1. Introduction

SalesDuo Pte. Ltd. ("we," "our," or "us") provides list-building and lead enrichment services. This Privacy Policy describes how we collect, use, disclose, and protect personal information in compliance with:

The General Data Protection Regulation (GDPR) for users in the European Economic Area
The Personal Data Protection Act 2012 (PDPA) for users in Singapore
The California Consumer Privacy Act (CCPA) for users in California
Other applicable data protection laws worldwide

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Services.

Data Controller: SalesDuo Pte. Ltd., 3012 Bedok Industrial Park E #02-2072, Singapore 489978, is the data controller responsible for your personal information.

2. Information We Collect

A. Information You Provide

We collect information you directly provide when you:

Create an account or purchase credits
Fill out forms on our website
Communicate with us via email or other channels
Subscribe to our newsletter or marketing communications

This may include your name, email address, company name, phone number, payment information, and any other information you choose to provide.

B. Information Collected Automatically

When you access our services, we automatically collect:

Device information: Browser type, operating system, device identifiers
Log data: IP address, access times, pages viewed, referring URLs
Cookies and similar technologies: Session data, preferences, authentication tokens

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage:

Essential Cookies: Required for core functionality such as authentication, session management, and security
Analytics Cookies: Help us understand how users interact with our Services to improve user experience
Advertising and Tracking Technologies: We use Meta Pixel and similar tracking technologies to measure advertising campaign effectiveness, understand user behavior, and deliver relevant advertisements

You can control cookies through your browser settings. You can also:

Adjust your ad preferences in your Meta account settings
Use browser settings to block tracking cookies
Opt out of interest-based advertising through industry opt-out tools

Note that disabling certain cookies may limit your ability to use some features of our Services.

C. Information from Other Sources

We may receive information about you from other sources, such as publicly available databases, marketing partners, or when you interact with our social media pages. We combine this with information we collect directly.

3. How We Use Your Information

We use collected information for the following purposes:

Provide Services: Process payments, manage credits, deliver our list-building services, and communicate with you
Improve and Develop: Understand usage patterns, develop new features, and enhance user experience
Communications: Send service updates, respond to inquiries, and provide customer support
Marketing: Send promotional materials and newsletters (with your consent)
Security and Fraud Prevention: Detect and prevent security incidents, abuse, and fraudulent activity
Legal Compliance: Comply with applicable laws, regulations, and legal processes
Business Operations: Conduct internal research, analytics, and maintain business records
Commercial Data Products: Create aggregated, anonymized datasets, market intelligence reports, and data products for commercial purposes
Advertising and Analytics: Create lookalike audiences, measure advertising effectiveness, and improve targeting (in hashed or encrypted formats)

4. Legal Basis for Processing (GDPR & PDPA)

We process your personal information based on the following legal grounds, as required by GDPR Article 6 and Singapore PDPA:

Legal Bases

Consent (GDPR Art. 6(1)(a), PDPA s.13): When you explicitly agree to our processing activities, such as marketing communications or optional data sharing
Contract Performance (GDPR Art. 6(1)(b), PDPA s.13(b)): To fulfill our contractual obligations when you purchase credits or use our Services
Legal Obligation (GDPR Art. 6(1)(c), PDPA s.13(b)): To comply with legal requirements, such as tax laws, financial regulations, or court orders
Legitimate Interests (GDPR Art. 6(1)(f), PDPA s.13(d)): For our business operations, fraud prevention, security, and service improvement, where these interests do not override your rights

Specific Processing Activities

Account creation and service delivery: Contract performance
Payment processing: Contract performance and legal obligation
Marketing communications: Consent (you can withdraw at any time)
Data analytics and service improvement: Legitimate interests
Security and fraud prevention: Legitimate interests and legal obligation
Commercial data products (aggregated/anonymized): Legitimate interests
Advertising and tracking: Consent (via cookie consent banner)

Consent Management

Where we rely on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal. To withdraw consent, contact us at privacy@salesduo.io.

5. How We Share Your Information

We may share your information in the following circumstances:

Service Providers

We share information with third-party vendors who perform services on our behalf, including:

Cloud hosting and infrastructure providers
Email delivery and communication services
Database and storage services
Customer relationship management platforms
Payment processing services (Stripe) for handling transactions and subscriptions

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Payment Processing

We use Stripe to process payments and manage subscriptions. When you make a purchase, your payment information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy. We do not store your complete credit card information on our servers. We receive limited information from Stripe, such as the last four digits of your card and transaction status, to manage your account and provide customer support.

Commercial Data Use and Monetization

We may use and share aggregated, anonymized data for commercial purposes, including:

Data Products: Creating and selling aggregated datasets, market intelligence reports, and industry benchmarks that do not identify individual users
Advertising Platforms: Sharing hashed or encrypted information with advertising platforms (such as Meta, Google) for targeted advertising, conversion tracking, and lookalike audience creation
Research and Analytics: Collaborating with partners to analyze trends and develop data-driven insights
Model Training: Using aggregated data to train AI and machine learning models for commercial applications

Important: Aggregated and anonymized data cannot be used to identify you personally. We do not sell personal information that directly identifies you (such as your name, email address, or phone number) to third parties without your explicit consent.

Legal Requirements and Protection

We may disclose information when required by law or when we believe disclosure is necessary to:

Comply with legal obligations, court orders, or government requests
Enforce our terms of service or other agreements
Protect the rights, property, or safety of SalesDuo, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

6. Data Retention

We retain different categories of personal information for varying periods based on their purpose and legal requirements:

Retention Periods

Account and Profile Data: Retained while your account is active and for 2 years after account deletion
Transaction and Payment Records: Retained for 7 years to comply with tax and financial regulations
Communication Records: Retained for 3 years for customer service and dispute resolution
Marketing Data: Retained until you opt out, then deleted within 30 days
Aggregated and Anonymized Data: Retained indefinitely for commercial and analytical purposes
Legal and Compliance Data: Retained as required by applicable law or until legal obligations expire

The criteria we use to determine retention periods include:

The duration of your relationship with us
Legal or regulatory requirements (tax, financial, data protection laws)
The need to resolve disputes or enforce agreements
Business operational needs and legitimate interests

When we no longer need your information, we securely delete or anonymize it in accordance with our data retention schedule and applicable laws.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Right of Access (GDPR Art. 15): Request a copy of your personal information and details about how we process it
Right to Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete information
Right to Erasure (GDPR Art. 17): Request deletion of your personal information under certain circumstances
Right to Data Portability (GDPR Art. 20): Receive your information in a structured, machine-readable format and transmit it to another controller
Right to Object (GDPR Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
Right to Restriction (GDPR Art. 18): Request restriction of processing under certain conditions
Right to Withdraw Consent (GDPR Art. 7): Withdraw previously given consent at any time (without affecting the lawfulness of processing based on consent before withdrawal)
Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@salesduo.io. We will respond within one month of receiving a valid request (or as required by applicable law). In complex cases, we may extend this period by an additional two months and will notify you of the extension.

We may need to verify your identity before processing certain requests to protect your privacy and security. You will not be discriminated against for exercising your privacy rights.

Consent Withdrawal

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

To withdraw consent for specific processing activities, contact us at privacy@salesduo.io with details of the consent you wish to withdraw.

Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email or by contacting us directly.

8. Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and monitoring
Access controls and authentication mechanisms
Employee training on data protection practices
Incident response procedures

While we take reasonable precautions, no security system is impenetrable. We cannot guarantee the absolute security of your information.

9. Data Breach Notification (PDPA & GDPR)

In accordance with the Singapore Personal Data Protection Act (PDPA) and GDPR, we have implemented procedures to detect, report, and investigate data breaches.

When We Notify

We will notify the relevant supervisory authority and affected individuals of a data breach when:

PDPA Requirements: The breach affects 500 or more individuals, OR the breach is likely to result in significant harm to affected individuals (identity theft, financial loss, damage to reputation, etc.)
GDPR Requirements: The breach is likely to result in a risk to the rights and freedoms of individuals

Notification Timeline

PDPC (Singapore): Within 3 calendar days of assessing that notification is required
GDPR Supervisory Authority: Within 72 hours of becoming aware of the breach
Affected Individuals: Without undue delay when the breach is likely to result in high risk to their rights and freedoms

What We Include

Data breach notifications will contain:

Description of the nature of the breach and categories of data affected
Approximate number of individuals and data records affected
Contact information for our Data Protection Officer
Likely consequences of the breach
Measures taken or proposed to address the breach and mitigate harm

If you suspect unauthorized access to your account or personal information, contact us immediately at privacy@salesduo.io.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

International Transfer Safeguards

When we transfer information internationally, we implement appropriate safeguards to ensure your information receives adequate protection:

GDPR Compliance: Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA
PDPA Compliance (Section 26): We ensure that recipients outside Singapore provide a standard of protection comparable to the PDPA through:
- Contractual obligations requiring equivalent data protection standards
- Verification that the recipient country has data protection laws substantially similar to Singapore's PDPA
- Your explicit consent for transfers where other safeguards are not available
Adequacy Decisions: Transfers to countries deemed to have adequate data protection by the European Commission or Singapore PDPC
Binding Corporate Rules: Where applicable, internal policies ensuring consistent data protection across our organization

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If we learn we have collected information from a child under 16, we will delete it promptly. If you believe we have collected information from a child, please contact us at privacy@salesduo.io.

12. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

Material Changes

For material changes that significantly affect your rights or how we process your personal information, we will provide at least 30 days' advance notice before the changes take effect. We will notify you by:

Updating the "Effective Date" at the top of this policy
Posting a prominent notice on our website
Sending you an email notification (if you have provided your email address)
Displaying an in-app notification (if applicable)

Non-Material Changes

For minor or non-material changes (such as clarifications, formatting updates, or administrative changes), we will update the "Effective Date" and post the revised policy on our website.

Your Acceptance

Your continued use of our Services after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue using our Services and contact us to close your account.

For users in the European Economic Area, if changes require new consent under GDPR, we will seek your explicit consent before applying the updated policy to your personal information.

14. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Your California Rights

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information for targeted advertising
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

Data Selling and Sharing Disclosure

Under California law, sharing certain information with advertising platforms for targeted advertising may be considered a "sale" or "sharing" of personal information. We share hashed or encrypted identifiers with advertising platforms (such as Meta, Google) for purposes that may qualify as sales or sharing under CCPA.

We do not sell personal information that directly identifies you (such as your name, email address, or precise contact information) to third parties. However, we do commercialize aggregated, anonymized data as described in this policy.

To opt out of data sharing for targeted advertising, contact us at privacy@salesduo.io with "Do Not Sell My Personal Information" in the subject line.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

Identifiers (name, email address, IP address)
Commercial information (purchase history, credit transactions, payment information)
Internet activity (browsing history, interactions with our website)
Professional information (company name, job title)

To exercise your California privacy rights, contact us at privacy@salesduo.io with the subject line "California Privacy Request."

15. Contact Us & Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries

privacy@salesduo.io

Data Protection Officer (DPO)

As required by Singapore PDPA and GDPR, our designated Data Protection Officer is responsible for ensuring compliance with data protection laws and serving as your point of contact for privacy matters.

dpo@salesduo.io

Mailing Address

SalesDuo Pte. Ltd.

Attn: Data Protection Officer

3012 Bedok Industrial Park E #02-2072

Singapore 489978

Supervisory Authority Complaints

If you believe we have not addressed your concerns appropriately, you have the right to lodge a complaint with the relevant supervisory authority:

European Economic Area: Your local data protection authority
Singapore: Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg
California: California Attorney General