Privacy Policy (MOCK — v1.0)
This is a placeholder document seeded by 20260426070000_add_terms_to_policy_versions. Replace with a lawyer-reviewed version before production.
What this document is
A mock standing in for the final Privacy Policy. The structure mirrors what the public-facing copy will contain so the surrounding wiring (banner, signup, force-update modal) can be tested end-to-end with a representative document.
The authoritative source for the real copy is docs/gdpr/privacy-policy-brief.md in the repo. Hand that brief to a privacy lawyer to produce the final version.
What we collect
- Account information (name, email, language preference)
- Outreach data (cards, contacts, emails composed and sent)
- Calendar bookings (when you connect Google Calendar)
- AI processing telemetry (anonymised, used to improve the system)
- Usage analytics (which features you touch, error reports)
Why we collect it
- Run the outreach service you signed up for (contract / Article 6(1)(b))
- Improve the AI writer for everyone (legitimate interest, anonymised)
- Comply with legal obligations (Article 6(1)(c))
Where it goes
Third-party processors:
- Anthropic (AI generation)
- Google Gemini (embeddings)
- Google Gmail / Google Calendar (sending + scheduling, only with your OAuth consent)
- Vercel (hosting)
- Supabase (database)
- Hunter.io (contact enrichment)
Full DPA + transfer mechanism details live in docs/gdpr/dpa-vendor-list.md.
Retention
See docs/gdpr/data-retention-policy.md. Short version:
- Account: until you delete it
- Sent emails: 12 months, then anonymised
- Anonymised pool: indefinite (no longer personal data per Recital 26)
- Audit logs: 7 years (legal requirement)
Your rights
- Access your data — admin DSAR via support
- Export your data — admin export via support
- Delete your account —
Settings → Privacy & data → Delete account - Withdraw consent — disconnect Google services in Settings
- Lodge a complaint with your local data-protection authority
Contact
hello@walcoll.com