Welcome to WeldReach. We are committed to protecting your privacy and complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR), the Netherlands Implementation Act (UAVG), and the California Consumer Privacy Act (CCPA). This privacy policy explains how we collect, use, share, and protect your personal data.
1. Introduction and Scope
WeldReach provides a B2B sales automation and CRM platform that enables businesses to generate leads, manage customer relationships, automate email sequences, and analyze sales performance. This policy applies to all personal data we process in connection with our services, whether as a data controller or data processor.
This policy covers both our own data processing activities (such as managing customer accounts and providing support) and data processing we perform on behalf of our customers (such as storing and processing their lead and customer data).
2. Personal Data We Collect
2.1 Account and Profile Information
Name, email address, phone number
Company name, job title, business address
Profile photo and bio information
Account preferences and settings
2.2 Business and CRM Data
Lead and prospect information you upload or create
Contact details of your leads and customers
Email content, sequences, and communication history
Pipeline data, deals, notes, and tasks
Integration data from connected third-party services
2.3 Technical and Usage Data
IP address, browser type, device information
Usage patterns, feature interactions, session data
Log files, error reports, performance metrics
Cookies and similar tracking technologies
2.4 Payment and Billing Information
Billing address and payment method details
Transaction history and invoices
Tax identification numbers (when required)
2.5 Communication Data
Support ticket content and correspondence
Chat messages and call recordings
Marketing communication preferences
Survey responses and feedback
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
Contract Performance (Article 6(1)(b) GDPR)
Processing necessary to provide our services, manage your account, and fulfill our contractual obligations.
Legitimate Interests (Article 6(1)(f) GDPR)
Improving our services, security monitoring, analytics, direct marketing to existing customers, and fraud prevention.
Consent (Article 6(1)(a) GDPR)
Marketing communications, cookies (where required), and optional features you choose to enable.
Legal Obligations (Article 6(1)(c) GDPR)
Compliance with tax, accounting, and other legal requirements.
4. Purposes of Data Processing
We process personal data for the following purposes:
Service Delivery: Providing and maintaining our platform, processing transactions, and customer support
Account Management: Creating and managing user accounts, authentication, and access control
Communication: Sending service-related notifications, updates, and responding to inquiries
Improvement: Analyzing usage patterns to improve our services and develop new features
Security: Detecting fraud, preventing abuse, and ensuring platform security
Marketing: Sending promotional communications (with consent) and personalizing content
Compliance: Meeting legal obligations, including tax reporting and regulatory requirements
Analytics: Understanding user behavior and platform performance through aggregated data analysis
5. How We Obtain Your Data
We collect personal data from the following sources:
Directly from you: When you create an account, use our services, or contact us
Automatically: Through your use of our platform, cookies, and tracking technologies
Third-party integrations: When you connect external services (Gmail, HubSpot, etc.)
Public sources: Publicly available business information for lead generation features
Partners: From authorized business partners and integration providers
Your customers: When you upload or import data as part of using our services
6. Data Sharing and Third Parties
We share personal data with the following categories of recipients:
Service Providers
Cloud hosting providers (AWS, Google Cloud)
Payment processors (Stripe, PayPal)
Email service providers
Analytics and monitoring tools
Customer support platforms
Integration Partners
When you authorize connections to third-party services like Gmail, HubSpot, or Salesforce, data is shared according to your permissions and their privacy policies.
Legal Requirements
We may disclose data when required by law, court order, or to protect our rights, safety, and property.
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction.
Important: We do not sell personal data to third parties for their marketing purposes.
7. Controller vs Processor Roles
When We Act as Data Controller
We determine the purposes and means of processing for:
Your account information and profile data
Platform usage analytics and improvements
Marketing and communication preferences
Billing and payment processing
Security and fraud prevention
When We Act as Data Processor
We process data on your behalf and under your instructions for:
Lead and customer data you upload to our platform
Email campaigns and sequences you create
CRM data including pipelines, notes, and tasks
Integration data from your connected services
For data processing activities where you are the controller, our Data Processing Agreement (DPA) governs our obligations.
8. Data Retention Periods
We retain personal data for different periods depending on the purpose:
Account DataWhile account is active + 30 days
Customer Business DataAs per customer instructions or 90 days after termination
Financial Records7 years (legal requirement)
Usage Logs12 months
Support Communications3 years
Marketing DataUntil consent withdrawn + 30 days
We automatically delete data when retention periods expire, unless longer retention is required by law or for legitimate business purposes (such as ongoing legal proceedings).
9. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:
Adequacy Decisions: Transfers to countries with adequate protection as determined by the European Commission
Standard Contractual Clauses: EU-approved contractual terms ensuring GDPR-level protection
Certification Schemes: Partners certified under recognized data protection frameworks
Binding Corporate Rules: Internal policies ensuring consistent data protection standards
You can request information about specific safeguards used for international transfers by contacting us at privacy@weldreach.com.
10. Data Security Measures
We implement comprehensive security measures to protect your personal data:
Technical Measures
Encryption in transit and at rest
Multi-factor authentication
Regular security assessments
Intrusion detection systems
Secure coding practices
Organizational Measures
Access controls and authorization
Employee security training
Data processing agreements
Incident response procedures
Regular compliance audits
Security Incident Reporting: If you suspect unauthorized access to your account or a security incident, immediately contact us at security@weldreach.com.
11. Your Privacy Rights
Under GDPR and other applicable laws, you have the following rights:
Access (Article 15 GDPR)
Request a copy of the personal data we hold about you
Rectification (Article 16 GDPR)
Correct inaccurate or incomplete personal data
Erasure (Article 17 GDPR)
Request deletion of your personal data in certain circumstances
Restriction (Article 18 GDPR)
Limit how we process your personal data in specific situations
Portability (Article 20 GDPR)
Receive your data in a structured, machine-readable format
Object (Article 21 GDPR)
Object to processing based on legitimate interests or for direct marketing
How to Exercise Your Rights
Email us at privacy@weldreach.com with your request
Include sufficient information to verify your identity
Specify which right you want to exercise and provide relevant details
We will respond within 30 days (or notify you if more time is needed)
Complaints: You have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl if you believe we have violated your privacy rights.
12. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and analyze platform usage:
Essential Cookies
Required for basic platform functionality, authentication, and security. These cannot be disabled.
Analytics Cookies
Help us understand how you use our platform through Google Analytics and similar tools. These are anonymized and aggregated.
Marketing Cookies
Used to personalize marketing content and measure campaign effectiveness. Requires your consent.
Preference Cookies
Remember your settings and preferences to enhance your user experience.
Cookie Management: You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect platform functionality.
13. California Consumer Privacy Rights
If you are a California resident, you have additional rights under the CCPA:
Right to Know
Request information about the personal information we collect, use, disclose, and sell
Right to Delete
Request deletion of personal information we have collected from you
Right to Opt-Out
We do not sell personal information. If our practices change, we will provide an opt-out mechanism
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights
California Requests: California residents can submit requests by emailing privacy@weldreach.com or calling [phone number]. We may require identity verification before processing requests.
14. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms:
We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
If the breach poses a high risk, we will notify affected individuals without undue delay
Notifications will include the nature of the breach, likely consequences, and measures taken
We maintain detailed incident response procedures to minimize impact and prevent recurrence
Our security team continuously monitors for potential breaches and has established procedures for rapid response and containment.
15. Children's Privacy
Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16.
If we become aware that we have collected personal data from a child under 16 without proper parental consent, we will take steps to delete such information promptly.
If you believe we have collected information from a child under 16, please contact us immediately at privacy@weldreach.com.
16. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Material changes will be communicated via email or prominent platform notice
The "Last updated" date will be revised to reflect the effective date of changes
Continued use of our services after changes constitutes acceptance of the updated policy
We encourage you to review this policy periodically
17. Contact Information
For questions about this privacy policy, to exercise your rights, or to report privacy concerns:
Supervisory Authority: For complaints regarding our data protection practices, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl or +31 (0)70 888 8500.
This privacy policy is effective as of the last updated date shown above. By using WeldReach services, you acknowledge that you have read, understood, and agree to this privacy policy.