Privacy Policy

This Privacy Policy explains how Eliasse Hamour ("we," "us," or "our"), acting as data controller, collects, uses, discloses, and safeguards personal data when you use Linkfinder AI ("the Service"), a B2B contact data enrichment platform accessible at linkfinderai.com.

This Policy is issued in accordance with Regulation (EU) 2016/679 (the "GDPR"), the French Data Protection Act (Loi Informatique et Libertés), and other applicable data protection laws.

We collect personal data in three contexts: (a) when you create and use a User account; (b) when you make a payment; and (c) when we aggregate business contact information from publicly available sources for the database underlying the Service.

a) Account Data (Users of the Service)

b) Payment Data

Payments are processed by our authorized Merchant of Record ("MoR"), who acts as the seller of record and processes card or alternative payment data on our behalf. We do not store full card numbers on our systems. The MoR is an independent data controller for the payment transaction and operates under its own privacy policy.

c) Business Contact Information in the Service Database

The Service maintains a database of business contact information aggregated from publicly available business data sources (company websites, public business directories, professional disclosures, official corporate registries, and similar public sources). This database may include the following data about individuals in a professional capacity:

• First and last name (in a professional context)
• Professional job title and employer
• Business email address (work email)
• Business phone number (work phone)
• Public professional profile URL
• City and country of employment

We do not knowingly collect or store: home addresses, personal phone numbers, personal email addresses, sensitive personal data (race, religion, health, sexual orientation, political opinions, etc.), or any data of children under 16.

Legal basis: Our processing of this business contact information relies on legitimate interest (GDPR Art. 6(1)(f)) — specifically, the legitimate interest of B2B users in identifying and contacting other professionals for legitimate business purposes. We have conducted a balancing test and provide a simple opt-out mechanism (see Section 6).

We use personal data only for the purposes for which it was collected, including:

• Providing, operating, maintaining, and improving the Service;
• Authenticating Users and managing accounts;
• Processing subscriptions, payments, refunds, and credits;
• Responding to support requests and User communications;
• Sending essential service notifications (billing, security, important updates);
• Preventing fraud, abuse, and unauthorized access;
• Complying with legal, tax, and accounting obligations;
• Conducting aggregated, anonymized analytics to improve the Service.

We do not:

• Sell personal data to third parties;
• Use personal data for behavioral advertising or ad targeting;
• Share personal data with data brokers;
• Use personal data for purposes incompatible with those listed above.

We share personal data only with the following categories of recipients, all of whom are bound by contractual data protection obligations:

In the event of a business transfer (merger, acquisition, asset sale), personal data may be transferred to the acquiring party, subject to equivalent privacy protections.

Some of our service providers are located outside the European Economic Area (EEA), including in the United States. Where data is transferred outside the EEA, we ensure adequate protection through one or more of the following mechanisms:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Transfers to countries covered by an adequacy decision from the European Commission;
• Supplementary technical and organizational safeguards where appropriate.

You may request a copy of the safeguards in place by contacting [email protected].

If you are located in the EEA, the United Kingdom, or Switzerland — including if your business contact information appears in our database — you have the following rights:

• Right of access: Obtain confirmation of whether we process your personal data and a copy of that data.
• Right to rectification: Have inaccurate or incomplete data corrected.
• Right to erasure ("right to be forgotten"): Have your personal data deleted, subject to certain legal exceptions.
• Right to restriction of processing: Request that we limit how we process your data.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object at any time to processing based on legitimate interest, including the inclusion of your business contact information in our database.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time.
• Right to lodge a complaint: Lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

• TLS/SSL encryption for all data in transit;
• Encryption at rest for sensitive data;
• Access controls and authentication on administrative systems;
• Regular security reviews and dependency updates;
• Hosting on infrastructure providers with industry-standard security certifications;
• Restricted access to personal data on a need-to-know basis.

No system is perfectly secure. In the event of a personal data breach likely to result in a risk to data subjects' rights and freedoms, we will notify the CNIL within 72 hours and affected data subjects without undue delay, as required by GDPR Articles 33 and 34.

We use a minimal set of cookies and similar technologies for:

• Strictly necessary: Session management, authentication, security, load balancing — these cannot be disabled.
• Analytics: Privacy-friendly aggregated analytics (Plausible, PostHog) to understand how the Service is used and improve it.
• Conversion tracking (with consent): Where you've consented, marketing pixels (Meta, Google) to measure the effectiveness of advertising campaigns.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.

The Service is intended for business use and is not directed at individuals under sixteen (16) years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will delete that data promptly. If you believe a child has provided us with personal data, please contact [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will:

• Update the "Last Updated" date at the top of this page;
• Notify active subscribers by email of any material changes at least thirty (30) days before they take effect;
• Post the updated policy on this page.

Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the changes.

For any question, request, or complaint regarding this Privacy Policy or your personal data:

• Email: [email protected]
• Postal address: Eliasse Hamour, 26 Rue de la Coopération, 93240 Stains, France

You also have the right to lodge a complaint with the French data protection authority:

• CNIL — Commission Nationale de l'Informatique et des Libertés
• 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
• www.cnil.fr