PRIVACY POLICY

Effective: March 8, 2026 | Entity: Vectorout | Jurisdiction: Finland | Contact: hi@vectorout.com

1. What We Collect

We collect the following information when you interact with vectorout.com and use our Done-With-You services:

• Contact Information: Name, email address, and company name when you book a strategy call via Cal.com or contact us.
• Billing Information: Billing address and payment details processed securely through our payment provider when you pay the setup fee or monthly retainer.
• Infrastructure & Setup Data: Information required to build your outbound engine, including target audience criteria (ICP), company value propositions, case studies, and API keys for your CRM and email tools.
• Usage Data: Pages visited, time on site, and interaction patterns via Google Analytics (GA4). IP addresses are anonymized.
• Cookies: Analytics and advertising cookies activated only after you consent via the cookie banner.

2. Why We Collect It

We process your data under the following legal bases (GDPR Article 6):

• Contract Performance: To process your €3,333 setup fee, schedule meetings, build your custom AI SDR infrastructure, and provide ongoing technical maintenance.
• Legitimate Interest: To understand how visitors interact with our website to improve our services and marketing efforts.
• Consent: Analytics and advertising cookies are placed only after you explicitly consent.

3. How We Use Your Data

• Building and configuring your custom outbound infrastructure (domains, mailboxes, Instantly setup).
• Training your dedicated AI models (Anthropic Claude) on your specific business data, tone of voice, and case studies.
• Processing one-time setup fees and recurring monthly maintenance retainers.
• Scheduling strategy and onboarding calls.
• Measuring ad performance and website traffic to understand campaign effectiveness.
• We do not sell your data or use it for any purpose beyond delivering our services and improving our website.

4. Who Processes Your Data

We use the following third-party infrastructure providers to deliver our services. Each operates under agreements that meet GDPR requirements:

• Anthropic (Claude): For processing AI commands and drafting outbound sequences. We explicitly configure our APIs so your proprietary data is not used to train their public models.
• Instantly / Limitless: For email sending infrastructure and deliverability monitoring.
• Stripe: For secure payment processing.
• Cal.com: For meeting scheduling.
• Google Analytics (GA4) & Ads: For site analytics and paid advertising tracking.
• Vercel: For website hosting.
• Google Workspace: For internal email and document communications.

5. International Data Transfers

Some of our processors operate outside the European Economic Area (EEA). All international data transfers are strictly protected by the EU-US Data Privacy Framework (DPF) adequacy decisions or Standard Contractual Clauses (SCCs) where required by law.

6. Cookies

• Necessary cookies: None. The core website functions without cookies.
• Analytics & Advertising cookies: Placed only after you consent via the cookie banner. They track anonymized usage data and ad performance. They expire after 14 months.

You can withdraw your consent at any time by clearing your browser cookies.

7. How Long We Keep Your Data

• Client Infrastructure Data: Retained for as long as you maintain an active monthly retainer with Vectorout. If you cancel your retainer, your specific configuration data and API connections are securely deleted within 30 days.
• Billing Data: Retained for 7 years to comply with Finnish accounting and tax laws.
• Meeting Data: Retained for 12 months after the meeting, then deleted.
• Analytics Data: Retained by Google Analytics for 14 months, then automatically deleted.

8. Your Rights

Under the GDPR, you have the right to:

• Access the data we hold about you.
• Rectify inaccurate data.
• Erase your data (Right to be Forgotten).
• Restrict or object to processing based on legitimate interest.
• Withdraw consent for cookies at any time.
• Lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu.fi) if you believe your rights have been violated.

To exercise any of these rights, contact hi@vectorout.com. We will respond within 30 days.

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify the affected individuals and the Finnish Data Protection Ombudsman within 72 hours of becoming aware of the breach.

10. Client Lead Data & Data Processing Agreement (DPA)

When Vectorout builds your outbound infrastructure, your system will process the personal data of your sales prospects (B2B leads). In this relationship, you are the Data Controller and Vectorout acts as the Data Processor managing the technical routing. A comprehensive Data Processing Agreement (DPA) outlining our security measures for handling your prospect data is included in our standard client onboarding contract.