Privacy policy.

Three categories. Account data: the name, email, billing address, and payment method needed to operate your subscription. Operational data: the leads you discover, the demo sites you generate, the emails you draft and send, and the deliverability events those sends produce. Public records: the business listings, reviews, and contact emails the discovery crawler surfaces from public sources.

We use account data to run the subscription. We use operational data to run the product — to draft emails from context, to ramp your sending domain, to flag deliverability drift before it lands you in spam. We use public records to surface candidate leads and we do not store more of them than the product needs.

We don’t sell data. We don’t share it with third parties for their marketing. We don’t scrape personal social profiles. We don’t buy contact lists from data brokers. We don’t train external models on your operational data.

The product runs on a handful of named providers: Stripe for billing, Postmark and Amazon SES for transactional and outbound mail, Cloudflare R2 for asset storage, and a managed Postgres host for the primary database. The current list, with each role and jurisdiction, is published on request to hi@findby.io.

Operational data lives in the active platform for as long as your subscription does. On cancellation we retain it for thirty days so you can resubscribe without losing state, then it is removed from production storage. Backup retention runs to a maximum of ninety days. Legal-hold exceptions apply only where a specific obligation requires longer retention.

You can access, export, correct, or delete your data at any time. Export is a CSV download from the dashboard; correction and deletion are by request to hi@findby.io and run within the windows the applicable regulation requires (thirty days for GDPR and CCPA requests, longer only where the regulation explicitly allows it).

The marketing site uses no third-party analytics or advertising cookies. The product uses a session cookie for authentication and a CSRF token cookie for form submissions. Both are first-party, strictly necessary, and not used for tracking.

Findby is a tool for business operators. We do not knowingly collect data from anyone under sixteen, and the service is not directed at minors.

Material changes are announced by email at least thirty days before they take effect. The current version is always posted at this URL with an effective date at the top.

Privacy questions, deletion requests, or anything else covered above — hi@findby.io. Read by a person.