Privacy Policy
Last updated: February 2026
GDPR and CAN-SPAM compliant
Contents
1. Data Controller
Outlix ("we", "us", "our") is the data controller responsible for your personal information. We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your data.
2. Information We Collect
2.1 Account Data
When you create an account, we collect:
- Name (first and last)
- Email address (used for authentication)
- Password hash (we never store plain-text passwords)
- Google OAuth profile information (if you sign up with Google)
- Organization name and details
2.2 Lead Data (Uploaded BY You)
You upload lead data to use our Service. This data belongs to you and includes:
- Lead names, email addresses, company names
- LinkedIn URLs and profile information
- Custom fields and notes you add
- Email engagement data (opens, clicks, replies)
Important: You are responsible for ensuring you have the legal right to upload and process this data, including obtaining necessary consents from your leads.
2.3 Usage Data
We automatically collect usage data to improve our Service:
- Feature usage patterns (which features you use most)
- API call logs and LLM usage metrics
- Email engagement metrics (open rates, click rates, reply rates)
- Draft generation history and approval/rejection rates
2.4 Technical Data
Standard technical information collected automatically:
- IP address
- Browser type and version
- Device information (desktop, mobile, tablet)
- Operating system
- Referrer URL (how you found us)
- Session duration and page views
3. How We Use Your Information
We use your data for the following purposes:
3.1 Provide AI Draft Generation Service
Your lead data and product information are sent to third-party AI providers (Groq, Anthropic, OpenAI) to generate personalized email drafts. This is the core functionality of our Service.
3.2 Track Email Engagement
We track when recipients open emails, click links, and reply to measure campaign performance and help you optimize your outreach.
3.3 Improve AI Models
We analyze aggregated, anonymized usage data to improve our AI models and Service features. We never sell individual user data.
3.4 Send Service Notifications
We send emails for:
- Account activation and password resets
- Billing and subscription updates
- Important product announcements and security alerts
- Optional marketing emails (you can opt out anytime)
4. Third-Party Processors
To provide our Service, we share your data with the following third-party processors:
Groq (LLM Inference)
Purpose: Fast AI draft generation using Llama and Mixtral models
Data shared: Lead information, product details, draft generation prompts
Anthropic (LLM Inference)
Purpose: Premium AI draft generation using Claude models
Data shared: Lead information, product details, draft generation prompts
OpenAI (Text Embeddings)
Purpose: Text embeddings for semantic search and lead matching
Data shared: Text snippets for embedding generation
Resend (Email Delivery)
Purpose: Sending emails to your leads and service notifications
Data shared: Sender email, recipient email, email content
Paddle (Payment Processing)
Purpose: Payment processing, billing, invoicing (Merchant of Record)
Data shared: Email, billing information, subscription details
Vercel (Hosting)
Purpose: Website and application hosting
Data shared: All application data (encrypted in transit)
PostgreSQL Database (Railway/Supabase)
Purpose: Secure data storage with encryption at rest
Data shared: All application data (encrypted)
All third-party processors are contractually obligated to protect your data and use it only for the specified purposes.
5. Data NOT Sold
We Never Sell Your Personal Data to Third Parties
We will never sell, rent, or trade your personal information to advertisers, data brokers, or marketing companies. Your data is used solely to provide our Service and improve it through aggregated, anonymized analytics.
6. Your Rights (GDPR - EU Users)
If you are located in the European Union, you have the following rights under GDPR:
Right to Access
Request a copy of all personal data we hold about you. We will provide this in JSON format within 30 days.
Right to Rectification
Correct any inaccurate or incomplete personal data. You can edit most data directly in your account settings.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data. You can delete your account from settings, which triggers a 30-day grace period before permanent deletion.
Right to Data Portability
Export your data in a machine-readable format (JSON). Available from your account settings.
Right to Restrict Processing
Limit how we process your data while we verify accuracy or investigate a complaint.
Right to Object
Object to processing for marketing purposes. You can unsubscribe from marketing emails at any time.
Right to Withdraw Consent
Withdraw consent at any time for data processing based on consent (does not affect processing based on other legal grounds).
To exercise any of these rights, email support@outlix.io. We will respond within 30 days.
7. CAN-SPAM Compliance
Our Service helps you comply with the CAN-SPAM Act (United States):
Physical Address in Email Footer
All emails sent through Outlix include your company's physical address in the footer (as required by CAN-SPAM).
One-Click Unsubscribe Link
Every email includes a clearly visible unsubscribe link. Unsubscribe requests are honored instantly (not the 10-day maximum allowed by law).
List-Unsubscribe Headers (RFC 8058)
Emails include List-Unsubscribe headers for one-click unsubscribe in Gmail, Apple Mail, and other compliant email clients.
Opted-Out Leads Never Receive Emails
When a lead unsubscribes, they are immediately removed from all email sequences and cannot be emailed again.
Your Responsibility: You are responsible for:
- Ensuring you have permission to email your leads
- Using accurate sender information and subject lines
- Complying with CAN-SPAM in your email content
- Providing a valid physical address for your business
9. Data Retention
We retain your data as follows:
Active Accounts
Data retained indefinitely while your subscription is active.
After Cancellation
30 days: Access to export your data
90 days: Data anonymized for analytics
After 90 days: Permanently deleted
Usage Analytics
Aggregated, anonymized data retained indefinitely to improve the Service.
10. Data Security
We implement industry-standard security measures:
- HTTPS: All data transmitted over encrypted connections (TLS/SSL)
- Encryption at rest: Database encryption for stored data
- Access controls: Role-based permissions and multi-tenant isolation
- Password security: Bcrypt hashing for passwords
- Regular backups: Automated backups with 30-day retention
- Security monitoring: Automated alerts for suspicious activity
While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
Our Service is not directed at children under 18. We do not knowingly collect information from children. If you become aware that a child has provided us with personal information, please contact us at support@outlix.io.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect.
Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
13. Contact Us
For privacy-related questions or to exercise your rights:
Outlix - Privacy Team
Email: support@outlix.io
Website: outlix.io
We typically respond within 48 hours for privacy requests.
EU Users: Right to Lodge a Complaint
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority in the European Union.