--- title: "Privacy Policy | CatchIntent" url: https://catchintent.com/privacy-policy/ description: "How CatchIntent collects, uses, and protects your data. Written plainly, no legalese where we can help it." --- # Privacy Policy How CatchIntent collects, uses, and protects your data. Written plainly, no legalese where we can help it. Last updated · May 2026 This Privacy Policy explains what data CatchIntent collects, why we collect it, and how we use it when you use the platform — the dashboard, the browser extension, the MCP server, and the agents we run on your behalf. We write this in plain English. If anything is unclear, email us at [team@catchintent.com](mailto:team@catchintent.com). ## 1. What we collect ### 1.1 Account data When you create a workspace, we collect: - Business email, name, and encrypted password - Workspace name, role, timezone, and notification preferences - Email addresses of team members you invite ### 1.2 Brand and agent configuration To run agents on your behalf we store: - **Brand context**: your company name, website, ICP description, target roles, competitors, value props, and product voice notes - **Agent configuration**: enabled signal types (job changes, funding, hiring, competitor engagers, keyword discussions, influencer engagers, ICP match), run cadence, daily caps, and outreach account preferences - **Integration credentials**: OAuth tokens and API keys for CRMs (HubSpot, Pipedrive, Close, Salesforce) and sequencers (Apollo, Lemlist, Instantly) — stored encrypted, used only to push leads at your direction ### 1.3 Lead, signal, and AI output data When an agent runs we collect and store: - **Public LinkedIn and X data**: profile data (name, headline, current role, company, location, public engagement) for people matched against your ICP, and public posts that trip your enabled signals - **Company event data**: funding announcements, hiring activity, and other public business events from third-party data providers - **AI outputs**: warmth scores, fit reasons, signal-detail explanations, and drafted outreach openers generated by our AI models - **Engagement state**: which leads you’ve reviewed, marked as reached-out, snoozed, or pushed to your CRM ### 1.4 Usage and technical data Automatically collected when you use the platform: - Pages visited, features used, time spent, and clicks - Browser, OS, device identifiers, and IP address - API request logs, error logs, and performance metrics ### 1.5 Billing data Payments are handled by **Kelviq**, our payment provider. We pass your billing email and workspace ID to Kelviq; Kelviq stores card details, billing address, and tax identifiers directly. We never see or store your payment card information. See [Kelviq’s privacy practices](https://kelviq.com/privacy?utm_source=catchintent.com&utm_medium=pages&utm_campaign=privacy-policy) for how they handle that data. ## 2. How we use your data ### 2.1 To run the product - Operate agents on your behalf — scan LinkedIn and X for the signals you’ve enabled, score matches against your ICP, enrich profiles, and draft openers - Deliver leads into your queue, dashboard, browser extension, and (if connected) your CRM or sequencer - Send transactional emails — daily recap, weekly recap, billing receipts, and account alerts - Provide customer support and respond to your questions - Process your subscription via Kelviq ### 2.2 To improve the product - Aggregate and de-identified usage data is used to improve signal quality, AI scoring rubrics, and product performance - Specific lead or company data is **not** used to train models for other customers ### 2.3 For security and compliance - Detect abuse, prevent fraud, and protect the platform - Comply with applicable law and respond to lawful government requests - Enforce our [Terms of Service](https://catchintent.com/terms-of-service/?utm_source=marketing&utm_medium=pages&utm_campaign=privacy-policy) ## 3. Data from public platforms CatchIntent surfaces leads by watching publicly visible activity on LinkedIn and X (Twitter), and by ingesting company events (funding rounds, hiring posts) from third-party data providers. - We only access content that is publicly visible - We do not access private messages, protected accounts, or restricted content - We respect platform terms of service and rate limits - We never resolve pseudonymous identities (Reddit usernames, HN handles, etc.) to LinkedIn profiles or any other identity layer ## 4. Browser extension The CatchIntent browser extension (Chrome and Firefox) shows CatchIntent data while you’re on LinkedIn or X. **What the extension reads:** - The URL of the LinkedIn or X page you’re currently on — sent to CatchIntent only to match against your queue or look up a profile - Publicly visible profile data on LinkedIn — used to display CatchIntent intelligence next to the profile and draft personalized openers - Outreach actions you take (drafted, sent, paused) — logged to your CatchIntent account for tracking **What the extension does not read:** - Browsing history or activity on any non-LinkedIn / non-X site - Passwords, form fields, or credentials from any site - Private messages or non-public content - Anything beyond the LinkedIn and X domains **Local storage:** Your API key and workspace ID are stored locally in your browser via the standard extension storage API. Uninstalling the extension or clearing browser data removes this immediately. ## 5. Who we share data with ### 5.1 We do not sell your data We don’t sell, rent, or trade your data. Ever. Your workspace data is yours. ### 5.2 Service providers We use a small set of third parties to run the platform. All are bound by data processing agreements and may only use your data to provide their service to us: - **Hetzner, AWS, and Cloudflare** — infrastructure, hosting, AI compute, and CDN - **Kelviq** — payment processing and subscription billing - Trusted email and analytics providers for transactional emails and privacy-focused product analytics ### 5.3 Integrations you connect When you connect a CRM, sequencer, or notification channel, we send the data you’ve asked us to push there. You control what gets pushed and when. Disconnect any integration from your dashboard at any time. ### 5.4 Legal requests We may disclose data when legally required to comply with a subpoena, court order, or lawful government request. We’ll notify you unless prohibited by law. ### 5.5 Business transfers If CatchIntent is acquired or merges, your data may transfer to the acquirer. You’ll be notified and given any rights required by law to opt out. ## 6. Data security - All data in transit is encrypted with TLS 1.3 - Sensitive data at rest is encrypted with AES-256 - Passwords are hashed with bcrypt - JWT tokens have short expiry and rotate - Role-based access controls inside the company - Continuous monitoring, regular dependency audits, and access logging You’re responsible for keeping your account credentials private and not sharing them across team members. ## 7. Retention ### While your subscription is active We retain account data, brand context, agent configurations, leads, AI outputs, and usage logs for the duration of your subscription. Per-tier retention windows for leads and signals are shown in your billing settings. ### After cancellation - Account data and leads are deleted within 30 days of cancellation - Brand context, agent configurations, and integration tokens are deleted within 30 days - Billing records are retained 7 years for tax and audit compliance - Backups containing your data are purged within 90 days ### Data export Export all your leads, brand context, and agent configurations from your dashboard at any time, or by emailing support. ## 8. Your rights You can: - Access the data we hold on you - Correct anything inaccurate via your dashboard - Export your data in JSON or CSV - Delete your account (we delete within 30 days) - Manage notification preferences in your dashboard - Unsubscribe from non-essential emails via the link in each one ### GDPR (EEA users) You also have the rights to erasure, restriction, portability, objection, withdrawal of consent, and to lodge a complaint with your local supervisory authority. ## 9. International transfers Our primary infrastructure is in the European Union (Germany). When data is processed outside the EEA — for example by AWS Bedrock or US-based service providers — we use Standard Contractual Clauses approved by the European Commission and require recipients to provide GDPR-equivalent protection. ## 10. Cookies and tracking We use a small number of essential cookies for authentication, session management, and security. Our product analytics is privacy-focused — no cross-site tracking, no advertising identifiers, no fingerprinting. You can disable cookies in your browser, but parts of the platform won’t work without them. ## 11. Children’s privacy CatchIntent is a B2B platform. We do not knowingly collect data from anyone under 18. If we learn we have, we’ll delete it promptly. ## 12. Changes to this policy We update this policy occasionally. Material changes are announced via email and a notice in the dashboard. Continued use after the effective date constitutes acceptance. ## 13. Contact Questions, requests, or concerns: [team@catchintent.com](mailto:team@catchintent.com).