Privacy Policy

Effective Date: 2025-09-08

1) Overview

This Privacy Policy explains how SalesBlaster collects, uses, discloses, and safeguards personal data in connection with the Services. We act as: (a) a business/controller for our own website operations and account data; and (b) a service provider/processor for Customer Data handled within customer workspaces.

2) Personal Data We Process

Identifiers (name, email, phone, account IDs), commercial information (plans, invoices, usage), internet/technical data (device, IP, logs), professional data (company, title), communications (emails/SMS/voice content, call recordings/transcripts), support messages, and inferences used to route or score engagement. We do not intentionally collect sensitive data (e.g., government IDs, precise geolocation, health/biometric templates). Customers should not submit PHI or children’s data.

3) Sources of Data

• You, your users, and your Subaccounts;
• Contacts you upload or sync from CRMs and other tools;
• Service providers and integrations;
• Publicly available sources (e.g., business websites, social profiles) when configured by you;
• Automatic collection via cookies, SDKs, and logs.

4) Purposes of Processing

To operate and secure the Services; provide AI‑powered outreach and analytics; maintain accounts and billing; route and sequence communications; detect abuse; comply with law; and improve the Services (including aggregate/de‑identified analytics). We do not use Customer Data for third‑party advertising or to build independent contact profiles.

5) Cookies & Tracking

We use strictly necessary cookies and may use analytics/performance cookies to understand product usage. You can control cookies via your browser settings.

6) Disclosures to Third Parties

We disclose personal data to service providers/subprocessors under written contracts limiting their use to our instructions, including: cloud hosting, telephony/messaging, email delivery, identity/auth, payments, analytics, error logging, LLM/AI providers. We may disclose data for legal compliance or in corporate transactions. We do not sell personal data and we do not share it for cross‑context behavioral advertising as defined by U.S. state privacy laws.

Illustrative subprocessors (subject to change; see Annex A): cloud infrastructure; email/SMS/voice providers; LLM API providers; payment processors; analytics and link‑tracking providers.

7) International Transfers

Where applicable, we rely on Standard Contractual Clauses and comparable transfer mechanisms. Primary processing occurs in the United States.

8) Data Retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical defaults: logs ~12 months; call recordings/transcripts configurable (suggested 3–24 months); billing and compliance records up to 7 years. Customers control retention of their Customer Data via settings and support requests.

9) Security

We employ reasonable safeguards (encryption in transit, access controls, least‑privilege, audits, vulnerability management, and incident response). If we become aware of a security incident involving Customer Data, we will notify impacted customers without undue delay consistent with applicable law and our contracts.

10) Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port personal data and to restrict or object to certain processing. For U.S. state laws (e.g., CA/CO/CT/VA/UT), you may also opt out of targeted advertising, sale, and certain profiling; we do not engage in those activities with Customer Data. Submit requests via privacy@salesblaster.ai. We will verify your request and respond within the statutory timeframe. You may designate an authorized agent as allowed by law. You may appeal a denial at support@salesblaster.ai.

11) Children’s Data

The Services are not directed to children under 16, and we do not knowingly collect their data. Do not submit children’s data.

12) Communications Preferences

Marketing emails include an unsubscribe link. For SMS, reply STOP to opt out and HELP for help. Operational or transactional messages may still be sent.

13) Processor Commitments (DPA Incorporated)

When processing Customer Data, we: (a) process only on documented instructions; (b) implement appropriate security; (c) assist with data‑subject requests; (d) notify you of subprocessors and obtain appropriate contractual protections; (e) assist with security incidents; and (f) delete or return Customer Data at the end of services. A detailed Data Processing Addendum (including SCCs where applicable) is incorporated by reference and available at https://salesblaster.ai/legal/dpa.

14) Changes

We may update this Policy; the Effective Date shows the latest revision. Material changes will be communicated via the product or email when feasible.

15) Contact

SalesBlaster AI, Inc.
Address: 101 Diamond D Club Rd, Spartanburg, SC 29302
Email: support@salesblaster.ai
Security/Vulnerability: security@salesblaster.ai

Annex A — Illustrative Subprocessor Categories & Examples

Keep this list accurate at https://salesblaster.ai/legal/subprocessors; examples below are for clarity.

• Cloud infrastructure & networking: (e.g., Microsoft Azure/Akamai, Hetzner, Cloudflare) — hosting, storage, CDN, DDoS mitigation.
• Email, SMS, voice & telephony: (e.g., Resend, Twilio/Vonage, Vapi/Retell) — sending/receiving, 10DLC, call routing.
• LLM/AI providers: (e.g., OpenAI, Anthropic, Google) — text, classification, summaries; no training on Customer Data without explicit opt‑in.
• Payments & billing: (e.g., Stripe/Stripe Connect) — subscriptions, usage metering, payouts.
• Product analytics, logging & monitoring: (e.g., Dub.co for link tracking, Highlight/Umami/ClickHouse/Countly/Sentry) — usage metrics, error logs.
• Authentication & identity: (e.g., SuperTokens/NextAuth) — login, MFA, sessions.
• CRM & enrichment connectors: (e.g., GoHighLevel, HubSpot, Salesforce, Apollo) — customer‑authorized sync.

Annex B — Jurisdictional Disclosures (Summary)

California (CPRA): We act as a "business" for our own website/account data and as a "service provider" for Customer Data. We do not sell or share personal information as defined by CPRA. Categories collected: identifiers; commercial data; internet activity; professional info; audio/visual communications; inferences. Rights include access, delete, correct, portability, limit use of sensitive PI (not collected), and non‑discrimination.

Colorado/Connecticut/Virginia/Utah: Similar rights to access, delete, correct, portability, and opt‑out; we do not sell or use for targeted advertising.

EEA/UK/Switzerland (GDPR/UK GDPR/FADP): Lawful basis typically performance of contract (to provide the Services) and legitimate interests (product security, usage analytics), or consent (where required by ePrivacy for cookies/marketing). Data transfers rely on SCCs/IDTA or equivalent. Data subject rights: access, rectify, erase, restrict, object, and portability; complaints to your local authority.

Earnings & Results Disclaimer (Marketing)

We make no guarantees of revenue, appointments, or conversions. Any performance claims are illustrative; your results depend on your inputs, model configuration, offer, market, compliance, and execution.