Privacy & Data Policy

Last updated: April 2026

Prospect-IQ ("the Platform") is a personal AI-powered account intelligence project built and operated by Longtt29. This policy explains what data the Platform collects, why it is collected, how it is processed, and what rights you have. The Platform is committed to transparency and compliance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Longtt29 is the data controller for all personal data processed through Prospect-IQ. For questions or requests regarding your data, contact:

Data Protection Contact: privacy@prospect-iq.org

Operator: Longtt29 (Personal Project, France)

2. Data We Collect

A. Authorized Platform Users

  • Work email address (authorized domain) — used for authentication and usage attribution
  • Service usage logs — which modules you use, when, query summaries, duration, success/failure
  • Estimated API cost per request — for internal budget tracking

B. Research Subjects (Third Parties)

When you use Prospect-IQ to research companies or individuals, the Platform processes publicly available information about those entities:

  • Company data — name, industry, revenue estimates, hiring signals, technology stack (from public sources)
  • Individual data — name, job title, employer, LinkedIn profile URL, professional background (from public web sources)
  • Contact data — business email addresses, phone numbers (via Apollo.io or public website scraping)

C. Data We Do NOT Collect

  • No cookies or browser tracking pixels
  • No personal social media account data (we only access public/guest APIs)
  • No financial data about individuals (bank, salary, etc.)
  • No special category data (health, religion, political views, etc.)

3. Lawful Basis for Processing (GDPR Art. 6)

Legitimate Interest (Art. 6(1)(f))

Processing of publicly available business information about companies and professionals for B2B sales intelligence. We have conducted a Legitimate Interest Assessment (LIA) confirming that the business need for account research does not override the rights of data subjects, given that:

  • Only publicly available professional information is processed
  • Data is used exclusively for B2B outreach (not consumer profiling)
  • Individuals can request erasure at any time (see Section 6)
  • No automated decision-making affects data subjects

Contract Performance (Art. 6(1)(b))

Processing of team-member data (email, usage logs) is necessary to operate this invite-only internal tool.

4. Third-Party Data Processors

Prospect-IQ sends data to the following external services to deliver its functionality. All processors are contractually bound to process data only as instructed.

Third-party AI inference provider

Privacy Policy →
PurposeAI-powered research, dossier generation, service matching
Data sharedCompany names, research queries, publicly available business information
LocationEU data-residency region

Apollo.io

Privacy Policy →
PurposeLead enrichment, contact discovery
Data sharedCompany domains, job titles, seniority filters
LocationUSA

Cloudflare

Privacy Policy →
PurposeHosting, edge computing, DDoS protection
Data sharedIP addresses (for routing), application data (encrypted in transit)
LocationEU edge nodes (Cloudflare EU-only data residency)

LinkedIn (Public API)

Privacy Policy →
PurposeJob posting data scraping (guest/public endpoints only)
Data sharedNo personal LinkedIn account data accessed — only public job listings
LocationUSA

5. Data Retention

Usage logs (API calls)

90 days

Automatically purged after 90 days. Capped at 10,000 events maximum.

AI-generated dossiers

Session only

Generated on-demand and not permanently stored server-side. Cached for up to 5 minutes for performance.

Lead/contact data

Session only

Retrieved in real-time from Apollo.io / web sources. Not stored in a persistent database.

Login events

90 days

Part of usage logs. Subject to the same retention policy.

6. Your Rights (GDPR Art. 15-22)

If you are a data subject (whether a team member using the platform or a third party whose professional data appears in research results), you have the following rights:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Data Portability

Receive your data in a structured, machine-readable format (JSON).

Right to Object

Object to processing based on legitimate interest at any time.

Right to Restrict Processing

Request limitation of processing while a complaint is being resolved.

How to exercise your rights

Send a request to privacy@prospect-iq.org or use the /settings page in Prospect-IQ to export or delete your data. We will respond within 30 days as required by GDPR.

7. Data Deletion

Authorized users can delete their own usage data directly from the Platform via the DELETE /api/user/delete-data endpoint or through the Settings page. This permanently removes all usage events, login records, and query history associated with your email address.

Third parties who wish to have their data removed from research results should contact privacy@prospect-iq.org. Since Prospect-IQ does not maintain a persistent database of research subjects, erasure primarily involves ensuring the individual is excluded from future research queries.

8. Security Measures

  • Authentication restricted to an authorized email domain (invite-only access)
  • All data transmitted over HTTPS/TLS (enforced by Cloudflare)
  • Admin access protected by hashed passwords + HMAC-signed stateless tokens
  • Brute-force protection: 5 failed attempts → 15-minute IP lockout
  • Rate limiting on all API endpoints (10-120 requests/minute)
  • POST-only API enforcement with origin validation
  • No third-party analytics, tracking pixels, or advertising SDKs
  • Payload size limits (2MB max) and scanner path blocking

9. AI Processing Transparency

Prospect-IQ uses third-party AI inference providers to generate research dossiers and match services to prospect needs. Important disclosures:

  • AI outputs are generated from live web searches — every claim is deep-linked to its source
  • No automated decisions are made that have legal or similarly significant effects on individuals
  • AI-generated content is clearly labeled as such throughout the platform
  • Users review and validate all AI outputs before any action is taken
  • The AI does not learn from or retain data between sessions (no model fine-tuning on user data)

This policy may be updated periodically. Material changes will be communicated via the Platform login screen. The "Last updated" date at the top reflects the most recent revision.

Prospect-IQ — AI-Powered Account Intelligence · Personal Project by Longtt29

← Back to Dashboard