Privacy Policy

Last updated: 23rd April 2026

1. Background

1.1 This notice (Privacy Notice) tells you how we look after your personal data when you visit our website at https://prospectai.co (Website), where you are a prospective customer of our business, or where you are another type of business contact, such as a supplier or service provider to our business.

1.2 This notice sets out what information we collect about you, what we use it for and whom we share it with. It also explains your rights under data protection laws and what to do if you have any concerns about your personal data.

1.3 We may sometimes need to update this Privacy Notice to comply with new business practices or legal requirements. You should check this Privacy Notice regularly to see whether any changes have occurred.

2. Who We Are and Other Important Information

2.1 We are Prospect Ai LTD, registered in England and Wales with company number 14809013 with our registered address at Prospect Ai Ltd, 124 City Road, London, EC1V 2NX (we, us or our).

2.2 For all visitors to our Website we are the controller of your information (which means we decide what information we collect and how it is used).

2.3 We are registered with the Information Commissioner's Office (ICO), the UK regulator for data protection matters, under number ZB629188.

3. Contact Details

3.1 If you have any questions about this Privacy Notice or the way that we use information, please get in touch using the following details:

Email: kanoj@prospectai.co

4. Use of Google API Services

4.1 Our application integrates with Google API Services, including the Gmail API and Google Calendar API. This section explains specifically how we access, use, store, and share data obtained through these APIs.

4.2 Data Accessed via Google APIs

Through the Gmail API and Google Calendar API, we may access the following data on your behalf:

  • Email messages and metadata (subject, sender, recipient, timestamps) via the Gmail API
  • The ability to send emails on your behalf via the Gmail API
  • Calendar events, including titles, dates, times, attendees, and descriptions via the Google Calendar API
  • The ability to create and edit calendar events on your behalf via the Google Calendar API

4.3 Purpose of Access

We access your Gmail and Google Calendar data solely to provide and improve the features of our sales pipeline automation service that you have expressly requested. Specifically:

  • Reading emails: to identify and contextualise prospect communications and inform outreach workflows
  • Sending emails: to send prospecting or follow-up emails on your behalf as directed by you within the application
  • Reading calendar events: to assess your availability and existing commitments when scheduling outreach
  • Creating/editing calendar events: to schedule meetings or follow-ups on your behalf as directed by you

We will not access Google user data for any purpose beyond what is necessary to provide these stated features.

4.4 Limited Use of Google User Data

Our use of data received from Google APIs is subject to Google's Limited Use Policy. In accordance with these requirements, we confirm that:

  • We only use Google user data to provide or improve the user-facing features of our application
  • We do not use Google user data to serve advertisements, including retargeted, personalised, or interest-based advertising
  • We do not sell, transfer, or share Google user data with third parties except as necessary to provide our service (e.g. our authorised sub-processors), or as required by applicable law
  • We do not use Google user data for any purpose that is unrelated to the feature for which the user granted access
  • We do not use Google user data to develop, train, or improve generalised AI or machine learning models

This application's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.5 Human Access to Google User Data

Our service is fully automated. No employee, contractor, or other person at Prospect Ai LTD will access, read, or process your Gmail messages or Google Calendar data, except in the following limited circumstances:

  • Where you have provided explicit written consent for a specific access request
  • Where access is necessary for security or abuse investigation purposes
  • Where required to comply with applicable law

Any such access will be limited to the minimum necessary and will be logged for security and audit purposes.

4.6 Storage of Google User Data

We store Google user data on servers located in the UK. We retain Google user data only for as long as is necessary to fulfil the purposes described in this Privacy Notice. You may request deletion of your data at any time by contacting us at kanoj@prospectai.co.

4.7 Revoking Access

You may revoke our application's access to your Google data at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions and removing Prospect Ai. Revoking access will not affect data we have already collected in accordance with this Privacy Notice.

5. Use of Microsoft Graph API Services

5.1 Our application also integrates with Microsoft Graph API Services, including Outlook Mail and Microsoft Calendar (via the Microsoft Graph API). This section explains specifically how we access, use, store, and share data obtained through these APIs.

5.2 Data Accessed via Microsoft Graph APIs

Through the Microsoft Graph API, we may access the following data on your behalf:

  • Outlook email messages and metadata (subject, sender, recipient, timestamps) via the Microsoft Graph Mail API
  • The ability to send emails on your behalf via the Microsoft Graph Mail API
  • Outlook calendar events, including titles, dates, times, attendees, and descriptions via the Microsoft Graph Calendar API
  • The ability to create and edit calendar events on your behalf via the Microsoft Graph Calendar API

5.3 Purpose of Access

We access your Outlook Mail and Microsoft Calendar data solely to provide the features of our sales pipeline automation service that you have expressly requested. Specifically:

  • Reading emails: to identify and contextualise prospect communications and inform outreach workflows
  • Sending emails: to send prospecting or follow-up emails on your behalf as directed by you within the application
  • Reading calendar events: to assess your availability and existing commitments when scheduling outreach
  • Creating/editing calendar events: to schedule meetings or follow-ups on your behalf as directed by you

We will not access Microsoft user data for any purpose beyond what is necessary to provide these stated features. Our use of Microsoft email and calendar data is limited to syncing and acting upon data for the direct benefit of the user, in accordance with the Microsoft API Terms of Use.

5.4 Restrictions on Use of Microsoft User Data

In accordance with the Microsoft API Terms of Use and applicable data protection law, we confirm that:

  • We only use Microsoft user data to provide or improve the user-facing features of our application
  • We do not use Microsoft user data to serve advertisements, including retargeted, personalised, or interest-based advertising
  • We do not sell, transfer, or share Microsoft user data with third parties except as strictly necessary to provide our service (e.g. our authorised sub-processors) or as required by applicable law
  • We do not use Microsoft user data for any purpose unrelated to the features for which you granted access
  • We do not use Microsoft user data to develop, train, or improve generalised AI or machine learning models
  • We implement proper data retention and deletion policies, and will delete Microsoft user data in accordance with your request or upon termination of your account

5.5 Human Access to Microsoft User Data

Our service is fully automated. No employee, contractor, or other person at Prospect Ai LTD will access, read, or process your Outlook emails or Microsoft Calendar data, except in the following limited circumstances:

  • Where you have provided explicit written consent for a specific access request
  • Where access is necessary for security or abuse investigation purposes
  • Where required to comply with applicable law

Any such access will be limited to the minimum necessary and will be logged for security and audit purposes.

5.6 Storage of Microsoft User Data

We store Microsoft user data on servers located in the UK. We retain Microsoft user data only for as long as necessary to fulfil the purposes described in this Privacy Notice. You may request deletion of your data at any time by contacting us at kanoj@prospectai.co.

5.7 Revoking Access

You may revoke our application's access to your Microsoft account data at any time by visiting https://myaccount.microsoft.com/permissions and removing Prospect Ai, or by contacting your organisation's Microsoft 365 administrator. Revoking access will not affect data we have already collected in accordance with this Privacy Notice.

6. The Information We Collect About You

6.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect, and where we receive it from, below.

6.2 Types of personal data:

  • Identity Data: your first and last name or title
  • Contact Data: your email address, telephone numbers, home address
  • Usage Data: information about how you use our systems
  • Feedback: information and responses you provide when completing surveys and questionnaires
  • Profile Data: email address, password, username, chat logs, audit trail of systems used and documents accessed and downloaded
  • Google API Data: email messages, calendar events and related metadata accessed via Google APIs as described in Section 4
  • Microsoft API Data: Outlook email messages, calendar events and related metadata accessed via Microsoft Graph APIs as described in Section 5
  • Marketing and Communication Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences

7. How We Use Your Information

7.1 We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. The most relevant to us are where we use your personal data to:

  • fulfil our contract with you
  • comply with a legal obligation that we have
  • pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms
  • do something for which you have given your consent

7.2 Contract

  • To administrate or perform our contract with you
  • To process your payment information in connection with any contract we have with you
  • To send you updates about the services you have bought

7.3 Legal Obligation

  • Recording your preferences (e.g. marketing) to ensure that we comply with data protection laws
  • Where we send you information to comply with a legal obligation
  • Where we retain information to enable us to bring or defend legal claims

7.4 Legitimate Interests

Where using your information is necessary to pursue our legitimate business interests to:

  • improve and optimise our Website
  • monitor and make improvements to our Website to enhance security and prevent fraud
  • provide our services to you and ensure the proper functioning of our Website and application
  • protect our business and defend ourselves against legal claims

7.5 Consent

  • Where you have provided your consent to providing us with information or allowing us to use or share your information
  • Where you have consented to receive marketing material from us
  • Where you have granted OAuth access to your Google account data, as described in Section 4
  • Where you have granted OAuth access to your Microsoft account data, as described in Section 5

8. Who We Share Your Information With

8.1 We share (or may share) your personal data with:

  • Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations
  • Our supply chain: other organisations that help us provide our service. We ensure these organisations only have access to the information required and have a contract containing confidentiality and data protection obligations

8.2 We do not sell, transfer, or disclose Google or Microsoft user data to third parties for advertising, data brokerage, or any other commercial purpose unrelated to providing our service.

8.3 If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

9. Where Your Information Is Located or Transferred To

9.1 We store your personal data, including any Google and Microsoft user data, on our servers in the UK.

9.2 We will only transfer information outside of the UK or EEA where we have a valid legal mechanism in place (for example, by using contracts approved by the ICO or the UK Secretary of State).

9.3 If you access our Website whilst abroad then your personal data may be stored on servers located in the same country as you or your organisation.

10. How We Keep Your Information Safe

10.1 We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These include:

  • Access controls and user authentication (including multi-factor authentication)
  • Encryption of data in transit and at rest
  • Regular security assessments in accordance with Google's Cloud Application Security Assessment (CASA) requirements
  • Publisher verification with Microsoft in accordance with Microsoft's identity platform requirements

10.2 If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).

10.3 If you notice any unusual activity on the Website or application, please contact us at kanoj@prospectai.co.

11. How Long We Keep Your Information

11.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

11.2 We may keep Identity Data, Contact Data and certain other data for up to seven years after the end of our contractual relationship with you.

11.3 Google user data (including email messages and calendar events) is retained only for as long as required to provide the features you have enabled. You may request deletion at any time by contacting kanoj@prospectai.co.

11.4 Microsoft user data (including Outlook email messages and calendar events) is retained only for as long as required to provide the features you have enabled. You may request deletion at any time by contacting kanoj@prospectai.co.

11.5 If you browse our Website, we keep personal data collected through our analytics tools for only as long as necessary to fulfil the purposes we collected it for.

11.6 If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.

12. Your Legal Rights

12.1 You have specific legal rights in relation to your personal data. These include:

  • Access: You can ask for a copy of your personal data and information about how we use it
  • Correction: You can ask us to correct inaccurate or incomplete personal data
  • Deletion: You can ask us to delete your personal data where there is no good reason to continue holding it
  • Restriction: You can ask us to temporarily limit how we use your personal data
  • Objection: You can object to us using your personal data
  • Portability: You can ask us to send you or another organisation an electronic copy of your personal data
  • Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO

12.2 We will respond to requests within one month of receiving your request or confirming your identity (whichever is later).

12.3 To exercise any of the above rights, please contact us at kanoj@prospectai.co.

13. When We Send You Marketing Messages

13.1 If you have consented to receiving marketing messages from us, you can opt out of these at any time.

13.2 Opting out of marketing will not affect our processing of your personal data in relation to any order you have with us.

14. Profiling and Automated Decision-Making

14.1 Personal data will not be used for profiling or other automated decision-making that produces legal or similarly significant effects on you without your explicit consent.

Prospect Ai Ltd | 124 City Road, London, EC1V 2NX | kanoj@prospectai.co | Company No. 14809013