Privacy Policy
Last updated: July 2025
Outryze ("the service") is operated by Netbase Media Ltd. ("we", "us", "our").
We respect your privacy and comply with:
- EU GDPR 2016/679 and the UK GDPR
- California CCPA / CPRA and other U.S. state privacy laws
- Brazil LGPD, and other applicable laws worldwide
We also meet the transparency and data-sharing duties introduced by the EU Data Act where they apply to our service.
1. Who is the data controller
Registration No.: 13-09-203379
VAT No.: HU24994356
Registered address: Hungary, 2141 Csömör, Nagy Sándor utca 46.
E-mail: [email protected]
Our data protection officer:
[email protected]
2. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | name, e-mail, password hash | you |
| Contact data you upload | contact e-mails, names, job titles, companies | you |
| Usage data | IP address, device type, pages viewed, actions | collected automatically |
| Cookies | auth tokens, analytics cookies | browser |
| Support data | messages, attachments | you |
We do not knowingly collect data from children under 13.
3. Legal bases (GDPR art. 6)
| Purpose | Legal basis |
|---|---|
| Provide and secure the service | contract performance |
| Sync contacts to Mailgun | legitimate interest (efficient e-mail delivery) |
| Analytics & error-logging | legitimate interest (service quality) |
| Marketing e-mails about new features | consent (you can opt-out any time) |
| Compliance with requests from regulators, tax or law-enforcement | legal obligation |
4. How we use your data
- run, maintain and improve Outryze
- authenticate users and prevent fraud
- store and sync your contact lists with Mailgun
- provide support and send system notices
- generate anonymised statistics
We never sell personal data.
5. Sharing & international transfers
| Recipient | Role | Safeguard |
|---|---|---|
| Mailgun Technologies LLC (USA) | cloud e-mail service | Standard Contractual Clauses + EU-U.S. Data Privacy Framework |
| Stripe Inc. (USA) | payment processing | Standard Contractual Clauses + EU-U.S. Data Privacy Framework |
A full list of sub-processors is kept and updated at least 30 days before any change.
6. Cookies
| Type | Name | Expiry | Purpose |
|---|---|---|---|
| strictly necessary | session_id | 7 days | keep you logged in |
| analytics | _pk_* | 13 months | anonymous usage stats |
You can refuse non-essential cookies via the banner or your browser settings.
7. Data retention
- Account & billing data — kept for the life of the account + 7 years (tax rules)
- Uploaded contact data — kept until you delete the list or 90 days after account closure
- Logs — 30 days, unless needed for security investigations
- Backups — encrypted, 35-day rolling window
8. Your rights
- access, rectification, erasure, restriction, portability and objection (GDPR Art. 15-21)
- withdraw consent where processing relies on consent
- opt-out of "sale" or "sharing" of personal data (CPRA, other U.S. laws)
- appeal any denial of your request within 30 days
- lodge a complaint with your supervisory authority (in Hungary: NAIH)
Submit requests at [email protected] or from Settings → Privacy in the app.
9. Security
- ISO 27001-hosted servers (EU)
- TLS 1.3 in transit, AES-256 at rest
- MFA required for all admin accounts
- Regular security audits and penetration tests
No method of transmission is 100% secure; therefore we cannot guarantee absolute security.
10. Changes
We post any material change here at least 14 days before it takes effect and e-mail account owners if legally required.
11. Contact
Questions about this privacy policy? [email protected]
Last reviewed: July 2025