Privacy Policy

Last updated: May 1, 2026 · Effective: May 15, 2026

Datadek Inc. (“Datadek,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our website, platform, APIs, and related services (collectively, the “Services”). By using our Services, you consent to the practices described in this policy. If you are acting on behalf of an organization, you represent that you have the authority to bind that organization to this policy.

1. Scope and Applicability

This policy applies to personal information we collect:

  • Through our website at datadek.com and all subdomains
  • Through the Datadek audience intelligence platform and APIs
  • Through email, phone, and other communications with our team
  • Through events, webinars, and in-person meetings
  • From third-party sources such as data partners, marketing platforms, and publicly available sources

This policy does not apply to information that has been de-identified or aggregated such that it cannot reasonably identify an individual, or to third-party websites and services that we do not control.

2. Categories of Personal Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Account and Profile Data: Name, email address, phone number, job title, company name, company size, industry, and password credentials when you register for an account.
  • Billing and Payment Data: Credit card information, billing address, and transaction history. Payment card details are processed by our PCI-compliant payment processor and are not stored on Datadek systems.
  • Communications: Content of emails, chat messages, support tickets, and phone calls you exchange with us.
  • Marketing Preferences: Subscription preferences, email open and click activity, and event registration details.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages, search queries, and actions taken within the platform.
  • Device and Network Data: IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and time zone.
  • Cookie and Tracking Data: Information collected through cookies, web beacons, pixels, and similar technologies. See our Cookie Policy for details.

2.3 Information from Third Parties

  • Data Enrichment: Demographic and firmographic attributes from trusted data partners to supplement our business records.
  • Marketing and Sales Intelligence: Business contact information and company data from B2B data providers and public sources such as LinkedIn.
  • Integration Data: Data from third-party platforms you authorize us to connect to, such as CRMs, CDPs, and advertising platforms.

3. How We Use Your Information

We use personal information for the following purposes:

  • Service Delivery: To provide, operate, maintain, and support the Datadek platform and Services you have subscribed to.
  • Account Administration: To create and manage your account, process payments, send invoices, and provide customer support.
  • Product Improvement: To analyze usage patterns, diagnose technical issues, conduct research, and develop new features and products.
  • Communications: To send service-related announcements, security alerts, and administrative messages. With your consent, to send marketing communications, newsletters, event invitations, and product updates.
  • Personalization: To tailor the platform experience based on your preferences, usage history, and account configuration.
  • Security and Compliance: To detect and prevent fraud, abuse, and security incidents; to verify identity; to comply with legal obligations and enforce our terms.
  • Business Operations: For internal reporting, auditing, financial management, and strategic planning.

We process personal information on the following legal bases: performance of a contract, legitimate business interests (where not overridden by your rights), compliance with legal obligations, and your consent (where required by law).

4. How We Share and Disclose Information

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who perform services on our behalf, including cloud hosting (AWS), payment processing, email delivery, analytics, customer support, and identity verification. These providers are contractually bound to use your information only as necessary to provide services to us and to maintain confidentiality and security.

4.2 Business Partners

With your consent or at your direction, we may share information with integration partners you connect to your Datadek account (such as advertising platforms or CRM systems). You control these connections and can revoke them at any time.

4.3 Legal and Safety Disclosures

We may disclose information if we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, legal process, or governmental request; enforce our Terms of Service; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of Datadek, our users, or the public.

4.4 Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal information may be transferred to the successor entity. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

4.5 Aggregate and De-identified Data

We may share aggregate, de-identified, or anonymized data that does not identify any individual with third parties for research, marketing, analytics, and other business purposes.

5. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

5.1 Right to Know and Access

You have the right to request: the categories and specific pieces of personal information we have collected about you; the categories of sources from which we collected it; the business purpose for collecting it; and the categories of third parties with whom we have shared it. You may request this information twice in a 12-month period.

5.2 Right to Correction

You may request that we correct inaccurate personal information we maintain about you. You can update most account information directly in your platform settings or by contacting us.

5.3 Right to Deletion

You may request that we delete your personal information, subject to exceptions such as: completing a transaction you requested; detecting and preventing security incidents and fraud; complying with legal obligations; and making other internal uses compatible with the context in which you provided the information.

5.4 Right to Opt-Out

You may opt out of marketing communications at any time by clicking “unsubscribe” in any marketing email or by contacting us. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA).

5.5 Right to Data Portability

You may request a copy of your personal information in a structured, commonly used, machine-readable format. We will provide this within 30 days of verifying your request.

5.6 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge you different prices, or provide a different level of quality for exercising your rights.

5.7 How to Exercise Your Rights

To submit a privacy rights request, email privacy@datadek.com. We will verify your identity before processing your request, which may require confirming your name, email address, and relationship with Datadek. We will respond within 45 days. If we require more time, we will notify you of the reason and extension period.

5.8 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We will require written proof of the agent's authorization and may verify your identity directly with you.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide Services. Specific retention periods:

  • Account data: Retained for the life of your account plus 90 days after termination, after which it is securely deleted or anonymized.
  • Billing records: Retained for 7 years to comply with tax and accounting requirements.
  • Usage logs: Retained for up to 24 months in identifiable form, then aggregated or anonymized.
  • Marketing consents: Retained indefinitely unless withdrawn.
  • Support communications: Retained for 3 years after your last interaction.

When determining retention periods, we consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it; and applicable legal requirements.

7. International Data Transfers

Datadek is headquartered in the United States and has operations and service providers in multiple countries. Your personal information may be transferred to and processed in countries other than your own. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information across borders, we implement appropriate safeguards, including:

  • EU-U.S. Data Privacy Framework (DPF): Datadek is certified under the DPF and adheres to its principles for transfers from the European Economic Area, the United Kingdom, and Switzerland.
  • Standard Contractual Clauses (SCCs): For transfers not covered by the DPF, we rely on EU-approved SCCs incorporated into our Data Processing Agreements.
  • Binding Corporate Rules: For intra-company transfers, we maintain internal data protection standards approved by relevant supervisory authorities.
  • Transfer Impact Assessments: We conduct documented assessments for each cross-border data flow, evaluating the legal framework of the destination country and implementing supplementary measures where necessary.

8. Security

We implement and maintain industry-standard technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication for all production system access
  • Annual SOC 2 Type II audit
  • Continuous security monitoring and automated vulnerability scanning
  • Employee security training and background checks
  • Access controls based on the principle of least privilege, with quarterly access reviews
  • Incident response plan tested semi-annually

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable regulators as required by law.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete that information as quickly as possible. If you believe we may have information from or about a child under 16, please contact us at privacy@datadek.com.

10. California-Specific Disclosures

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • We have collected the categories of personal information described in Section 2 in the preceding 12 months.
  • We have disclosed personal information to service providers for business purposes as described in Section 4.
  • We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months.
  • We do not use or disclose sensitive personal information for purposes other than those specified in CCPA regulations.

California residents may exercise their rights as described in Section 5. You may also designate an authorized agent to make a request on your behalf.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this page with a revised “Last Updated” date
  • Provide notice through the platform or via email at least 14 days before the changes take effect
  • Obtain your consent where required by applicable law

Your continued use of the Services after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Datadek Inc.
100 Market Street, Suite 1200
San Francisco, CA 94105
United States

Email: privacy@datadek.com

EU and UK residents may also lodge a complaint with their local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.