MSProspector ("we", "our") provides sales-prospecting research to authenticated business users ("you", "user"). This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights. Boilerplate drafted for review by counsel. WHAT WE COLLECT FROM YOU: - Account data: email address, name, company name, hashed password (managed via Supabase Auth). - Acceptance + audit metadata: Terms of Service acceptance timestamp, IP address, user-agent string at acceptance. - Usage data: research reports you generate, prospects you research, integrations you configure (e.g. GoHighLevel sub-account location IDs and encrypted API keys), feedback you submit. - Technical data: IP address and user-agent on each authenticated request, captured in error-tracking and audit logs. WHAT WE COLLECT FROM RESEARCH SUBJECTS (the prospects you research): - Public information from company websites you supply (publicly accessible web pages, press releases, blog posts, alumni publications). - Licensed third-party business data (firmographics, technology stack, buying-committee names + titles + general locations) from data providers we license (currently Apollo.io). - Public-domain information surfaced by AI-driven web search (news articles, podcasts, awards, professional bios published by the subject themselves or their employers). - We DO NOT collect or infer protected-class information (religion, sexual orientation, health conditions, political affiliation unless publicly campaigned). - We DO NOT scrape LinkedIn, social media beyond what's surfaced through licensed providers, or any source that prohibits automated collection. HOW WE USE YOUR DATA: - Provide the research service you requested. - Authenticate your account, prevent abuse, enforce rate limits. - Generate, deliver, and store reports for your account. - Push report data to integrations you have explicitly configured (e.g. your GHL sub-account when you click "Send to GHL"). - Comply with legal obligations and respond to lawful requests. - We do NOT sell your personal data. We do NOT use research subjects' data for purposes other than producing reports for the user who requested them. DATA RETENTION: - Reports: retained as long as your account is active. You can delete a report at any time. - Account data: retained until you delete your account. - Audit logs (terms acceptance, login events, feedback): retained for legal compliance, typically up to 7 years. - Feedback submissions: retained indefinitely for product-improvement purposes; PII redacted on request. DATA SHARING: - Service providers under contract: Supabase (database + auth), Vercel (hosting), Inngest (background processing), Anthropic (AI inference), Apollo.io (licensed data), Sentry (error tracking), Stripe (billing — when launched), Resend (email). Each is bound by their own privacy terms and processes data only as needed to provide the service. - Integration recipients you configure: when you push a report to GoHighLevel, that data goes to the GHL sub-account you configured. We do not control downstream use of data once it leaves our systems through your configured integration. - Legal requirements: we may disclose data when required by law, court order, or to protect rights and safety. ENCRYPTION: - Data in transit: HTTPS/TLS for all connections. - Data at rest: third-party-API keys (e.g. GHL Private Integration tokens) encrypted with AES-GCM-256 using a master key stored in environment configuration. - Authentication: bcrypt hashing via Supabase Auth. YOUR RIGHTS: - Access: request a copy of personal data we hold about you. - Correction: request correction of inaccurate data. - Deletion: delete your account and all associated reports + data. - Portability: export your reports. - Opt-out of analytics / marketing: contact privacy@marketopia.com. - EU residents have additional rights under GDPR; California residents under CCPA/CPRA. Contact us to exercise any right. RIGHTS OF RESEARCH SUBJECTS: If you are a person who appears in a report (e.g. an executive named in buying-committee data) and want your information removed or corrected: - Email privacy@marketopia.com with the request and supporting identification. - We will action requests within 30 days where the underlying source data permits removal. - Note: information sourced from Apollo.io and other licensed providers must be addressed with the original source for permanent removal across the data ecosystem. CHILDREN: MSProspector is a B2B research tool not intended for users under 18. We do not knowingly collect data from minors. CHANGES: We may revise this policy. Material changes will require re-acceptance before continued use. CONTACT: Privacy questions: privacy@marketopia.com Legal: legal@marketopia.com Mailing: Marketopia, 3600 75th Terrace North, Pinellas Park, FL 33781, US