Privacy Policy

Version 1.0, Effective 23 May 2025

1. PURPOSE

This Privacy Policy explains how SalesTouch ("SalesTouch", "we", "our") collects, uses, discloses, and protects personal data when you ("you", "User") use the SalesTouch platform and related services available at https://salestouch.io (the "Service"). It also describes your rights under Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the French Data Protection Act (Loi 78-17) and other applicable laws.

2. DATA CONTROLLER

For all data identified in this Policy, SalesTouch acts as data controller. You can reach us at support@salestouch.ai.

Hosting of the Service is provided by Vercel Inc., which stores production data in Vercel-managed data centers located in the European Economic Area (EEA) by default. Vercel acts as sub-processor under our data-processing agreement.

3. SCOPE

This Policy applies to:

  • Visitors to the salestouch.io website;
  • Registered Users of the SalesTouch SaaS application;
  • Prospects whose data is imported into the platform by Users.

4. CATEGORIES OF PERSONAL DATA

CategoryExamplesSource
Identification & ContactName, business email, phone, employer, job titleProvided by User, enriched via public sources
Account CredentialsLogin email, hashed password, authentication tokensProvided by User
Billing & PaymentBilling address, VAT number; payment data processed by Stripe (tokenised)Provided by User / Stripe
Usage DataLog files, feature interactions, session metadata, emails sentCollected automatically
Prospect DataLead lists imported by User, AI-generated messagesProvided by User
Support DataChat transcripts, tickets, feedbackProvided by User
Technical DataIP address, browser, device, cookies, localStorageCollected automatically

5. LEGAL BASES FOR PROCESSING

PurposeLegal Basis (Art. 6 GDPR)
Provide and secure the Serviceb) Contract
Improve and develop new featuresf) Legitimate interest
Direct marketing to Usersf) Legitimate interest
Email marketing to prospectsa) Consent or f) Legitimate interest when GDPR e-privacy exemptions apply
Billing & compliancec) Legal obligation
Respond to support requestsb) Contract

6. DATA RETENTION

  • Account Data: stored for the lifetime of the account and 12 months after closure.
  • Prospect Data & AI outputs: retained until deleted by the User or 90 days after account closure.
  • Logs: retained 6 months for security, up to 24 months aggregated for analytics.
  • Invoices & transactional records: retained 10 years under French accounting law.

7. RECIPIENTS & SUB-PROCESSORS

We share data only with trusted partners bound by GDPR-compliant agreements:

  • Vercel Inc., hosting & CDN (EU data centers)
  • OpenAI Ireland Ltd., AI text generation (EEA region or SCCs)
  • Stripe Payments Europe Ltd., payments (EU)
  • Postmark (ActiveCampaign), transactional email (EU data center)
  • Plausible Analytics OÜ, privacy-friendly analytics (EU) A current list is maintained at https://salestouch.io/subprocessors. We will notify Users at least 30 days before adding or replacing a sub-processor.

8. INTERNATIONAL TRANSFERS

Where data is transferred outside the EEA (e.g., to OpenAI US), SalesTouch relies on Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest, strict access controls).

9. SECURITY MEASURES

  • TLS 1.3 encryption in transit; AES-256 at rest
  • Principle of least privilege & role-based access
  • Regular penetration tests & automated security scans
  • 24/7 monitoring, rate limiting, WAF on Vercel edge network
  • Daily encrypted backups stored in EU region

10. COOKIES & TRACKING TECHNOLOGIES

SalesTouch uses only:

  • Essential cookies (session, CSRF, authentication), cannot be disabled;
  • Analytics cookies from Plausible, first-party, cookieless by default;
  • No third-party advertising cookies. A detailed cookie banner is displayed on first visit.

11. YOUR RIGHTS

Under Articles 12-22 GDPR you have the right to:

  1. Access your personal data;
  2. Rectify inaccurate or incomplete data;
  3. Erase data (“right to be forgotten”);
  4. Restrict processing;
  5. Object to processing, including direct marketing;
  6. Portability of data you provided;
  7. Withdraw consent at any time;
  8. File a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.

12. EXERCISING YOUR RIGHTS

Send your request to support@salestouch.ai. We may ask for proof of identity and will respond within one (1) month, extendable by two months for complex requests.

13. CHILDREN

The Service is designed for business professionals and is not intended for minors under 18. We do not knowingly collect personal data from children.

14. CHANGES TO THIS POLICY

We may update this Policy to reflect legal, technical or business changes. We will notify Users via email and in-app at least 15 days before the change becomes effective. Continued use of the Service after that date constitutes acceptance.

15. CONTACT

Questions about this Policy? Email support@salestouch.ai.