Security & data
Built like we'd have to defend every row.
We're a data processor working on your behalf. Everything below is a mechanism, not a policy — enforced in code, written into the DPA your procurement team can read.
Raw IP addresses are never stored
Visitor IPs are one-way hashed with a secret unique to your account before anything touches a database. When you leave, that secret is destroyed — which mathematically shreds every visitor pseudonym we ever held for you.
Company-level only, by design
We tell you "Acme Roofing was on your site" — never "John from Acme." Person-level tracking was considered and rejected on purpose. There is no toggle to turn it on.
Enrichment waits for consent
Basic session analytics run on the same lawful basis as any web analytics. Company resolution and email hashing run only after your visitor consents — the tracker ships with consent off by default.
Your data is never pooled or resold
One client's visitor behavior is never combined with another's, never used to train models, and never sold. All intelligence flows one direction: into your CRM, your alerts, your ad accounts.
Deletion with a deadline
Erasure requests are honored within 30 days — sessions, companies, hashed identifiers, and anything pushed to your CRM connections. Not a support ticket that goes nowhere.
Breach notice within 72 hours
If something happens, you hear about it from us first — within 72 hours, in writing.
Retention — data ages out on a schedule
Subprocessors — the full list
Transport is TLS end to end. Secrets live in the platform secret store, never in code. Admin access is authenticated and audit-logged. Full terms in the Data Processing Addendum and Privacy Policy.
The offer
Free for 30 days. We do the work. You see the names.
We install it, run it, and show you exactly which companies are researching you. No setup fee. No salesperson hovering. Cancel anytime.
✓ If it doesn't surface buyers worth calling, you owe nothing.