Privacy Policy

Who we are

[Outlink AI, Inc.] is the controller of the personal data described in this policy. Our registered mailing address is [address]. For any privacy question, or to exercise a right described below, contact us at privacy@outlinkai.com.

What we collect

• Account data — your name, email address, and a hashed password (we never store your password in readable form).
• Billing data — handled by Stripe. We store billing identifiers and subscription status; we do not store full card numbers.
• Connected-inbox content used for outreach — when you connect your Gmail or Outlook account over OAuth, we process the messages needed to send outreach from your identity and to read the replies it receives, within the sending caps you set.
• Google Search Console metrics — when you connect a property, we read ranking and coverage signals to relate outreach activity to search performance.
• Product and usage data — campaign configuration, prospect and target-page data you provide, and operational telemetry used to run and secure the service.
• Support messages — what you send us when you ask for help.

How we use it, and our legal basis

We process your data to provide the service you signed up for (performance of our contract with you): running outreach within your guardrails, handling replies, relating activity to Search Console signals, billing, and securing the product. Where we rely on legitimate interests — for example, product analytics, abuse prevention, and deliverability — we balance those interests against your rights. Where the law requires consent, we ask for it.

OAuth scopes and the “your own inbox” model

Outlink AI sends from your connected mailbox, not from a shared pool. You authorize access over OAuth during onboarding, and you can revoke that access at any time from your inbox provider or from within the product. We request only the scopes needed to send on your behalf and to read the replies your outreach receives, and we send within the per-day caps you configure. Google Search Console access is read-only and is used to surface ranking and coverage signals.

Google API Limited Use

Outlink AI’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or use data from restricted Google scopes for serving advertising, and we do not allow humans to read this data except where you give affirmative consent, where it is necessary for security or to comply with applicable law, or where the data has been aggregated and anonymized.

Read the full policy at https://developers.google.com/terms/api-services-user-data-policy.

Who we share with

We do not sell your personal data. We share it only with the service providers that help us operate the product — payments (Stripe), transactional email (Resend), AI drafting and classification (OpenAI), domain-authority metrics (Moz), SERP and ranking data (our SERP-data provider), inbox and search signals (Google and Microsoft over OAuth), data storage (Neon), and hosting (Vercel). Each is engaged under terms that restrict their use of the data to providing their service to us. The full list, with the purpose and data categories for each, is in our Data Processing Agreement.

Retention

We keep personal data for as long as your account is active and for as long as we need it for the purposes in this policy — to provide the service, meet legal and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete it or anonymize it. Deleting your account removes your workspace data as described below.

Your rights

Depending on where you live, you have rights over your personal data, including the rights to:

• access the data we hold about you and request a copy (portability);
• correct data that is inaccurate or incomplete (rectification);
• delete your data (erasure) — the product offers a self-serve account deletion that removes your workspace data;
• restrict or object to certain processing;
• withdraw consent where we relied on it, without affecting prior processing.

If you are a California resident, the CCPA/CPRA give you the right to know what we collect, to delete it, and to opt out of any “sale” or “sharing” of personal information — we do not sell or share your personal information in that sense. We respond to verifiable requests within 45 days. To exercise any right, email privacy@outlinkai.com; we will not discriminate against you for doing so.

International transfers

We and our service providers may process data in countries other than your own. Where we transfer personal data across borders, we rely on appropriate safeguards — such as Standard Contractual Clauses or an adequacy decision. [Transfer mechanism and any regional representative are placeholders to be confirmed with counsel before launch.]

Email outreach and CAN-SPAM

Outreach sent through the product is configured to include the sender identification and an opt-out mechanism that anti-spam laws such as CAN-SPAM require, and we honor unsubscribe requests. You are responsible for using the product only for legitimate, earned-link outreach to relevant recipients — not for unsolicited bulk mail.

Security, children, and changes

We use technical and organizational measures — including encryption in transit, access controls, and tenant isolation — to protect your data, though no method of transmission or storage is perfectly secure. The product is a business tool and is not directed at children under 16, and we do not knowingly collect their data. We may update this policy as the product evolves; when we do, we revise the effective date shown above and, for material changes, give you notice.