EnrichEazy.com logo EnrichEazy
Get Started Free

Legal

Privacy Policy

Last updated: June 24, 2026

This Privacy Policy ("Policy") explains how EnrichEazy.com ("EnrichEazy", "we", "us", or "our") collects, uses, discloses, and protects information when you visit enricheazy.com, use our web application at app.enricheazy.com, or otherwise interact with our B2B lead enrichment platform (collectively, the "Service").

EnrichEazy is a business-to-business software service. It is not intended for personal or household use, and it is not directed to children.

By creating an account or using the Service, you acknowledge that you have read this Policy. If you do not agree, do not use the Service.

1. Roles: who is responsible for what

Depending on the type of information involved, EnrichEazy may act as a data controller (we decide how and why certain information is processed) or as a data processor / service provider (we process information on behalf of a customer workspace).

  • Account and billing information (your name, email, workspace membership, subscription status, and similar account data): EnrichEazy is the controller.
  • Lead and enrichment data that you or your teammates upload, paste, or submit for enrichment (for example names, work emails, phone numbers, LinkedIn profile URLs, company names, job titles, and CSV uploads): your organization is the controller and EnrichEazy processes that data only to provide the Service according to your instructions.

If you submit a privacy request about lead data that your employer or another organization controls, we may direct you to that organization. We will still help where we are legally required to do so.

Business customers that require a Data Processing Agreement ("DPA") may request one at [email protected].

2. Information we collect

2.1 Information you provide

  • Account registration and profile: full name, email address, password (stored as a one-way hash), workspace role (owner, admin, or member), and optional display information.
  • Google sign-in: if you choose "Continue with Google", we receive authentication information from Google, including your Google account subject identifier and verified email address, to create or sign in to your account. We do not receive your Google password.
  • Email verification and password reset: one-time codes sent to your email address. We store hashed OTP values and expiry timestamps, not the codes themselves in plain text.
  • Team invitations: invitee email address, assigned role, invite status, and invitation tokens.
  • Lead data and enrichment inputs: information you submit for enrichment, including LinkedIn profile URLs, work emails, names, company names and domains, job titles, and optional columns in CSV bulk uploads.
  • Billing and promotions: plan selection, free plan status, credit usage and refunds, subscription identifiers from our payment partner (for example Dodo customer or subscription IDs), and lifetime deal redemption metadata (we store a hashed code reference, not your plaintext redemption code after activation).
  • Support and legal communications: information you send when contacting us.

2.2 Information generated by the Service

  • Enrichment outputs: contact details (such as work email and phone number), career fields (company, job title, experience), company size signals, and related enrichment metadata.
  • Lead scores: a numeric score and breakdown derived from enriched fields to help you prioritize leads within your workspace. Scores are automated business prioritization aids, not legal, credit, or employment decisions about individuals.
  • Batch and task records: enrichment batch names, task status, error messages, credit debits and refunds, and export history.
  • Provider audit records: logs of enrichment provider attempts (provider name, field phase, success or failure status, and normalized identifier keys) for reliability, support, and billing integrity.
  • Credit ledger: credit balances, grants, debits, and transaction reasons tied to your workspace.

2.3 Global enrichment cache (important)

To improve performance, reduce duplicate third-party lookups, and control provider costs, EnrichEazy maintains a cross-workspace enrichment cache ("Global Cache"). When enrichment succeeds, certain enriched contact and career fields may be stored in a deduplicated record keyed by a normalized LinkedIn URL or work email.

  • Global Cache records are not labeled with your workspace name in the cache table itself.
  • Future enrichment requests — including from other customers — may reuse fresh cached values instead of calling external providers again.
  • Cache freshness windows apply to some provider paths (for example approximately 30 days for certain LinkedIn career and contact cache skips, as configured in the Service).

We describe this because it affects how lead data flows through the Service. Your workspace still controls access to leads stored in your account; the Global Cache is an operational layer used to deliver enrichment results efficiently.

2.4 Information collected automatically

  • Technical and security logs: IP address, browser type, request timestamps, API access events, authentication events, error logs, and operational diagnostics.
  • Uploaded files: bulk CSV files you upload may be stored in cloud object storage (AWS S3) with a reference key linked to your enrichment batch for processing, re-processing, and download where enabled.
  • Session token in your browser: after sign-in, the web application stores an authentication token in your browser's localStorage to keep you signed in. This is functionally necessary for the app; we do not use it for cross-site advertising.

Our marketing website does not currently use third-party advertising or analytics cookies. Standard server and CDN logs may still be generated when you browse the site.

2.5 Information we do not intentionally collect

The Service is designed for B2B lead enrichment. Do not submit sensitive personal data categories such as government ID numbers, financial account details, health information, precise geolocation of individuals, or data about minors. If you submit prohibited categories, you do so at your own risk and in violation of our Terms.

3. How we use information

We use information to:

  • Provide, operate, maintain, and secure the Service
  • Authenticate users and manage workspace roles and invitations
  • Process enrichment requests and return results to your workspace
  • Calculate lead scores and power sorting, exports, and dashboards
  • Manage credits, free and paid plans, subscriptions, lifetime deal entitlements, and billing events
  • Send transactional emails (verification, password reset, team invites) via AWS SES
  • Monitor performance, debug failures, prevent abuse, and protect against fraud
  • Comply with law, enforce our Terms, and respond to lawful requests
  • Improve reliability and develop features (using aggregated or de-identified insights where feasible)

We do not sell personal information. We do not use customer lead data for cross-context behavioral advertising.

4. Legal bases (EEA, UK, and Switzerland)

Where GDPR or similar laws apply, we rely on the following legal bases:

  • Contract: processing necessary to provide the Service you request (account setup, enrichment, billing, support).
  • Legitimate interests: securing the Service, preventing abuse, maintaining the Global Cache, improving reliability, and communicating about the Service — balanced against your rights.
  • Legal obligation: where we must retain or disclose information to comply with applicable law.
  • Consent: where required (for example, if you opt in to optional communications). You may withdraw consent without affecting the lawfulness of processing before withdrawal.

For lead data you submit, your organization is responsible for establishing its own lawful basis (for example legitimate interest assessments or consent for outreach) under applicable privacy and marketing laws.

5. How we share information

We share information only as described below:

5.1 Service providers and subprocessors

We use trusted vendors that process information on our behalf under contractual obligations to protect it and use it only for our instructions. Current categories include:

  • Cloud infrastructure (Amazon Web Services): application hosting, databases (RDS/MySQL), queues (SQS), caching (ElastiCache/Redis), email delivery (SES), and file storage (S3), primarily in the United States (us-east-1).
  • Google: OAuth sign-in verification when you choose Google authentication.
  • Enrichment data providers: third-party APIs used to fulfill enrichment, which may include Apollo.io, Datagma, Prospeo, and Unipile (LinkedIn-related profile retrieval). These providers receive the identifiers you submit (such as work email or LinkedIn URL) as needed to perform lookups.
  • Payment processing: Dodo Payments for subscription checkout and billing webhooks when enabled.
  • Lifetime deal partners: redemption is validated in our systems; partners may receive limited account or entitlement information as part of the redemption relationship.

We may update subprocessors from time to time. Business customers with a DPA will be notified of material subprocessor changes as provided in that agreement.

5.2 Within your workspace

Lead data and enrichment results are visible to authenticated members of your workspace according to the roles and permissions you configure (owner, admin, member).

5.3 Legal and safety disclosures

We may disclose information if we believe in good faith that disclosure is necessary to comply with law, respond to valid legal process, protect the rights and safety of EnrichEazy, our customers, or others, or investigate fraud or security issues.

5.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality obligations.

6. International data transfers

EnrichEazy is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

Where required by law, we implement appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses or equivalent mechanisms with subprocessors. You may request more information about these safeguards at [email protected].

7. Data retention

We retain information only as long as necessary for the purposes described in this Policy, including:

  • Account data: for the life of your workspace and a reasonable period afterward to resolve disputes, enforce Terms, and meet legal obligations.
  • Lead and enrichment data in your workspace: until you delete leads, delete batches where applicable, or close your account. Deleted leads may be soft-deleted (hidden from the workspace UI) while remaining in backups for a limited period.
  • Global Cache: until updated by later enrichments or removed as part of operational maintenance. Cache entries are not tied to your account once merged into the Global Cache.
  • Uploaded CSV files: for as long as needed to process batches and provide auditability, unless deleted earlier through account closure or operational cleanup.
  • Billing and credit ledger records: as required for accounting, tax, and fraud prevention.
  • Security and provider logs: typically up to 90 days, unless a longer period is needed for security investigations or legal compliance.

Retention may be extended where required by law or to establish, exercise, or defend legal claims.

8. Security

We implement administrative, technical, and organizational measures designed to protect information, including access controls, encrypted connections (HTTPS/TLS), hashed passwords, hashed OTP values, role-based workspace permissions, and infrastructure isolation through our cloud provider.

No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and configuring team access appropriately.

If we become aware of a data breach affecting personal information that we are required to notify you about, we will do so consistent with applicable law.

9. Your rights and choices

9.1 All users

  • Access and update certain account profile information in the Service
  • Delete individual leads from your workspace (subject to in-progress enrichment constraints)
  • Export completed batch results as CSV where the feature is available
  • Manage team membership and roles
  • Sign out to remove the browser-stored authentication token
  • Contact us to request account closure or data deletion

9.2 EEA / UK / Switzerland (GDPR)

Subject to applicable law, you may have the right to:

  • Access a copy of personal information we control about you
  • Correct inaccurate information
  • Delete information ("right to erasure")
  • Restrict or object to certain processing
  • Data portability for information you provided in a structured, commonly used format
  • Lodge a complaint with your local supervisory authority

To exercise these rights, email [email protected]. We may need to verify your identity. We will respond within the timeframe required by law.

Requests relating to lead data controlled by your employer or another customer should usually be directed to that organization first; we will assist them as processor where applicable.

9.3 California (CCPA / CPRA)

If you are a California resident, you may have the right to:

  • Know the categories of personal information collected, sources, purposes, and disclosures
  • Access specific pieces of personal information we hold about you
  • Delete personal information, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of the "sale" or "sharing" of personal information — EnrichEazy does not sell or share personal information for cross-context behavioral advertising
  • Not receive discriminatory treatment for exercising privacy rights

Submit requests to [email protected]. We will verify requests as required by law. You may designate an authorized agent where permitted.

Categories collected (last 12 months): identifiers (name, email, account IDs); commercial information (plan, credits, billing metadata); internet or network activity (logs, device/browser data); professional information (job titles and business contact fields submitted for enrichment); inferences (lead scores). Sources: you, your teammates, your organization's submissions, service operation, and enrichment providers. Business purposes: provide the Service, security, billing, support, and compliance. Disclosures: service providers listed in Section 5.1.

9.4 Global Cache and data subject requests

If you are an individual whose professional contact details appear in enrichment results or the Global Cache and you wish to access, correct, or delete that information, contact [email protected]. We will review requests in light of our role (controller or processor), the instructions of our business customer, applicable law, and technical constraints. Removal from the Global Cache may not delete copies already exported by customers into their own systems.

10. Your responsibilities as a customer

To help us both comply with privacy laws, you agree that you will:

  • Submit lead data only where you have a valid legal basis and appropriate notices or consents under applicable law (including GDPR, UK GDPR, CAN-SPAM, ePrivacy, and local outreach rules)
  • Use enrichment results lawfully and not for spam, harassment, or discrimination
  • Not use the Service to process sensitive categories of personal data or data about children
  • Configure workspace access so only authorized teammates can view lead data
  • Inform your leads or data subjects where required, including that data may be sent to third-party enrichment providers and may be cached to deliver the Service

You are solely responsible for how you use enriched data after export. EnrichEazy does not guarantee that third-party provider data is accurate, complete, or current.

11. Automated processing and lead scoring

The Service automatically calculates a 0–100 lead score from enriched fields (such as data completeness, contact quality, title seniority, and company signals) to help your team prioritize outreach. This scoring does not produce legal or similarly significant effects on individuals on its own; it is an operational aid inside your workspace.

12. Third-party links and services

The Service may link to third-party sites (for example LinkedIn profile URLs you submit, Google sign-in, or payment checkout pages). Their privacy practices are governed by their own policies, not this Policy.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy on this page and update the "Last updated" date. Where required by law, we will provide additional notice (for example by email or in-product message). Continued use of the Service after changes become effective constitutes acknowledgment of the updated Policy.

14. Contact us

For privacy questions, data subject requests, or DPA inquiries:

If you are in the EEA or UK and believe we have not addressed your concern, you have the right to contact your local data protection authority.