Privacy Policy

ProspectLab ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website prospectlab.ai and our services.

We operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Personal information

We may collect personal information that you voluntarily provide to us, including:

Name and contact details (email address, phone number, postal address)
Company information and job title
Communications with us (emails, form submissions, chat messages)
Marketing preferences and consent records
Payment information (processed securely through third-party providers)
Business requirements and project specifications

Automatically collected information

We may automatically collect certain information about your device and usage, including:

IP address and location data
Browser type and version
Device information and operating system
Pages visited and time spent on our Site
Referral sources and search terms used
Cookies and similar tracking technologies

Third-party data sources

For our B2B lead generation services, we collect business contact information from third-party sources. This includes data obtained from:

Professional databases and business intelligence platforms (including Apollo.io)
Public professional profiles and social media platforms (including LinkedIn)
Data enrichment services
Public business registries and company websites

If your personal data has been provided to us by a third party (for example, a client using our platform to conduct outbound email campaigns), we are required to inform you of this.

The categories of data typically collected include: your name, business email address, job title, company name, and LinkedIn profile URL. This data is collected from publicly available sources and professional databases for the purpose of B2B sales outreach on behalf of our clients.

The legal basis for processing is legitimate interests — specifically, the legitimate interest of our clients in contacting relevant business professionals about their products or services. You have the right to object to this processing at any time by contacting us or by using the opt-out mechanism in any email you receive.

If you believe your data has been processed without a valid lawful basis, you may contact us at hello@prospectlab.ai or lodge a complaint with the ICO at ico.org.uk.

We use the information we collect for the following purposes:

Providing and improving our services
Communicating with you about our services, updates, and marketing
Processing transactions and managing customer relationships
Customising your experience and content
Analysing website usage and performance
Conducting business intelligence and market research
Complying with legal obligations and protecting our rights
Preventing fraud and ensuring security

We process your personal data under the following legal bases:

Consent: Where you have given clear consent for specific purposes
Contract: To perform our contractual obligations to you
Legitimate Interest: For B2B outreach, improving our services, and direct marketing to existing and prospective clients — where we have assessed that our interests are not overridden by your privacy rights
Legal Obligation: To comply with applicable laws and regulations

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

Service Providers: With trusted third parties who assist in operating our business (CRM systems, email platforms, analytics tools)
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with mergers, acquisitions, or asset sales
Consent: With your explicit permission for specific purposes

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication procedures
Staff training on data protection
Secure hosting and backup systems
Regular penetration testing and vulnerability assessments

Under UK data protection law, you have the following rights:

Right of Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided below. We will respond to your request within one month.

We retain personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:

Customer data: Duration of relationship plus 7 years for legal compliance
Marketing data: Until consent is withdrawn or 3 years of inactivity
Website analytics: 26 months from collection
Communication records: 7 years for business and legal purposes
Prospect data: 3 years from last meaningful interaction

Your information may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

Adequacy decisions by the UK government
UK International Data Transfer Agreements (IDTA) or EU Standard Contractual Clauses with the UK Addendum, as approved by the ICO
Binding corporate rules and certification schemes
Explicit consent for transfers to non-adequate countries

Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under 16 years of age. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Our platform uses AI to assist in personalising outbound email content on behalf of our clients. This does not constitute solely automated decision-making that produces legal or similarly significant effects on individuals — a human client reviews and approves campaigns before sending. We do not use automated profiling to make decisions that significantly affect individuals' legal rights or circumstances.

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay where required by law.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.