1. General provisions
This Privacy Policy describes how personal data is processed in connection with use of the website and SaaS service named Searchlize(the "Service").
2. Data controller
The controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) is:
- Mieszko Ziarkowski, operating as działalność nierejestrowana,
- address: ul. Zielona 25, 32-080 Bolechowice,
- contact email: contact@searchlize.com,
- for personal data protection matters: contact@searchlize.com.
With respect to personal data you process within the Service for your own business activities (e.g., leads, contractors, message content), you may be a separate data controller. In that case, you are responsible for fulfilling informational and legal obligations toward those individuals in accordance with the GDPR.
3. Purposes and legal bases for processing
We process personal data for the following purposes and on the following legal bases:
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Account creation and management, provision of the Service (login, configuration, history) | lit. b — necessary for performance of a contract |
| Payments, billing, defense of contract-related claims | lit. b and/or lit. f — legitimate interest |
| Compliance with legal obligations (e.g., retention of accounting documents) | lit. c — legal obligation |
| IT security, abuse prevention, technical logs | lit. f — legitimate interest of the controller |
| Product analytics and in-app error reporting (PostHog, with consent via the cookie banner) | lit. a — consent |
| Newsletter or marketing campaigns (if launched) | lit. a — consent |
4. Scope of processed data
Depending on how the Service is used, the following may be processed, among other data:
- account identification and contact data (e.g., email address used for registration);
- billing data provided by the payment operator (e.g., transaction identifiers, invoice details, if provided);
- data entered into the Service: company and lead profiles (including name, domain, website address, tax ID, business registry number, contact details of individuals, notes), target groups, message content and drafts, integration settings;
- technical data: IP address, device/browser identifiers, timestamps, system event identifiers;
- credentials for mailboxes connected by you (e.g., OAuth tokens, SMTP/IMAP parameters) — stored solely for the purpose of providing mail and send-queue features, with encryption at rest where configured in the production environment;
- website content and metadata retrieved as part of search and analysis features — to the extent necessary for the Service to operate (including transfer to AI model and external search providers).
5. Data recipients and processors
Data may be entrusted to partners involved in providing the Service, acting on the basis of data processing agreements or appropriate processor terms, including:
- Supabase — database hosting and user authentication;
- Stripe — payments and subscriptions;
- Google (Gemini / Generative AI) — processing content for analysis and content generation within the Service;
- Serper or another search results provider configured in the environment — search queries;
- Resend — sending transactional / service emails (e.g., product notifications), in accordance with Service configuration;
- Upstash (QStash) — job queue and asynchronous invocations;
- application hosting provider (e.g., Vercel or another indicated in the production infrastructure);
- PostHog (EU instance) — optional behavioral analytics in the dashboard and error reporting after consent via the cookie banner; without transferring outreach message content or full lead data in product events.
Cold outreach messages are typically sent from the User's mail infrastructure(connected mailbox). In that scope, the User's mail operators process data according to their own terms.
6. Transfers of data outside the European Economic Area (EEA)
Some providers may process data outside the EEA (e.g., in the United States). In such cases, we apply instruments provided for by the GDPR, in particular Standard Contractual Clauses approved by the European Commission or other mechanisms permitted by law, where applicable.
7. Retention period
- account and Service data — for the duration of the agreement and thereafter for the period necessary to pursue claims or as required by document retention regulations;
- accounting data — for the period required by tax and accounting law;
- technical logs — for a period justified by security needs, generally no longer than necessary for the purposes for which they were collected.
8. Rights of the data subject
You have, among others, the right to:
- access your data and obtain a copy;
- rectification (correction) of data;
- erasure, restriction of processing, and objection to processing based on legitimate interest — within the limits provided by the GDPR;
- data portability, where processing is automated and based on a contract or consent;
- where processing is based on consent — withdraw consent at any time without affecting the lawfulness of processing before withdrawal;
- lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).
To exercise the above rights, contact us at: contact@searchlize.com.
9. Source of data
Account data comes from you. Company and lead data may come from you or be obtained automatically within Service features from publicly available sources — in accordance with configuration and actions you take in the interface.
10. Profiling and automated decision-making
The Service may use AI models to evaluate content, scoring, or generate message drafts. This does not involve automated legal decision-making concerning you within the meaning of Art. 22 GDPR in a typical B2B tool usage scenario — final business decisions and communication sending remain with the User.
11. Cookies and related technologies
Rules for the use of cookies in the Service are described in a separate document: Cookie Policy.
12. Changes to the Privacy Policy
We may update this policy, in particular when Service features or applicable law change. Material changes will be communicated appropriately (e.g., via a message in the Service or email).