Version 1.1 · Last updated: May 28, 2026
Prospector is operated by SiteForge Relations ("we," "us," "our"). We are the data controller for personal data collected through this platform.
Contact: privacy@prospector.app
Mailing address: privacy@prospectorsearches.com
This Policy explains how we collect, use, store, and share personal data when you use Prospector, and explains your rights regarding that data. It covers data we collect about our registered users ("Users") as well as data Users cause to be processed through the platform (e.g., business contact information used for outreach).
Prospector is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a minor, we will delete it promptly. If you believe a minor has created an account, contact us at privacy@prospector.app.
When you register, we collect your email address and a securely hashed password (we never store your plaintext password). We use this to authenticate you and communicate with you about your account.
Lawful basis (GDPR): Performance of a contract (Article 6(1)(b)).
If you provide your name, company name, and mailing address in your Sender Profile settings, we store and use that information to populate the footer of outreach emails you send through the platform, as required by CAN-SPAM law. You are responsible for the accuracy of this information.
Lawful basis (GDPR): Performance of a contract; legal obligation.
When you run a search, the platform retrieves publicly available business information — including business name, address, phone number, website URL, and review data — from Google Maps via SerpAPI. This data is stored in your account and is used solely to provide you with lead data. We do not independently source, sell, or share this data.
Lawful basis (GDPR): Legitimate interests (providing contracted services).
When you send an outreach email through Prospector, we store: the recipient email address, subject line, email body, timestamp, and delivery status. This data is retained in your account to provide you with a history of your outreach activity.
Lawful basis (GDPR): Performance of a contract.
Outreach emails sent through Prospector may include a single-pixel tracking image ("tracking pixel"). When the recipient opens the email, the pixel load records: the approximate time of opening, the recipient's IP address (which may indicate approximate location), and device/email client information. This data is attributed to your account and displayed in your outreach dashboard.
Recipient notice: We encourage Users to disclose tracking to recipients. Prospector does not itself provide disclosure to email recipients; this is the User's responsibility under applicable law.
Lawful basis (GDPR): Legitimate interests of the User (outreach performance measurement); Users are responsible for their own lawful basis for processing recipient data.
We track your monthly usage (number of searches, emails generated, emails sent) for plan enforcement and billing purposes. Payment processing is handled by Stripe; we do not store full payment card numbers. We retain billing records as required by law.
Lawful basis (GDPR): Performance of a contract; legal obligation.
We use the following types of cookies and local storage:
You can withdraw cookie consent at any time by clearing your browser storage. Essential cookies cannot be disabled without impairing platform functionality.
Our servers and infrastructure providers automatically collect technical data including IP addresses, browser type, referring URLs, and request timestamps. This data is used for security monitoring, abuse prevention, and platform diagnostics.
Lawful basis (GDPR): Legitimate interests (security and abuse prevention).
When you create an account, we record a timestamp and technical identifiers confirming your acceptance of our Terms of Service and Privacy Policy. This record is retained for the lifetime of your account and for 7 years after closure, as evidence of consent.
We do not sell your personal data to third parties. We do not use your data to train AI models. We do not use your outreach email content for any purpose other than providing the service.
When you use the AI email generation feature, data you provide (business name, website information, and your account context) is sent to Anthropic's Claude API to generate email drafts. This data is processed by Anthropic in accordance with their privacy policy and data processing agreement. We do not use your inputs to train Anthropic's models. Please do not include sensitive personal data in your AI generation prompts.
We share data with the following categories of service providers who process data on our behalf:
Each provider is bound by data processing agreements and/or standard contractual clauses where applicable. We only share data necessary for each provider to perform their contracted function.
Prospector is operated from the United States. Our service providers (Supabase, Vercel, Anthropic, Resend, Stripe) are US-based. If you access the platform from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, your data will be transferred to the US.
We rely on the following mechanisms for international transfers:
By using Prospector, you acknowledge that your data may be transferred to and processed in the United States, which may have different data protection standards than your home jurisdiction.
Depending on your location, you may have the following rights regarding your personal data. To exercise any right, email privacy@prospector.app from your registered address. We will respond within 30 days (or within the timeframe required by applicable law).
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
To exercise California rights, contact us at privacy@prospector.app. You may also designate an authorized agent to submit requests on your behalf.
To delete your account and personal data, email privacy@prospector.app from your registered address with the subject line "Account Deletion Request." We will confirm deletion within 30 days. Note that billing records and consent logs are retained as described in Section 8. Email addresses on the suppression list are retained to honor ongoing unsubscribe requests.
Note: A self-service deletion tool is on our product roadmap.
Every outreach email sent through Prospector includes an unsubscribe link. Clicking this link adds the recipient email address to a per-account suppression list. Once suppressed, that email address cannot receive further outreach from that Prospector account. Users are prohibited from circumventing suppression lists.
We implement reasonable technical and organizational measures to protect your data, including:
No system is 100% secure. We cannot guarantee the absolute security of your data. If you believe your account has been compromised, contact us immediately at security@prospector.app.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and, where required by law, notify relevant supervisory authorities within 72 hours of becoming aware of the breach. Notification will be sent to your registered email address.
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated Policy.
For privacy questions, data requests, or complaints:
Email: privacy@prospector.app
Mailing address: privacy@prospectorsearches.com
EEA and UK users have the right to lodge a complaint with their national supervisory authority if they believe we have processed their data unlawfully.