Privacy Policy

Last updated: July 16, 2026

This Privacy Policy describes how Sightivo ("we," "us," or "our") collects, uses, and shares information about you when you use our website and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password.
  • Payment Information: If you subscribe to a paid plan, our payment processor, Stripe, collects and processes your billing information. We do not store full credit card numbers.
  • Imported Data: Backlink data, domain information, and contact lists you import from SEMrush, Ahrefs, CSV files, or other sources.
  • Outreach Content: Email templates, sequences, and drafts you create within the Service.
  • API Credentials: API keys for third-party services you connect (stored encrypted).
  • Connected Mailboxes: If you connect an email mailbox (such as Gmail or Microsoft/Outlook) to send outreach, we receive an OAuth authorization token that permits us to send messages on your behalf. We store these tokens encrypted, use them only to send the emails you compose and approve, and do not use them to read your inbox. See Sections 14 and 15 for how we handle Google and Microsoft account data.
  • Communications: Information you provide when contacting support or providing feedback.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent on the Service.
  • Device Information: Browser type, operating system, device identifiers, IP address.
  • Cookies: We use cookies and similar technologies for authentication, preferences, and analytics.
  • Session Replay: We use session replay technology (currently LogRocket) to record your interactions with the Service — such as mouse movements, clicks, scrolling, page navigation, and console and network activity — to help us diagnose issues and improve usability. Sensitive input fields, such as passwords and payment details, are masked and are not captured.
  • Log Data: Server logs including access times, pages viewed, and referring URLs.

1.3 Information from Third Parties

  • SEO Platforms: When you connect SEMrush or Ahrefs, we receive backlink and domain data from those services.
  • Google Search Console & Google Analytics: When you connect these accounts, we receive your site's search performance and traffic data (such as queries, clicks, impressions, and sessions) to power reporting and recommendations. Our use of this data follows the Google Limited Use requirements described in Section 14.
  • Data Enrichment Providers: We may receive contact information (names, email addresses, job titles, social profiles) from third-party data providers to help you identify outreach contacts.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process backlink data and identify outreach opportunities
  • Enrich contact information for your outreach campaigns
  • Enable you to create and manage email sequences
  • Facilitate data export to third-party email tools
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmations, password resets, billing)
  • Send product updates and marketing communications (with your consent where required)
  • Respond to support requests and inquiries
  • Analyze usage patterns to improve the Service
  • Detect, prevent, and address security issues or fraud
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: With vendors who help us provide the Service (hosting, analytics, payment processing, email delivery, data enrichment). These providers are contractually required to protect your information.
  • Third-Party Integrations: When you export data to Apollo, Instantly, or other tools, that data is shared with those services subject to their privacy policies.
  • Legal Requirements: When required by law, court order, or government request, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: When you explicitly authorize us to share information.

Key service providers and subprocessors we currently rely on include:

  • Cloudflare: Website and application hosting, content delivery, and database infrastructure.
  • Google (Tag Manager / Analytics): Website analytics and tag management.
  • LogRocket: Product analytics and session replay to help us diagnose issues and improve the Service.
  • SendGrid (Twilio): Transactional, waitlist, and notification email delivery.
  • Calendly: Scheduling demo and sales calls.
  • Stripe: Billing and subscription payment processing (we do not store full card numbers).
  • Data Enrichment Providers: Supplying contact information used to identify outreach contacts.

This list may change as our Service evolves. We maintain a current list of subprocessors and will provide it on request at [email protected].

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion, we will delete or anonymize your data within 90 days, except where retention is required for legal compliance, dispute resolution, or fraud prevention. Backups may retain data for up to 180 days.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest
  • Secure password hashing
  • Encrypted storage of API credentials
  • Regular security assessments
  • Access controls limiting employee access to data

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your personal information.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent.
  • Marketing Opt-Out: Unsubscribe from marketing emails using the link in any marketing message.

To exercise these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality.
  • Analytics Cookies: Help us understand how visitors use the Service. We use Google Tag Manager and Google Analytics for this purpose.
  • Session Replay: LogRocket sets identifiers to associate recorded sessions with your account and diagnose issues.
  • Preference Cookies: Remember your settings and preferences.

Some of these cookies and technologies are set by the third-party providers listed in Section 3, and their use of the information they collect is governed by their own privacy policies. You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

8. International Data Transfers

We are based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws. By using the Service, you consent to such transfers. Where required, we use appropriate safeguards such as Standard Contractual Clauses for transfers from the EU/EEA.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt out of the "sale" of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected].

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • We process your data based on: (a) contract performance (to provide the Service), (b) legitimate interests (analytics, security, improvement), or (c) consent (marketing communications).
  • You have rights to access, rectify, erase, restrict processing, data portability, and object to processing.
  • You may lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Google User Data and Limited Use

If you connect a Google account — for example to send outreach email (Gmail) or to import your search and traffic data (Google Search Console and Google Analytics) — Sightivo's access to and use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

  • We request only the minimum scopes necessary for the features you enable — for example, permission to send email on your behalf (we do not request access to read, modify, organize, or delete the messages in your inbox), or read-only access to your Google Search Console and Google Analytics data.
  • We use Google user data solely to provide and improve the features you enable — such as delivering the outreach emails you approve, or generating reporting and recommendations from your search and traffic data.
  • We do not use Google user data for advertising, and we do not sell it.
  • We do not transfer Google user data to others except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger or acquisition, and only in ways consistent with the Limited Use requirements.
  • We do not allow humans to read your Google user data unless we have your affirmative consent, it is necessary for security purposes or to comply with applicable law, or the data has been aggregated and anonymized.
  • We store the OAuth tokens that authorize sending in encrypted form and delete them when you disconnect the mailbox or close your account.

You can revoke Sightivo's access at any time from your account settings or through your Google Account permissions page.

15. Microsoft User Data

If you connect a Microsoft account (such as Outlook or Microsoft 365) to send outreach emails, our access to and use of your Microsoft account data is governed by the Microsoft APIs Terms of Use and follows the same principles described in Section 14: we request only the minimum permissions needed to send the emails you approve, we do not read your inbox, we use the data solely to provide the sending features you enable, we do not sell it or use it for advertising, and we store the authorization tokens encrypted and delete them when you disconnect the mailbox or close your account. You can revoke Sightivo's access at any time from your account settings or your Microsoft account app permissions.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Sightivo, Inc.
1150 Clay St, Suite 1303
Oakland, CA 94612
Email: [email protected]