Privacy, Unstuck style

1.1. This Privacy Policy describes how Unstuck Engine ("Unstuck," "we," "us") collects, uses, shares, and protects personal information in connection with the website at https://unstuckengine.com, the Unstuck Engine product surfaces (the Web UI, APIs, CLI, and MCP Server), and any related materials (collectively, the "Services").

1.2. This Policy applies to (a) prospects and visitors to the Website; (b) Unstuck customers and their authorized users; and (c) third parties whose information may appear in Customer Data uploaded to or generated by the Services.

2.1. Account Data. When you create an account or contact us, we collect identifiers you provide directly, such as first name, last name, email address, company name, job title, and (if applicable) billing address.

2.2. Usage Data. When you use the Website or the Services, we automatically collect technical and behavioral data, including IP address, browser type, operating system, device identifiers, pages and screens viewed, features used, request latency, and error events.

2.3. Customer Data. When you use the Services, you upload to or generate within the Services data about your prospects, customers, and accounts ("Customer Data"), including signals, leads, companies, ICP and persona definitions, scores, and enrichment results. Customer Data may include personal data of third parties.

2.4. Cookies and Similar Technologies. We use cookies, local storage, and pixel-style beacons to operate the Website and the Services. Details are set out in Section 5 (Cookies & Tracking).

3.1. Service Delivery. We use Account Data and Customer Data to provision your account, authenticate users, route API requests, run signal qualification, enrichment, and other product functions you invoke.

3.2. Product Operations and Improvement. We use Usage Data — and only Usage Data — to monitor reliability, debug errors, prioritize roadmap work, and measure feature adoption.

3.3. Communication. We use Account Data to send transactional messages (billing, security, account changes), respond to support requests, and — only with appropriate consent — to send marketing communications you can unsubscribe from at any time.

3.4. Security and Compliance. We use information as necessary to detect and prevent abuse, fraud, and security incidents, and to comply with our legal obligations.

3.5. We do not use Customer Data to train, fine-tune, or otherwise improve any machine learning model, whether ours or any third party's, except as strictly necessary to generate a single response to your request.

4.1. We do not sell personal information for monetary consideration, and we do not engage in "sharing" of personal information for cross-context behavioral advertising as that term is defined under the California Consumer Privacy Act (CCPA). The Website and the product surfaces (Web UI, APIs, CLI, and MCP Server) do not load third-party advertising or retargeting pixels, and Customer Data is never shared with advertising platforms.

4.2. Service Providers (Sub-processors). We share information with vetted third-party providers who process data on our behalf to operate the Services. Current categories include: cloud hosting and edge runtime; database and authentication; product analytics; payment processing; transactional email; AI and large language model providers; and third-party data providers used in the enrichment waterfall (see the Terms of Service, Section 6).

4.3. Each sub-processor is contractually required to use the information only to perform the services we engage them for, and to apply security and confidentiality controls at least as protective as those described in this Policy.

4.4. Customer Account Members. Information you submit may be visible to other authorized users in your Unstuck account, depending on the permissions you grant them.

4.5. Legal and Safety. We may disclose information when required by law (subpoena, court order, regulator request) or when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our customers or others.

4.6. Corporate Transactions. In a merger, acquisition, financing, or sale of assets, information may be transferred to the surviving or acquiring entity, subject to commercially reasonable confidentiality obligations.

4.7. Aggregated or Anonymized Data. We may share aggregated or anonymized statistics that do not identify any individual or organization.

5.1. We use the following categories of cookies and similar technologies on the Website: (a) Strictly Necessary — required for login, session management, and security; (b) Analytics — first-party product analytics (currently provided by PostHog and Vercel Analytics) used to understand which pages and features are used and to improve the product; (c) Preferences — used to remember settings such as theme. The Website does not load third-party advertising or retargeting pixels.

5.2. The product surfaces (Web UI, APIs, CLI, and MCP Server) do not load advertising or third-party tracking pixels. Customer Data is never accessed by advertising platforms.

5.3. You can opt out of Analytics cookies by enabling the Global Privacy Control (GPC) signal or the Do Not Track header in your browser — we honor both, and our analytics provider stops capturing automatically when either is set. You can also manage cookies directly via your browser settings. Disabling Strictly Necessary cookies will prevent the Services from functioning correctly.

6.1. Account Data is retained for the lifetime of your account and for a reasonable period after termination as required by law or for the resolution of disputes.

6.2. Customer Data is deleted within thirty (30) days of account termination, as set out in the Terms of Service (Section 5), except where retention is required by law.

6.3. Usage Data is retained in identifiable form for up to twenty-four (24) months and thereafter only in aggregated or anonymized form.

6.4. Backups containing personal data are retained on a rolling basis and are overwritten or destroyed in accordance with our backup rotation schedule.

7.1. Subject to applicable law (including GDPR, UK GDPR, and CCPA), you have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate or incomplete information; (c) request deletion of your personal information; (d) request a portable copy of your information in a commonly used machine-readable format; (e) object to or restrict certain processing; and (f) withdraw any consent you have previously given.

7.2. To exercise these rights, email run@unstuckengine.com from the address associated with your account, or — if you are a data subject whose information we process on behalf of an Unstuck customer — contact that customer directly. We respond to verified requests within thirty (30) days.

7.3. You also have the right to lodge a complaint with the data protection authority in your jurisdiction.

7.4. California Residents (CCPA). California residents have additional rights, including the right to know what personal information has been collected, sold, or shared in the past twelve (12) months, and the right to opt out of sale or sharing. We do not sell personal information for monetary consideration, and we do not engage in "sharing" for cross-context behavioral advertising — no retargeting pixels run on the Website or the product. To exercise CCPA rights or ask questions, email run@unstuckengine.com.

8.1. Unstuck Engine is established in the United States. By default, Customer Data is processed on infrastructure that we operate in the United States.

8.2. Where we transfer personal data of EU/EEA, UK, or Swiss data subjects out of those jurisdictions, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum.

8.3. Customers requiring EU-only data residency or other specific transfer arrangements should contact us before signing.

9.1. We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest, role-based access control, audit logging, and regular review of vendor security posture.

9.2. No method of transmission or storage over the internet is 100% secure. We cannot guarantee absolute security, but we work to detect, contain, and notify of incidents in line with applicable law and our customer agreements.

10.1. The Website and the Services may contain links to third-party websites or services we do not control. This Policy does not apply to those properties; review their privacy policies before providing personal information.

11.1. The Services are not directed to individuals under the age of 18 and we do not knowingly collect personal information from children. If we learn that we have collected such information, we will delete it.

12.1. We may update this Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, where appropriate, by notice on the Website or to the email address on file.

12.2. Your continued use of the Website or the Services after the effective date of any change constitutes your acceptance of the updated Policy.

13.1. Questions, requests, or complaints about this Policy or your personal information may be directed to run@unstuckengine.com.