Privacy Policy

1. Introduction

mbAI LLC ("we," "us," or "our") operates Touchpoint Network Intelligence ("Touchpoint" or "the Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. We are committed to protecting your privacy and handling your data transparently.

By using Touchpoint, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, LinkedIn profile URL, and password (or OAuth credentials via Google/Microsoft)
• Contact Data: Contact records you import, create, or manage, including names, email addresses, phone numbers, company information, job titles, and notes
• Communication Data: Messages, notes, and interaction logs you create within the Service
• Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
• Support Communications: Information you provide when contacting our support team

2.2 Information from Third-Party Integrations

• LinkedIn: Connection data, profile information, and professional details imported via CSV upload or API integration
• Google: Contact information and profile data when you connect Google Contacts or sign in via Google OAuth
• Microsoft: Profile information when you sign in via Microsoft Entra ID
• Apify: Enriched professional data obtained through our enrichment services
• SalesRobot: Campaign and outreach data when you connect your SalesRobot account

2.3 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and session duration
• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies: Session cookies for authentication and preference cookies for user settings (see Section 8)

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve Touchpoint, including contact management, AI-powered features, and integrations
• AI Processing: To power Pulse AI buyer intent detection, lead scoring, ICP matching, and contact enrichment
• Account Management: To create and manage your account, process payments, and communicate about your subscription
• Communication: To send service-related notifications, updates, security alerts, and support messages
• Analytics: To understand usage patterns, diagnose technical issues, and improve the Service
• Security: To detect, prevent, and address fraud, abuse, and security incidents
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. AI Data Processing

Touchpoint uses artificial intelligence services provided by Anthropic (Claude) and OpenAI to deliver features such as lead scoring, buyer intent analysis, and contact enrichment. When processing your data through these services:

• Data is transmitted securely using encryption in transit (TLS 1.2+)
• We only send the minimum data necessary for the specific AI function
• Your data is not used to train general-purpose AI models
• AI providers process data under our data processing agreements and are prohibited from using your data for their own purposes
• AI-generated outputs (scores, recommendations, insights) are stored within Touchpoint and subject to this Privacy Policy

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Third-party vendors who assist in operating the Service (hosting, payment processing, email delivery, analytics, AI processing) under contractual data protection obligations
• Third-Party Integrations: When you connect external services (LinkedIn, SalesRobot, Google, etc.), data is shared as necessary to enable the integration
• Legal Requirements: When required by law, subpoena, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With Your Consent: When you explicitly authorize sharing

Key Service Providers

6. Data Retention

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure password hashing using bcrypt
• OAuth 2.0 for third-party authentication
• Regular security audits and vulnerability assessments
• Role-based access controls for internal systems
• Security headers (HSTS, X-Frame-Options, CSP) on all endpoints
• Automated monitoring and alerting via Sentry

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

Touchpoint uses the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Preference Cookies: Store your settings such as theme preference and sidebar state
• Analytics Cookies: Help us understand usage patterns (only with your consent)

We do not use third-party advertising cookies or trackers. You can manage cookie preferences through the consent banner displayed on your first visit. You may also control cookies through your browser settings.

9. Your Rights

9.1 All Users

Regardless of your location, you have the right to:

• Access and export your personal data
• Correct inaccurate information
• Delete your account and associated data
• Opt out of non-essential communications

9.2 GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you additionally have the right to:

• Object to processing based on legitimate interests
• Restrict processing of your data
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent at any time
• Lodge a complaint with your local supervisory authority

Our legal bases for processing are: contract performance, legitimate interests (service improvement, security), consent (marketing, analytics cookies), and legal obligations.

9.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@touchpointconsulting.co or use the settings in your account dashboard. We will respond within 30 days (or as required by applicable law).

10. International Data Transfers

Touchpoint is operated from the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States. We ensure appropriate safeguards for international transfers through Standard Contractual Clauses (SCCs) and data processing agreements with our service providers.

11. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data: