PrivacyPolicy

Last Updated: June 2026

Preamble / Transparent Data Flow

We believe in structural integrity and clear boundaries. We do not sell your personal data, nor do we harvest lead lists to resell to other brokers. All information you load into our platform is treated with strict isolation. This Privacy Policy details exactly how data is gathered, processed, and secured in our pipeline.

1. Data Processor vs. Data Controller

In compliance with the General Data Protection Regulation (GDPR) and similar privacy frameworks:

  • You are the Data Controller: You own and control all names, emails, company descriptions, target website lists, and lead profiles that you import into the Platform. You determine the purposes and means of processing this data.
  • Untone is the Data Processor: We act strictly under your instructions to parse websites, agitate copy, generate personalized outreach, and deliver reports. We do not use your leads for any other commercial purpose.

2. Data We Collect

We collect three types of information to keep the Platform operational:

  • Account Information: Names, emails, company affiliations, and credentials provided when you sign up for an account.
  • Payment Data: Credit cards, billing addresses, and transaction histories processed securely via third-party processors (e.g., Stripe). We do not store raw credit card details on our own database.
  • Input Data (Intel): Target URLs, customer lists, lead contact details, campaign objectives, and text instructions that you load into the tool.

3. Processing & Third-Party Sub-processors

To scrape websites and run Socratic synthesis engines, we use third-party APIs and infrastructure partners (Sub-processors):

  • Web Scrapers (e.g., Firecrawl): We use specialized APIs to retrieve public text from the target URLs you submit.
  • AI/LLM Providers (e.g., Anthropic, OpenAI): We submit data payloads to generate message hooks.

Critical Safety Guarantee: We contractually require all AI sub-processors to process inputs in memory only. None of the lead names, company details, or prompts you import are used to train public or foundational AI models.

4. Secure Administrative Access

[ADMINISTRATIVE OVERSIGHT DECLARATION]

To maintain the security, safety, and legal compliance of our infrastructure, authorized Untone administrators have access to your imported contact lists, target data inputs, and generated hooks.

This access is strictly governed by internal security controls and is utilized solely for quality control, auditing for potential spam/phishing violations, debugging API delivery issues, and securing our server nodes. All administrative actions are fully logged, and staff access is subject to strict confidentiality agreements.

5. GDPR & International Privacy Rights

If you are located in the European Economic Area (EEA), Switzerland, or jurisdictions with matching statutes, you have several rights regarding your personal information:

  • Right to Access & Rectify: You can retrieve a copy of all account details we store or request updates to inaccurate data.
  • Right to Be Forgotten: You can request that we delete your account and all associated data records permanently.
  • Right to Data Portability: You can export your data in a structured, machine-readable format.

To exercise any of these rights, please contact our privacy compliance officer directly at privacy@untone.sys.

6. Security & Storage Duration

We employ industry-standard encryption protocols (SSL/TLS for transit, AES-256 for resting data databases). We store your account and processing data for as long as your workspace is active, or as required by statutory bookkeeping and compliance obligations.