Privacy Policy

We may collect the following categories of data:

• Account Data: name, email address, password, organization, role, subscription details.
• Usage Data: device identifiers, IP address, browser type, user-agent, login timestamps, product interactions.
• Integration Data: when you connect third-party services (LinkedIn, Gmail, Outlook, Calendar, Slack, CRMs, Notion, etc.), we access only the data necessary to provide features.
• Network & Enrichment Data: LinkedIn public profile information (connections, skills, education, work history, posts).
• Mission Data: data you input into projects, pipelines, searches, notes, or uploaded files.
• Communication Data: email metadata, meeting summaries, transcripts, documents, tags, and contextual links.
• Payment Data: billing details, payment method, invoices (processed securely by Stripe or GoCardless).

We do not knowingly collect sensitive data (government IDs, financial account numbers, or health data).

We process your data to:

• Provide and operate the Service (account creation, onboarding, authentication).
• Map and enrich your professional network.
• Enable missions, search, lead extraction, and insights.
• Support AI-driven features (e.g. suggested emails, summaries, warm-path recommendations).
• Improve the Service through analytics, debugging, and feedback.
• Manage subscriptions, billing, and customer support.
• Ensure compliance with legal obligations.

We never sell your data. Data is only used to deliver or improve the Service.

Under GDPR, we rely on the following bases:

• Contract: to provide the Service you subscribed to.
• Legitimate Interests: to improve the Service, prevent fraud, and ensure security.
• Consent: for optional integrations, cookies, and marketing communications.
• Legal Obligations: to comply with accounting, tax, or regulatory requirements.

• You: information you provide when creating an account, using the extension, uploading files, or creating missions.
• Third-Party Integrations: data accessed from services you explicitly connect (Google, Microsoft, LinkedIn, CRMs, etc.).
• Publicly Available Sources: LinkedIn profiles, websites, or company data, where lawful.

We may share your personal data only with:

• Service providers (hosting, analytics, customer support, payment processors).
• Legal authorities if required by law.

We do not sell or rent personal data.

• Data is stored primarily in the EU/EEA.
• If transferred outside the EEA, we use Standard Contractual Clauses (SCCs) or equivalent safeguards.

We apply industry-standard security measures including encryption, access control, monitoring, and regular audits. Despite this, no system is fully secure. If a breach occurs, we will notify affected users and relevant authorities without undue delay.

We retain your data only as long as necessary:

• Account data: while you maintain an active account.
• Integration data: while the integration is active, deleted upon revocation.
• Usage logs: up to 12 months.
• Billing records: up to 7 years (legal requirement).
• Uploaded files/transcripts: until deleted by you or upon account closure.

Under GDPR and CCPA, you have the right to:

• Access your data.
• Correct inaccurate data.
• Delete your data.
• Restrict or object to processing.
• Data portability (export your data).
• Withdraw consent (for integrations or marketing).
• Lodge a complaint with your supervisory authority.

Requests can be made at support@sumbios.ai.

We use cookies and similar technologies to:

• Keep you signed in.
• Analyze usage (e.g. Segment, Amplitude).
• Support customer communication (e.g. Intercom).
• Marketing and referral tracking (with consent).

You can manage or revoke consent at any time via our cookie banner.

'◯' uses AI models and agents to:

• Suggest searches, leads, and outreach messages.
• Summarize conversations, posts, and transcripts.
• Analyze signals and relationship strengths.

We do not use your private data to train shared models unless anonymised and aggregated. Automated suggestions always require user approval.

When you install the Sumbios browser extension, it accesses your LinkedIn session via your active tab and session cookie to:

• Map your connections and enrich your profile graph.
• Enable search, exploration, and activity tracking.
• Provide lead extraction and signal analysis.

We only access the minimum data necessary. You may revoke access at any time by uninstalling the extension or disconnecting LinkedIn.

We may update this Policy to reflect changes in law or our Service. Updates will be posted on our website. For material changes, we will notify you by email or in-app before they take effect.