Privacy Policy
Last updated: 06 February 2025
This Privacy Policy explains how Sellestial ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our website, platform, and services (collectively, the "Services") or interact with us in any way. Please read this Privacy Policy carefully to understand our practices regarding your personal data.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
1. Introduction
Sellestial is a Delaware C-corporation (Sellestial, Inc., 251 Little Falls Drive, Wilmington, DE 19808, United States) that offers B2B SaaS and Custom Services globally. We enable users to connect their HubSpot workspaces and Google or Microsoft email accounts to our platform, and we also provide bespoke software development, data cleaning, data enrichment, data analysis, filtering, and other related services. We hire contractors and service providers (all under confidentiality agreements) to develop products and perform services. Founders may also be employees at one of these service providers.
No Unlawful Use: You must not use our Services to process or distribute unlawful content. All activities must comply with applicable email marketing and data protection laws.
Disclaimer of Warranties: We do not provide any warranties about uptime, error-free performance, or the accuracy of AI-generated outputs, and there is no service-level agreement (SLA).
2. Information We Collect
We collect various types of information to provide and improve our Services:
2.1 Information You Provide to Us
- Account Information: When you register for an account, we collect your name, email address, and other contact details.
- Communications: If you contact us directly, we may receive additional information such as your name, email address, phone number, and the content of your message.
2.2 Information We Receive from Third Parties
When you connect third-party services to our platform, we collect and process the following data.
We do not make any configuration changes in your HubSpot portal except in limited and customer-approved ways. However, we do copy and keep certain HubSpot data in sync with our database for processing, including via third-party AI API providers.
Data from Google LLC:
- User and Prospect Data:
- First name, last name, profile picture
- Email address
- Email messages:
- Date, sender, recipients, subject line, message body
- Inbox settings:
- Vacation settings, email signature, labels
Data from Microsoft Outlook 365:
- User and Prospect Data:
- First name, last name, profile picture
- Email address
- Email messages:
- Date, sender, recipients, subject line, message body
- Inbox settings:
- Vacation settings, email signature, labels
Data from HubSpot, Inc.:
- HubSpot ID
- Deals:
- Deal name, amount, close date, stage, pipeline, deal owner, closed lost reason, last contacted, deal score, custom fields (as configured by the user)
- Contacts:
- First name, last name, email, job title, employment status, phone number, lead status, lifecycle stage, contact owner, LinkedIn profile URL, custom fields (as configured by the user)
- Companies:
- Company name, domain, industry, company owner, city, state/region, postal code, number of employees, annual revenue, time zone, description, LinkedIn company page, custom fields (as configured by the user)
- Notes and Communications:
- Emails, calls, meetings, LinkedIn messages, SMS messages, WhatsApp messages, postal mail
Data from ProAPIs, Inc.:
- Personal LinkedIn profile
- Company LinkedIn profile
Data from ZenLeads Inc. d/b/a Apollo.io:
- Email address
- Phone number
Data from BrightData (https://brightdata.com/):
- Organization website content data
2.3 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your interaction with our website and Services. The cookies we use include:
- Website Cookies:
- _reb2bgeo (expires after 1 week), _ga (expires after 2 years), _ga_<id> (expires after 2 years), reb2bsessionID (1 week), hjSessionUser_<id> (1 year), _hjSession_<id> (30 minutes), _reb2buid (1 week)
- Product Cookies:
- access_token (24 hours), fs_lua (30 minutes), fs_uid (1 year), refresh_token (30 days)
For more details on how we use cookies and how you can manage your cookie preferences, please see Section 9 of this Privacy Policy.
3. How We Use Your Information
We use the information we collect for various purposes, including:
- Providing and Maintaining Services: To operate and maintain our Services, including processing transactions, authenticating users, and providing customer support.
- Improving Services: To analyze usage and trends to improve the quality and performance of our Services.
- Data Enrichment and AI Processing: To enhance prospect data using identifiers (e.g., first name, last name, email, LinkedIn ID) and send certain data to AI API providers for personalized message generation or other functionalities.
- Communications: To send you updates, security alerts, and support messages.
- Legal Obligations: To comply with legal requirements, resolve disputes, and enforce our agreements.
- Analytics: To monitor and analyze trends, usage, and activities in connection with our Services.
Aggregated Data: We may use aggregated, anonymized data for any purpose, such as analyzing trends or providing insights.
4. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:
- Consent: When you connect third-party services to our platform, you provide consent for us to access and process the data described in Section 2.2.
- Contractual Necessity: Processing is necessary to perform the contract between you and Sellestial (e.g., to provide and maintain our Services).
- Legitimate Interests: We process anonymized data for analytics and service improvement, which are in our legitimate interests and do not override your data protection rights.
- Legal Compliance: Processing is necessary for compliance with our legal obligations.
5. How We Share Your Information
We do not sell or rent your personal data. However, we may share your information in the following circumstances:
5.1 Service Providers
We share data with third-party service providers who perform services on our behalf, such as:
- AI API Providers:
- OpenAI, Fireworks AI, Groq, Together AI (these may process the data described in Section 2.2, potentially outside the EU)
- Data Enrichment Providers:
- Apollo.io, ProAPIs, Inc., BrightData (to enhance prospect data using identifiers like first name, last name, email, and LinkedIn ID)
- Payment and Accounting Software:
- Stripe, Inc. (payment processing)
Xero Limited (accounting software)
Note: Sellestial's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the "Limited Use" requirements.
5.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
5.3 Business Transfers
In the event of a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your personal data may be transferred or disclosed as part of such a transaction, as permitted by law and/or contract. In such cases, we will notify you via email and/or a prominent notice on our Services before your personal data becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your information with third parties when we have your consent to do so.
6. International Data Transfers
While we store and process your personal data primarily within the European Union (EU) on our Digital Ocean servers (in Frankfurt, Germany), some of our third-party service providers may process data outside of the EU. Specifically:
- AI Providers (e.g., OpenAI, Fireworks AI, Groq, Together AI): Your data may be processed in countries outside the EU, including the United States.
When we transfer personal data outside of the EU, we take appropriate measures to ensure compliance with data protection laws, such as:
- Standard Contractual Clauses: We may rely on standard data protection clauses approved by the European Commission, which are binding legal commitments to protect your data.
- Other Safeguards: We may use other legally recognized mechanisms to ensure your data is adequately protected.
7. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide you with our Services. Once you are no longer a customer, we delete your data from our servers. However, we may retain certain information for legitimate business purposes or as required by law, such as:
- To comply with legal, regulatory, or compliance obligations.
- To resolve disputes or enforce our agreements.
- In the course of regular backup procedures, until such backup copies are deleted.
8. Your Rights and Choicesn
Under applicable data protection laws, particularly the GDPR, you have certain rights regarding your personal data:
- Access: You have the right to request access to the personal data we hold about you.
- Rectification: You can request that we correct any inaccurate or incomplete personal data.
- Erasure: You have the right to request the deletion of your personal data under certain circumstances.
- Restriction: You can ask us to restrict the processing of your personal data in certain situations.
- Data Portability: You have the right to obtain a copy of your personal data in a structured, commonly used, and machine-readable format.
- Objection: You can object to the processing of your personal data in certain cases, such as for direct marketing purposes.
- Withdrawal of Consent: If we process your data based on consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at info@sellestial.com. We will respond to your request within the timeframes required by law.
If you are a resident of European Economic Area, you can submit a complaint to the Information Commissioner or other competent authority in your state.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website and platform. Cookies are small data files stored on your device that help us understand how you use our Services.
9.1 Types of Cookies We Use
- Essential Cookies: Necessary for the operation of our Services (e.g., session cookies).
- Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
- Functionality Cookies: Enable us to remember choices you make (e.g., language preferences).
9.2 Managing Cookies
You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Services.
For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy (if available).
10. Security Measures
We are committed to protecting your personal data and implement appropriate technical and organizational security measures, including:
- Data Encryption: Encryption of data both in transit and at rest to prevent unauthorized access.
- OAuth Authentication: Secure authentication protocols using Google's OAuth services.
- Access Controls: Limiting access to personal data to authorized personnel who need to know that information to operate, develop, or improve our Services.
- Security Audits and ISO 27001 Compliance: We conduct regular assessments of our security practices to identify potential vulnerabilities and are in the process of ISO 27001 compliance and certification.
Please note that while we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
11. Children's Privacy
Our Services are intended for use by professionals and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us at info@sellestial.com, and we will take steps to delete such information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
- Notification of Changes: If we make material changes, we will notify you by email (sent to the email address specified in your account) or by posting a notice on our Services prior to the change becoming effective.
- Effective Date: The date at the top of this Privacy Policy indicates when it was last updated.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
13. Contact Us
If you have any questions, concerns, or comments about this Privacy Policy or your personal data, please contact us:
Sellestial, Inc.
Attn: Privacy Officer
251 Little Falls Drive
Wilmington, DE 19808
United States of America
Email: info@sellestial.com
14. Regulatory Compliance
We comply with the General Data Protection Regulation (GDPR) for users located within the European Union. Should regulations such as the California Consumer Privacy Act (CCPA) become applicable to our operations, we will update our practices accordingly.
15. Third-party Links
Our Services may contain links to third-party websites or services that are not owned or controlled by Sellestial. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites or services you visit.
16. Use of User Data for Analytics and Service Improvement
We may use anonymized and aggregated data derived from your personal data for internal analytics and to improve our Services. This data does not identify you personally and is used to understand trends, monitor the effectiveness of our Services, and enhance user experience.
17. Marketing Communications
We currently do not send marketing or promotional communications. If we decide to do so in the future, we will provide you with the option to opt out or unsubscribe from such communications. We also reserve the right to use your business name in our marketing materials, unless you inform us otherwise.
18. Compliance with Google API Services User Data Policy
Sellestial's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the "Limited Use" requirements. We will not use data obtained from Google APIs for any purposes other than providing and improving our Services as described in this Privacy Policy.
19. Your Responsibilitiestions
As a user of our Services, you may have access to personal data of third parties (e.g., contacts, prospects). You are responsible for ensuring that you have the necessary permissions and legal bases to process and share this data with us in compliance with applicable laws and regulations. You are also responsible for complying with email marketing and data protection laws when you use our Services.
20. Custom Services and Intellecttual Property
In addition to our B2B SaaS platform, we offer Custom Services (e.g., software development, data cleaning, data enrichment, data analysis, filtering). Any intellectual property created by Sellestial in the course of providing these services (e.g., code, pipelines, processes) remains the sole property of Sellestial. Any IP related to your own data and its processed outputs remains yours. You receive a license to use the developed code, procedures, and pipelines in connection with the Sellestial Platform.
21. Governing Law
This Privacy Policy, and any disputes arising from or relating to it, shall be governed by the laws of the State of Delaware, United States of America, without regard to its conflict-of-law principles.
Thank you for reading our Privacy Policy. If you have any questions or concerns, please reach out to us at info@sellestial.com.