Privacy Policy

1. Introduction

This Privacy Policy explains how Robert Cole, doing business as KinectB2B (“KinectB2B”, “we”, “us”, or “our”), collects, uses, discloses, and protects information when we operate our business and provide our outbound lead generation service (the “Services”). KinectB2B is based in the State of Indiana, United States.

This Policy covers three categories of individuals about whom we process information:

• Visitors to our public website at https://kinectb2b.com (“Visitors”).
• Customers who engage KinectB2B for Services, and their authorized representatives (“Clients”).
• Business contacts whose information is identified by our lead-generation engine and contacted on behalf of a Client (“Prospects”).

We may also process information about job applicants and personnel; that processing is described briefly in Section 9.

By using our website or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use our website or Services.

2. Our Role: Controller and Processor

For Visitors and Clients, KinectB2B acts as the controller of personal information — we determine the purposes and means of processing. For Prospects, KinectB2B generally acts as the controller for purposes of identifying and verifying business contact information, and as a processor when sending outreach on behalf of a Client based on that Client’s instructions. The distinction is relevant primarily for individuals located in jurisdictions that recognize the controller/processor distinction (such as the European Economic Area, the United Kingdom, and several U.S. states).

3. Information We Collect from Visitors

When you visit our website, we collect the following:

3.1 Information you provide directly

• Contact and inquiry information you submit through forms (name, email, business name, phone, message content).
• Information you provide when scheduling a consultation or demo.
• Any other information you choose to send us by email or through our website.

3.2 Information collected automatically

• Standard server logs: IP address, user agent (browser type and version), referring URL, page URLs visited, timestamps.
• Device and browser characteristics necessary to render the website properly.
• Cookies and similar technologies, described in Section 8.

3.3 We do not collect

• Government-issued identifiers (e.g., SSN, driver’s license number).
• Financial account information from Visitors. Payment information is collected by our payment processor (Stripe) and is not stored on our systems.
• Sensitive personal information categories such as racial or ethnic origin, religious beliefs, health, or sexual orientation.

4. Information We Collect from Clients

When a Client engages our Services, we collect:

4.1 Account and business information

• Client business name, primary contact name, title, email, and phone.
• Billing contact, billing email, and postal address.
• Authentication credentials (we store passwords using a one-way bcrypt hash; we never store admin passwords in plaintext).

4.2 Service configuration

• Selected service tier, Geographic Area, Target Industry, and other onboarding inputs.
• Brand assets, message templates, and content preferences Client provides to inform outreach.

4.3 Payment information

• Payment is processed by Stripe, Inc. We receive transaction confirmations and the last four digits of payment methods used. We do not store full card numbers, CVV codes, or bank account numbers on our systems.

4.4 Usage and activity data

• Activity within our Client portal (logins, pages viewed, actions taken).
• Communications between Client and KinectB2B (email correspondence, support requests).

5. Information We Collect About Prospects

Prospects are business contacts identified by our lead-intelligence engine (“Hornet”) and contacted via email on behalf of a Client. Because Prospects do not have a direct relationship with KinectB2B and do not visit our website to provide information, we describe this processing in additional detail below.

5.1 What we collect

• Business name, business website, business address, and publicly stated industry classification.
• Business contact information, principally email addresses, that is either (a) published by the business on its own website or in publicly available business directories, or (b) inferred from common email-address patterns and then verified by attempting an SMTP-level deliverability check (no email is sent during this check).
• Names and job titles of business representatives where such information is publicly listed by the business.
• Outreach engagement signals: whether an email was delivered, bounced, opened (if pixel tracking is enabled by Client), or replied to, and the content of any reply received.

5.2 Sources of Prospect information

• Publicly available sources including business websites, business directories, professional listings, and review platforms.
• Pattern-based inference followed by deliverability verification, as described above.
• Replies and engagement information from outreach sent on behalf of Clients.

5.3 Legal basis (for Prospects in jurisdictions where applicable)

In jurisdictions that require a lawful basis for processing personal data of natural persons (such as the European Economic Area and the United Kingdom under GDPR), we rely on our legitimate interest and that of our Clients in conducting business-to-business outreach, balanced against the privacy interests of Prospects. Where Prospect-side individuals are recipients in such jurisdictions, additional rights apply as described in Section 10. We do not process special categories of data about Prospects.

5.4 What we do not collect about Prospects

• Personal email addresses (gmail, yahoo, etc.) where they are not the recipient’s stated business contact.
• Information about consumers in their individual (non-business) capacity.
• Financial, health, or other sensitive information.

6. How We Use Information

We use information for the following purposes:

6.1 To provide and operate the Services

• Identifying and verifying Prospects for Clients based on Client-specified criteria.
• Sending email outreach on behalf of Clients, including the standard three-step sequence described in our Master Service Agreement.
• Surfacing replies and engagement data to Clients in their portal.
• Generating reports and analytics about outreach performance.

6.2 To communicate with you

• Responding to inquiries from Visitors and providing requested information.
• Sending Clients account, billing, and service notifications.
• Sending Prospects email outreach on behalf of our Clients, in compliance with applicable commercial-email laws.

6.3 To improve and secure our Services

• Monitoring, troubleshooting, and improving the performance of our website and Services.
• Detecting and preventing fraud, abuse, and security incidents.
• Maintaining suppression and bounce lists across our platform.

6.4 For legal and business obligations

• Maintaining records as required by tax, accounting, and other legal obligations.
• Defending against legal claims and enforcing our agreements.
• Complying with applicable laws and lawful requests from public authorities.

7. How We Share Information

We do not sell personal information. We share information only as described below.

7.1 Service providers and sub-processors

We rely on a small number of trusted U.S.-based service providers to operate our business. These sub-processors receive only the information necessary to perform their function and are contractually obligated to protect it.

We may engage additional sub-processors as our business grows. Material changes to the sub-processor list will be reflected in this Privacy Policy.

7.2 With our Clients

When KinectB2B identifies a Prospect for a Client and engages in outreach on behalf of that Client, the Client receives access to the relevant Prospect business contact information and any replies generated. Each Client uses this information for its own business purposes; the Client’s own privacy practices then apply.

7.3 Legal and protective disclosures

We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, legal process, or government request; (b) enforce our agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of KinectB2B, our Clients, or others.

7.4 Business transfers

If KinectB2B is involved in a merger, acquisition, financing, reorganization, or sale of business assets, information may be transferred as part of that transaction, subject to the acquirer agreeing to honor the commitments made in this Privacy Policy.

8. Cookies and Tracking

Our website uses a minimal set of cookies and similar technologies:

• Strictly necessary cookies for authentication, session management, and security. These cannot be disabled without rendering parts of the Services unusable.
• Functional cookies that remember preferences such as language or display settings.

We do not currently use third-party analytics or advertising cookies. If this changes, we will update this Policy and provide appropriate notice and (where required) consent mechanisms.

Most browsers allow you to refuse or delete cookies through their settings. Note that some Services may not function properly without certain cookies.

When sending Prospect outreach on behalf of a Client, we may include a tracking pixel in the message to detect whether the email was opened. This is a standard feature of business email outreach. Prospects can prevent open-tracking by configuring their email client to block remote images.

9. Personnel and Applicants

From time to time we may receive information from individuals who apply for employment or contractor positions with KinectB2B. We use such information solely to evaluate candidates, communicate with applicants, and (if hired) administer the employment or engagement relationship. We retain applicant information only as long as reasonably necessary or as required by law.

10. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We honor verifiable requests to exercise these rights regardless of jurisdiction, subject to any exemptions permitted under applicable law.

10.1 Rights available to all individuals (regardless of location)

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of information that is inaccurate or incomplete.
• Deletion: request that we delete information about you, subject to legal retention obligations.
• Opt out of outreach: if you are a Prospect who has received outreach from us on behalf of a Client, you may unsubscribe at any time using the link in any outreach email; this stops all further outreach from KinectB2B to that address across all of our Clients.

10.2 California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to delete personal information we hold about you, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the “sale” or “sharing” of personal information. KinectB2B does not sell or share (for cross-context behavioral advertising) personal information.
• Right to limit the use of sensitive personal information. KinectB2B does not collect categories of information that meet the CCPA definition of “sensitive personal information.”
• Right to non-discrimination for exercising any of these rights.

10.3 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you may have additional rights under the General Data Protection Regulation and equivalent laws, including the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority. The legal bases on which we process personal data are described in Section 5.3 above and elsewhere in this Policy as applicable.

10.4 Other U.S. states

Several U.S. states (including Colorado, Connecticut, Virginia, Utah, Texas, and others) have enacted comprehensive privacy laws. We honor the equivalent rights described above for residents of these states.

10.5 How to exercise your rights

To exercise any of these rights, please contact us at robert@kinectb2b.com. We will respond within the time frame required by applicable law (typically 45 days, with the possibility of one 45-day extension where reasonably necessary).

We may need to verify your identity before responding to your request. For Prospects, the most direct and immediate way to stop receiving outreach is to use the unsubscribe link in any outreach email; this is honored within ten (10) business days as required by the CAN-SPAM Act, and typically much faster in practice.

11. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption of data in transit (TLS) and at rest where supported by our service providers.
• Authentication for all administrative access, with passwords stored as one-way bcrypt hashes.
• Role-based access controls limiting which personnel can access which categories of data.
• Regular review of our sub-processors’ security practices.
• Logging of administrative activity for audit purposes.

No system is perfectly secure. We cannot guarantee absolute security, but we work continuously to improve our practices and to respond appropriately to any security incidents that may occur.

12. Data Retention

We retain personal information for the period necessary to provide the Services, meet legal and accounting obligations, resolve disputes, and enforce our agreements. General guidelines:

• Visitor inquiries and contact-form submissions: up to 24 months, then deleted unless they become Client records.
• Client account and billing records: for the duration of the engagement plus 7 years for tax and accounting purposes, or longer where required by law.
• Prospect records associated with an active Client engagement: for the duration of the engagement, plus 30 days post-termination to permit data export per the Master Service Agreement.
• Provider-wide unsubscribe and bounce lists: retained indefinitely so that suppression is permanent across all Clients.
• Activity logs and audit trails: retained for at least 12 months and as long as reasonably useful for security and operational purposes.

13. International Data Transfers

KinectB2B operates in the United States, and our sub-processors are located in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States. The laws of the United States may differ from those of your country of residence.

Where required by applicable law (such as transfers from the EEA, UK, or Switzerland), we rely on lawful transfer mechanisms such as the EU Standard Contractual Clauses or equivalent safeguards.

14. Children’s Privacy

Our Services are intended for use by businesses and adults. We do not knowingly collect personal information from children under the age of 13 (or, in the EEA and UK, under the age of 16). If we become aware that we have collected such information, we will delete it promptly. If you believe a child has provided personal information to us, please contact robert@kinectb2b.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Effective” date at the top of this Policy and, where appropriate, notify Clients by email. We encourage you to review this Policy periodically.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, or to exercise any of the rights described above:

We aim to respond to all privacy inquiries within thirty (30) days, and to requests subject to specific legal deadlines (such as CCPA or GDPR requests) within the time frame required by the applicable law.