This policy explains what data Warmvane (“we”, “the service”) collects, why, and how we protect it. It is a plain-language template and should be reviewed by legal counsel before production use.
Who we are
The service is operated by Tomasz Matusiak, an individual based in Poland (“we”, “the operator”). We act as the data controller for your account data and as a processor for the prospect data you upload. You can reach us at tomasz.matusiak@post.pl. A registered business entity and postal address will be added here once the operator formalizes the business; until then, the operator acts as a natural person.
What we collect
- Account data — the email address of the account provisioned for you, and your offer profile (product description, tone, language settings).
- Prospect data you upload — names, companies, email addresses, LinkedIn URLs, and any notes you add to prospects and campaigns.
- Generated content — the research summaries and message drafts the service produces for your prospects.
- Usage data — basic operational logs needed to run the service securely (sign-in events, job status, feature usage).
How we use it
- To research the companies and contacts you import, using web search.
- To generate personalized message sequences in your voice.
- To operate, secure, and support your account.
We do not sell your data or your prospects’ data, and we do not use it to train third-party models beyond what is required to generate your drafts. The service never sends messages on your behalf — every message is sent by you, from your own inbox.
Legal basis for processing
We process your account data to provide the service you signed up for (Article 6(1)(b) GDPR — performance of a contract) and to keep it secure (Article 6(1)(f) — our legitimate interest in running a safe service). We process the prospect data you upload on your behalf and under your instructions, as your processor; you are responsible for the legal basis that covers that data. Where the law requires it, we also process data to meet our legal obligations (Article 6(1)(c)).
Where your data is processed
Your account and prospect data are stored on Supabase in the United Kingdom (London, eu-west-2 region). The United Kingdom is covered by a European Commission adequacy decision, so transfers there from the EEA are permitted. To research prospects and generate drafts, relevant content is also processed by our AI sub-processor in the United States (see international transfers below). Our current sub-processors are:
- Supabase — database, authentication, and hosting (United Kingdom).
- Anthropic — the AI models used for research and message generation, including web search (United States).
International transfers
When the AI researches a company or drafts a message, the relevant content is sent to Anthropic in the United States. Where personal data is transferred outside the EEA or the UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and our AI provider’s data-processing terms, and we limit the data shared to what is needed to produce your research and drafts.
Payments
The app does not process payments today. When paid plans go live, checkout and billing will be handled by a third-party Merchant-of-Record payment provider (for example, Lemon Squeezy or Paddle), which acts as the seller of record and handles applicable taxes. That provider processes your payment details directly under its own privacy policy — we do not receive or store your full card details. We receive only what we need to activate your plan, such as your email and subscription status.
Your responsibilities for prospect data
You decide which prospects to upload and remain responsible for having a lawful basis to process their personal data under applicable law (for example, the GDPR). In data-protection terms, you act as the controller of that data and we act as a processor acting on your instructions.
Retention
We keep your account and prospect data for as long as your account is active. You can request deletion of your data at any time; we will remove it within a reasonable period, except where we are required to retain certain records by law.
Your rights
Depending on your location, you may have the right to access, correct, delete, export, or object to the processing of your personal data. To exercise any of these, contact us at the address on our contact page.
Cookies
The app uses only essential cookies: to keep you signed in, and to remember your language preference (English or Polish) so we do not ask again on your next visit. We do not use advertising or third-party tracking cookies.
Data breaches
We keep reasonable technical and organizational measures in place to protect your data. If a personal-data breach occurs that is likely to result in a risk to people’s rights, we will notify the relevant supervisory authority and any affected users without undue delay, in line with Articles 33 and 34 GDPR.
Changes
We may update this policy as the product evolves — for example, when billing is introduced. Material changes will be reflected by the “last updated” date above.
Contact
Questions about privacy? Reach us via our contact page.