN) |
| Railway | Background worker infrastructure hosting |
We may also disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to comply with legal process or protect the rights, property, or safety of SalesPipl, our users, or others.
Data Security
We take security seriously and implement multiple layers of protection:
- ✓IMAP credentials and OAuth tokens are encrypted at rest using AES-256-GCM with a server-side encryption key
- ✓All data in transit is encrypted using TLS 1.2 or higher
- ✓Database access uses Row Level Security (RLS) — users can only access their own workspace data
- ✓Production system access is restricted to authorized personnel only
- ✓We do not store SMTP passwords in plain text under any circumstances
Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:
Account & lead data
Retained while your account is active. Deleted within 30 days of account deletion.
Email content
Stored for campaign delivery and tracking. Deleted with your account.
Error & usage logs
Retained for up to 90 days for debugging purposes.
Anonymized analytics
May be retained indefinitely in aggregated, de-identified form.
Your Rights
You have the following rights regarding your data:
- ✓Access, update, or correct your account information at any time from Settings
- ✓Export all your workspace data in JSON format via Settings → Data & Privacy
- ✓Disconnect mailboxes at any time to immediately revoke IMAP/OAuth access
- ✓Delete your account by contacting us — all personal and lead data is removed within 30 days
- ✓Opt out of non-essential communications
California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
Right to Know
You may request that we disclose what personal information we collect, use, disclose, and sell (we do not sell your data).
Right to Delete
You may request deletion of your personal information. Use the self-service tool in Settings → Data & Privacy, or email us.
Right to Opt-Out of Sale
We do not sell your personal information. If this changes, we will provide an opt-out mechanism before doing so.
Non-Discrimination
We will not discriminate against you (price, service level, etc.) for exercising your CCPA rights.
To exercise these rights, email privacy@webpipl.com or use the self-service tools in Settings → Data & Privacy.
International Data Transfers
SalesPipl is operated by WebPipl Technologies Private Limited, incorporated in India. Your data may be stored and processed in:
- •India — primary database and engineering team
- •Singapore — Supabase database hosting region
- •United States — Vercel CDN, AWS SES, OpenAI, Stripe
By using the Service, you consent to the transfer of your data to these locations. We ensure all data transfers are protected by appropriate safeguards including encryption in transit (TLS) and at rest (AES-256-GCM).
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes via email or a prominent in-app notification at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Contact Us
For questions, concerns, or requests related to this Privacy Policy or your personal data, contact: