Privacy Policy

We collect several types of information in connection with the services we provide:

Information you provide directly: When you create an account, fill out a form, or communicate with us, we collect information such as your name, email address, phone number, company name, job title, and payment information.

Usage data: We automatically collect information about how you use our platform, including pages visited, features used, search queries, campaign data, and interaction logs. This includes IP addresses, browser type, device information, and referring URLs.

Lead and contact data: As part of our core service, we process business contact information that you search for, import, or enrich through our platform. This includes professional email addresses, phone numbers, job titles, company information, and firmographic data.

Third-party data: We may receive information about you from third-party sources, including data brokers, social networks, and public databases, which we use to enrich our contact database.

We use the information we collect for the following purposes:

Service delivery: To provide, maintain, and improve our platform, process transactions, and fulfill our contractual obligations to you.

Communication: To send you service-related emails, product updates, marketing communications (with your consent), and respond to your inquiries.

Analytics and improvement: To understand how our services are used, identify trends, debug technical issues, and improve our products and data quality.

Legal compliance: To comply with applicable laws and regulations, including data protection laws in Indonesia, Singapore, the European Union (GDPR), and California (CCPA).

Security: To detect, prevent, and address technical issues, fraudulent activity, and abuse of our services.

Personalization: To tailor your experience on our platform based on your usage patterns and preferences.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service providers: We engage trusted third-party companies to perform functions on our behalf, such as hosting, payment processing, email delivery, and analytics. These providers are bound by confidentiality agreements and are not permitted to use your data for any purpose other than providing services to us.

Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website before your personal data is transferred and becomes subject to a different privacy policy.

Legal requirements: We may disclose your information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Funnelyn, our customers, or others.

Aggregated data: We may share aggregated, anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

We use cookies, web beacons, and similar tracking technologies to operate and improve our services.

Essential cookies: Required for the platform to function. These include session authentication tokens and security cookies.

Analytics cookies: We use services like Google Analytics to understand how visitors use our site. These cookies collect information anonymously.

Marketing cookies: With your consent, we use cookies to measure the effectiveness of marketing campaigns and retarget visitors across the web.

Third-party cookies: Some features of our platform embed content or tools from third parties (e.g., HubSpot forms, LinkedIn Insight Tag) that may set their own cookies.

You can control cookies through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of our services.

Depending on your location, you may have the following rights regarding your personal data:

Right to access: You can request a copy of the personal data we hold about you.

Right to rectification: You can request that we correct inaccurate or incomplete data.

Right to erasure: You can request that we delete your personal data ("right to be forgotten") subject to certain limitations.

Right to restriction: You can ask us to limit how we use your data while a dispute is pending.

Right to data portability: You can receive your data in a structured, machine-readable format.

Right to object: You can object to processing based on legitimate interests or for direct marketing.

CCPA rights: California residents have additional rights including the right to know, right to delete, and right to opt-out of the sale of personal information.

To exercise any of these rights, please contact us at privacy@funnelyn.io. We will respond within 30 days.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

Account data is retained for the duration of your account plus 12 months after deletion to facilitate re-registration and for legal purposes.

Usage logs are retained for 90 days for security and debugging, after which they are anonymized or deleted.

Payment records are retained for 7 years in accordance with financial recordkeeping requirements.

Contact database records are refreshed every 90 days. Stale records are removed or updated based on verification status.

When data is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

- All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- Access to production systems is restricted to authorized personnel and requires multi-factor authentication.
- We conduct regular security audits and penetration testing.
- Our infrastructure is hosted on SOC 2 Type II certified providers.
- We maintain an incident response plan and will notify affected users within 72 hours of a confirmed data breach.

Despite these measures, no security system is impenetrable. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorized access to your account.

Funnelyn operates globally. Your information may be transferred to and processed in countries other than your country of residence, including Indonesia, Singapore, the United States, and European Union member states.

For transfers from the European Economic Area (EEA) to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

For transfers from other jurisdictions, we implement appropriate safeguards in accordance with applicable data protection laws, including obtaining your consent where required.

By using our services, you acknowledge that your data may be transferred internationally as described in this policy.

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@funnelyn.io and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

- Post the revised policy on this page with an updated "Last updated" date.
- Send an email notification to registered users at least 30 days before the changes take effect (for material changes).
- In some cases, request your consent to the updated policy.

Your continued use of our services after the effective date of an updated policy constitutes acceptance of the changes.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact our Data Privacy team:

Email: privacy@funnelyn.io
Postal address: Funnelyn, Jl. Sudirman No. 123, Jakarta Selatan, DKI Jakarta 12190, Indonesia

For GDPR-related inquiries from EU residents, you may also contact our EU Data Protection Representative or lodge a complaint with your local supervisory authority.

We will respond to all inquiries within 30 days.