Skip to content

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how ExtractData (referenced here as "we", "us", or "our") collects, uses, and protects information when you visit extract-data.com or use our service. By using ExtractData you agree to the terms described below.

1. Information We Collect

We collect three categories of information:

  • Account data. When you register, we collect your name, email address, and a hashed (never plaintext) password. If you upgrade to a paid plan, Stripe collects and stores your payment method on our behalf — we never see or store card numbers.
  • Usage data. We log searches you run (zipcode, business type, timestamp), features you use, saved lead lists, and quota counters. This data is tied to your account and used to enforce plan limits, improve the product, and surface your own usage history to you.
  • Technical data. Like most websites, we log IP address, browser user-agent, referrer, and request paths for security, debugging, and analytics. These logs are rotated every 30 days.

2. How We Use Information

We use the information we collect to:

  • Deliver the ExtractData service — running searches, storing your lead lists, enforcing plan limits.
  • Bill your subscription and send transactional emails (receipts, password resets, account notices).
  • Send occasional product announcements — you can opt out of these at any time.
  • Detect and prevent abuse, fraud, and violations of our Terms of Service.
  • Comply with legal obligations (tax reporting, lawful requests from authorities).

We do not sell your personal data. We do not share it with advertisers. We do not build shadow profiles.

3. Cookies & Tracking

ExtractData uses first-party cookies for three purposes: session management (keeping you logged in), CSRF protection (preventing cross-site request forgery), and a remember-me token if you check that box at login. We do not use third-party advertising cookies or cross-site tracking pixels.

We may use a privacy-respecting analytics service to understand aggregate product usage (page views, feature adoption). Any such analytics are configured to anonymize IP addresses and never track individual users across other sites.

4. Third-Party APIs

ExtractData's core functionality depends on several third-party services. When you run a search or use a paid feature, we pass the relevant inputs (e.g. zipcode and business type) to these providers:

  • Google Places API — core business lookups. Subject to Google's terms and privacy policy.
  • Yelp Fusion API — cross-reference ratings and reviews. Subject to Yelp's terms and privacy policy.
  • Outscraper — deep enrichment data for Pro and Agency tiers.
  • SerpAPI — Google SERP data for Agency tier.
  • Anthropic (Claude AI) — AI-generated emails, summaries, and market reports. We do not send your account data to Anthropic, only the business fields required to generate output.
  • Stripe — payment processing. Stripe collects and stores payment methods under its own PCI-compliant infrastructure.

We do not authorize these providers to use your data for their own marketing or model training beyond what's strictly required to deliver the service.

5. Data Retention

Account and billing data are retained for the life of your account plus 90 days after deletion, to handle chargebacks and legal holds. Server logs are rotated every 30 days. Lead lists you save remain in your account until you delete them or close your account.

You can delete your account at any time from your dashboard. Account deletion purges your lists, searches, and personal data within 30 days (subject to legal retention requirements for financial records).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (right to erasure).
  • Export your data in a portable format.
  • Object to or restrict certain processing activities.

To exercise any of these rights, email us at hello@extract-data.com. We respond to verified requests within 30 days.

7. Security

We protect your data with HTTPS everywhere, bcrypt password hashing, CSRF tokens on all state-changing requests, strict session cookie settings (HttpOnly, Secure, SameSite), and regular security reviews. No system is perfectly secure, but we take reasonable and industry-standard measures.

8. Children

ExtractData is a B2B product and not directed to children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to active users at least 14 days before they take effect. Continued use of ExtractData after an update constitutes acceptance of the revised policy.

10. Contact

Questions, concerns, or privacy-related requests can be sent to hello@extract-data.com. We aim to respond within two business days.