← Back to Prospectr

Privacy Policy

Last updated: 18 April 2026

Prospectr (“we”, “us”, “our”) operates the platform at prospectr.app. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

By using Prospectr, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our service.

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and password. Authentication is handled securely through Supabase Auth.

Profile Data

You may optionally provide additional profile information including your company name, website URL, phone number, and avatar image.

Usage Data

We collect information about how you use the service, including searches performed, audits run, emails sent through the platform, and features used. This helps us improve the product and provide usage-based analytics within your account.

Payment Data

Payments are processed by Whop. We do not store your credit card number or full payment details on our servers. Whop handles all payment processing in accordance with their own privacy policy and PCI-DSS compliance requirements.

Gmail Data

If you choose to connect your Gmail account, we collect and store the following:

  • Your Gmail email address
  • OAuth tokens (encrypted at rest using AES-256-GCM) required to send emails on your behalf
  • Email send logs (recipient address, subject line, timestamp, and delivery status) for emails you send through Prospectr

2. Google API Services — Gmail Integration Disclosure

Prospectr's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope of Access

We request two Gmail OAuth scopes:

  • gmail.send -- to send emails that you explicitly compose and initiate through the Prospectr interface.
  • gmail.readonly -- to read replies to emails you sent through Prospectr, so you can view and respond to conversations within the app.

We only read message threads that originated from emails sent via Prospectr. We do not scan, index, or access any other emails in your inbox.

What We Do NOT Do With Gmail Data

  • We only read replies to emails you sent through Prospectr. We do not scan, index, or read any other emails in your inbox.
  • We do not access your Gmail contacts, drafts, labels, or email history.
  • We do not analyse, mine, or profile any Gmail data for any purpose beyond sending emails and reading replies to those emails.
  • We do not share Gmail data with any third party.
  • We do not use Gmail data for advertising, marketing, analytics, market research, or any form of tracking.
  • We do not use Gmail data for AI model training, machine learning, or any automated decision-making.

Reply Data

When you connect Gmail with reply tracking enabled, Prospectr periodically checks for replies to emails you sent through our platform. We store:

  • The sender's email address and name
  • The reply subject line
  • The first 500 characters of the reply body
  • The timestamp when the reply was received

Reply data is retained for 90 days from the date received, then automatically and permanently deleted. We do not store full email bodies, attachments, or any data from emails you did not send through Prospectr.

Token Storage and Security

Gmail OAuth tokens are encrypted using AES-256-GCM before being stored in our database. Tokens are only decrypted at the moment an email send or inbox read request is processed, and are never logged or exposed in plaintext.

Revoking Gmail Access

You can disconnect your Gmail account at any time from the Settings page within Prospectr. When you disconnect:

  • All stored reply data is permanently deleted from our systems within 24 hours. The OAuth token is revoked with Google immediately.
  • Your OAuth tokens are immediately and permanently deleted from our systems.
  • Reply monitoring stops immediately.
  • No further emails can be sent through your Gmail account via Prospectr.

You may also revoke access directly from your Google Account permissions page.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Prospectr platform
  • Authenticate your identity and secure your account
  • Send emails on your behalf when you use the email feature
  • Process payments and manage your subscription
  • Send service-related communications (e.g. account confirmations, policy updates)
  • Monitor and resolve errors and technical issues via anonymous error tracking
  • Generate aggregated, anonymised analytics to improve the service

4. Data Sharing and Third-Party Services

We do not sell your personal data. We share data only with the following service providers, solely to operate the platform:

  • Supabase— database hosting and user authentication
  • Anthropic— AI-powered business analysis. We send only publicly available business website content to Anthropic for analysis. No personal user data is sent.
  • Google Places API— business search and location data
  • Whop— payment processing and subscription management
  • Vercel— application hosting and deployment
  • Sentry— anonymous error monitoring and performance tracking. No personally identifiable information is intentionally sent to Sentry.

Each third-party provider processes data in accordance with their own privacy policy and applicable data protection laws.

5. Cookies and Tracking

  • Essential cookies: We use cookies set by Supabase for authentication and session management. These are strictly necessary for the service to function.
  • No advertising cookies: We do not use any third-party advertising or marketing cookies.
  • Error tracking: Sentry collects anonymous error data to help us fix bugs and improve reliability. This does not include personal information.

6. Data Retention

  • Account data: Retained for as long as your account is active. Deleted when you delete your account.
  • Gmail OAuth tokens: Deleted immediately when you disconnect your Gmail account or delete your Prospectr account.
  • Usage logs: Retained for 12 months for service improvement, then automatically deleted.
  • Email send logs: Retained for 12 months to provide you with sending history, then automatically deleted.

7. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of sensitive data at rest (AES-256-GCM for OAuth tokens)
  • Encryption of data in transit (TLS/HTTPS)
  • Row-level security policies in our database
  • Regular security reviews of our codebase

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Delete your personal data by deleting your account
  • Disconnect Gmail at any time from your Settings page, which immediately revokes access and deletes stored tokens
  • Export your data in a portable format
  • Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at tombeenham@gmail.com. We will respond to data requests within 30 days.

9. Children's Privacy

Prospectr is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you via email at the address associated with your account. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: