Privacy Policy

GetOutpulse is a cold email enrichment and outreach platform developed by Loans Got Easy Inc., registered in Alberta, Canada. You can reach us at [email protected].

GetOutpulse is designed to run on your own infrastructure. The application stores all data in a SQLite database file on your server at the path you configure. We do not operate central servers that receive or store your contact data, campaign data, or email content.

The only data we may receive:

• License verification: Your AppSumo license key may be validated against AppSumo's API at activation. We receive confirmation of validity, not personal data beyond the email associated with your AppSumo purchase.
• Error reports (optional): If you enable crash reporting, anonymised stack traces may be sent to help us fix bugs. No contact data is included. This is opt-in only.
• Support requests: When you contact us by email, we retain that correspondence to assist you.

All of the following is stored only in your local database file:

• Contact records, email addresses, and enrichment data
• Campaign content, sequences, and send history
• API keys for third-party integrations (stored encrypted)
• Team member accounts and session tokens
• Unsubscribe records

You are responsible for backing up this file and securing access to your server.

When you configure integrations, GetOutpulse sends requests to those services on your behalf. Your use of those services is governed by their own privacy policies. GetOutpulse transmits only the minimum data required to fulfil each request.

• Anthropic (Claude AI) — Contact name, company, and website data is sent to generate icebreakers. Anthropic's privacy policy applies. anthropic.com/privacy
• Apollo.io — Search queries and email lookup requests. apollo.io/privacy-policy
• People Data Labs — Email and person enrichment lookups. peopledatalabs.com/privacy-policy
• Hunter.io / Clearbit / NeverBounce / Zerobounce / Debounce — Email finding and verification. Each has its own privacy policy.
• Brevo / SendGrid / Mailgun / SMTP providers — Email content and recipient addresses are transmitted to send your campaigns.
• HubSpot / Pipedrive / Close — Contact and reply data is synced if you enable CRM integration.
• Google OAuth — If you sign in with Google, we receive your name and email address from Google. This is stored in your local database only.

GetOutpulse sets one authentication cookie (outpulse_session) to keep you signed in. It is an HttpOnly, Secure, SameSite=Strict cookie. No third-party tracking cookies, analytics pixels, or advertising tags are embedded in the application.

Email open tracking (if enabled in your campaigns) works by embedding a 1×1 pixel in emails you send. Recipients who open those emails generate a server log entry on your own server. You are responsible for disclosing this to recipients in accordance with applicable law.

Recipients who click an unsubscribe link in your emails are permanently recorded in your local database and excluded from all future sends. You must include a working unsubscribe link in all commercial email. GetOutpulse generates these links automatically when you enable unsubscribe tracking in your campaign settings.

Because GetOutpulse is self-hosted, you are the data controller for all personal data you process through the platform. Your obligations depend on your jurisdiction:

• GDPR (EU/UK): You must have a lawful basis for processing personal data. Legitimate interest is the most commonly applicable basis for B2B cold outreach. You must honour data subject requests (access, erasure, portability).
• CASL (Canada): You must have implied or express consent before sending commercial electronic messages.
• CAN-SPAM (US): You must include a physical mailing address and a working opt-out mechanism in every commercial email, and honour opt-outs within 10 business days.
• CCPA (California): You must not sell personal information without disclosure and opt-out rights.

GetOutpulse provides tools (unsubscribe links, contact deletion, export) to help you meet these obligations. Compliance is your responsibility.

Data is retained in your database for as long as you keep it. There is no automatic deletion. You can delete contacts, campaigns, and logs directly from the application. To wipe all data, delete the database file from your server.

API keys are stored encrypted in the database. Session tokens are hashed. We recommend running GetOutpulse behind HTTPS, using a strong admin password, and restricting server access to trusted IPs.

We may update this policy as the product evolves. Significant changes will be noted in the release changelog. The current version is always at getoutpulse.com/privacy.

Privacy questions: [email protected]
General contact: getoutpulse.com/contact