Skip to main content

Privacy Policy

Last updated: March 2026

1. Data Controller

ProspectAI ("we", "us", "our") operates this website. For any data protection inquiries, please contact us at privacy@kpilotlabs.com.

2. What Data We Collect

We collect the following categories of data:

  • Search queries: Business names and locations you search for.
  • IP addresses: Used for rate limiting and abuse prevention.
  • Language preference: Stored locally in your browser (localStorage).
  • Business data: Publicly available business information aggregated from public sources (directories, social media profiles, business listings).
  • People data: Names, roles, and publicly available contact details of individuals associated with businesses, gathered from public sources.

3. Legal Basis for Processing (GDPR Article 6)

We process data under the following legal bases:

  • Legitimate interest (Art. 6(1)(f)): To provide our business lookup service by aggregating publicly available business data. We have conducted a Legitimate Interest Assessment (LIA) confirming that the processing is necessary, proportionate, and does not override data subjects' fundamental rights.
  • Contract performance (Art. 6(1)(b)): To process your search requests and deliver results.
  • Legitimate interest (Art. 6(1)(f)): Anonymous analytics to understand service usage and improve the platform (via Umami, a cookie-free, privacy-friendly tool).

4. Data Sources (GDPR Article 14)

Business and people data displayed in our results is obtained from publicly accessible sources, including: Google Maps, business directories (Yelp, Yellow Pages, TripAdvisor), social media platforms (Facebook, Instagram, Twitter/X, LinkedIn), company websites, and public records.

We do not collect this data directly from the individuals concerned. As required by GDPR Article 14, we disclose that this information originates from publicly accessible sources.

5. How We Use Your Data

  • Performing business contact lookups as requested by you.
  • Rate limiting and preventing abuse of our service.
  • Improving and maintaining our service.
  • Storing search results for your convenience (search history).

6. Data Sharing

We use the following third-party services to process data:

  • Google Places API: For business location data (Google LLC, USA — EU-US Data Privacy Framework).
  • Perplexity AI: For web research on business information.
  • DeepSeek: For structuring raw research data.

We do not sell your personal data to third parties.

7. Data Retention

  • Search logs: Retained for 90 days, then automatically deleted.
  • Business data: Retained and updated with each new search. Stale data is periodically reviewed.
  • IP addresses: Retained for 90 days for rate limiting purposes.

8. Your Rights (GDPR Chapter III)

If you are located in the EU/EEA, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your personal data.
  • Right to restriction (Art. 18): Request limitation of processing.
  • Right to data portability (Art. 20): Receive your data in a structured format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@kpilotlabs.com. We will respond within 30 days.

9. Cookies & Local Storage

We use minimal browser storage:

  • Language preference (localStorage): Strictly necessary to deliver the service in your chosen language. No consent required under the ePrivacy Directive.
  • Cookie consent choice (localStorage): Records whether you accepted or rejected cookies.

We do not use tracking cookies, analytics cookies, or advertising cookies. We use Umami, a self-hosted, privacy-friendly analytics tool that does not use cookies, does not track users across websites, and does not collect personal data. Umami collects only anonymous, aggregated statistics (pages visited, referrer URL, browser type, operating system, device type, and country derived from your IP address, which is not stored). Because Umami sets no cookies and stores no data on your device, it is exempt from consent requirements under the LSSI (Art. 22.2) and the ePrivacy Directive.

10. International Transfers

Some of our data processors are located outside the EU/EEA. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

11. Security

We implement appropriate technical and organizational measures to protect personal data, including encrypted connections (HTTPS), access controls, and regular security reviews.

12. Complaints

You have the right to lodge a complaint with a supervisory authority. If you are in the EU, you can contact your local Data Protection Authority (DPA).

13. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through a notice on our website.