Privacy Policy

Last updated: March 4, 2026

1. Introduction

ProspectAI ("we," "us," or "our") operates the ProspectAI platform accessible at prospectai-dp5gqwbn.manus.space (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

  • Account registration details (name, email address) via Manus OAuth.
  • Lead data you enter or import into the platform (business names, contact details, notes).
  • Campaign content, outreach messages, and sequence templates you create.
  • Payment information processed securely by Stripe (we do not store card numbers).
  • Communications you send to our support team.

2.2 Information Collected Automatically

  • Log data: IP address, browser type, pages visited, timestamps, and referring URLs.
  • Usage data: features accessed, search queries entered, and actions taken within the platform.
  • Cookies and similar tracking technologies (see Section 6).

2.3 Information from Third Parties

  • Business data retrieved from Google Places API when you run a lead discovery search. This data is sourced from Google's public business listings and is not stored permanently unless you explicitly save a lead.
  • Authentication data from Manus OAuth (open ID, display name, email).

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process transactions and send related billing information.
  • Generate AI-powered outreach sequences and lead analyses on your behalf.
  • Send transactional emails (receipts, account notices, campaign alerts).
  • Respond to support requests and troubleshoot issues.
  • Monitor and analyze usage patterns to improve the Service.
  • Detect, prevent, and address fraud, abuse, or security incidents.
  • Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance — processing necessary to deliver the Service you have subscribed to.
  • Legitimate interests — improving the Service, preventing fraud, and ensuring security.
  • Legal obligation — complying with applicable laws and regulations.
  • Consent — where we have asked for and received your explicit consent (e.g., marketing emails).

5. Data Sharing and Disclosure

We may share your information with:

  • Stripe — for payment processing. Stripe's privacy policy governs data shared with them.
  • Google — lead discovery queries are sent to Google Places API. No personal user data is transmitted.
  • Manus platform — authentication and AI inference services that power the platform.
  • Law enforcement or regulators — when required by applicable law, court order, or governmental authority.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. Cookies

We use session cookies to maintain your authenticated state after login. These cookies are HttpOnly, Secure, and SameSite=Strict. We do not use third-party advertising cookies. Analytics data is collected in aggregate and does not identify individual users.

You may disable cookies in your browser settings, but doing so will prevent you from logging in to the Service.

7. Data Retention

We retain your account data for as long as your account is active. Lead data, campaigns, and outreach sequences are retained until you delete them or close your account. After account closure, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes, which may be retained for up to 7 years).

8. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we limit how we process your data.
  • Objection — object to processing based on legitimate interests.
  • Opt-out of sale (CCPA) — California residents may opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at the address in Section 12. We will respond within 30 days (or 45 days where permitted by law).

9. Data Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, HttpOnly session cookies, rate limiting, CSRF protection, and prompt injection prevention on all AI inputs. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the support channel available in your account dashboard. We aim to respond to all privacy inquiries within 5 business days.

HomePricingTerms of ServicePrivacy Policy