SalesOS
Log inSign up

Privacy Policy

Last updated: March 10, 2026

1. Introduction

SalesOS (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered sales intelligence platform (“the Service”).

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, organization name, and password when you register
  • Payment information: Billing details processed by Paddle (our payment processor) — we do not store credit card numbers
  • Account data: Company names, domains, and other data you upload via CSV or manual entry
  • Communications: Emails, support requests, and feedback you send us

2.2 Information Collected Automatically

  • Usage data: Features used, research runs performed, pages visited, and actions taken within the Service
  • Device information: Browser type, operating system, IP address, and device identifiers
  • Log data: Server logs including timestamps, request URLs, and response codes
  • Cookies: Authentication cookies (httpOnly, secure) for session management

2.3 Information from AI Research

When you run Account 360 research, our AI agents gather publicly available information about the target company from public websites, news sources, SEC filings, and other open data sources. This information is processed to generate research findings for your account.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your research requests and deliver findings
  • Manage your account and subscription
  • Send transactional emails (welcome, password reset, team invites)
  • Respond to your support requests and communications
  • Monitor usage for billing, rate limiting, and abuse prevention
  • Analyze aggregate usage patterns to improve the Service
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Paddle: Our payment processor and Merchant of Record, for billing and subscription management
  • Resend: Our email service provider, for transactional emails
  • Infrastructure providers: Cloud hosting and database services that process data on our behalf
  • Legal requirements: When required by law, regulation, or legal process

All third-party service providers are bound by data processing agreements and are prohibited from using your data for purposes other than providing services to us.

5. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • Encryption at rest for stored data
  • Bcrypt password hashing with per-user salts
  • httpOnly, Secure, SameSite cookies for authentication
  • Tenant-isolated databases — your data is not accessible to other customers
  • Rate limiting and abuse detection
  • Regular security reviews and monitoring

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Research results: Retained while your account is active
  • Usage logs: Retained for 90 days for operational purposes
  • Billing records: Retained as required by tax and accounting laws (typically 7 years)
  • Audit logs: Retained for 1 year

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Export: Export your data in a machine-readable format (available in Settings)
  • Restriction: Request restriction of processing of your personal data
  • Objection: Object to processing of your personal data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

  • access_token: Authentication cookie (httpOnly, Secure, SameSite=Lax, 30 min expiry)
  • refresh_token: Session renewal cookie (httpOnly, Secure, SameSite=Lax, 7 day expiry)

9. AI and Machine Learning

Our AI agents process publicly available information to generate research findings. Important details:

  • Your account data and research results are not used to train AI models
  • AI processing occurs on our infrastructure — data is not sent to third-party AI providers for training
  • Research findings are generated per-request and stored only in your tenant's database

10. Children's Privacy

The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

11. International Data Transfers

Your information may be processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: [email protected]