Privacy Policy
1. Who We Are
Telepath Pro is operated as a sole trader business by Tom Pople trading as Telepath Pro, with a registered address at 1 Bolsover Road, Hove, BN3 5HQ, United Kingdom.
We are registered with the Information Commissioner's Office (ICO) under registration number ZC101774.
For any privacy-related questions or requests, please contact us at: privacy@telepath.pro
2. What This Policy Covers
This Privacy Policy explains how Telepath Pro collects, uses, stores, and protects your personal data when you:
- Visit telepath.pro
- Use our free ICP report generation tool
- Sign up for a paid subscription
- Upload pipeline or CRM data to our platform
- Communicate with us by email
We are committed to protecting your personal data and operating in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
3. What Data We Collect
3.1 Data you provide directly
- Name and email address — when you request a free ICP report or create an account
- Payment information — billing name, address, and card details when you subscribe to a paid plan (processed and stored by Stripe — we never see or store your full card details)
- Company and deal data — when you upload a CSV of won deals or pipeline opportunities for analysis
3.2 Data we collect automatically
- IP address — collected for security purposes, rate limiting, and fraud prevention
- Usage data — pages visited, features used, and interactions with the platform (collected via Google Analytics)
- Cookies — see Section 9 for full details
3.3 Data we do NOT collect
We have specifically designed Telepath Pro to minimise personal data collection. When you upload CRM or pipeline data:
- We do not store contact names or personal details of your prospects or customers
- We do not store contact email addresses or phone numbers from your uploaded data
- We do not store free-text notes fields from your CRM
- We analyse and process company-level and deal-level data only
Your sales representatives' names and email addresses may be stored as part of deal attribution data where provided. This is covered under our legitimate interest in providing accurate ICP analysis.
4. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing the Telepath Pro service | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Generating ICP reports and pipeline scoring | Contract performance |
| Sending service-related emails and reports | Contract performance |
| Security, fraud prevention, and rate limiting | Legitimate interests |
| Improving our product and understanding usage patterns | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Sending marketing emails (where opted in) | Consent |
5. Who We Share Your Data With
We use the following third-party service providers (sub-processors) to deliver our service. Each is bound by appropriate data processing agreements and operates under privacy standards consistent with UK GDPR:
| Provider | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing and subscription management | USA (EU-US Data Privacy Framework) | stripe.com/privacy |
| Supabase | Database hosting and authentication | EU (Ireland) | supabase.com/privacy |
| Vercel | Website and application hosting | USA (Standard Contractual Clauses) | vercel.com/legal/privacy-policy |
| OpenAI | Vector embeddings and fallback AI analysis | USA (Standard Contractual Clauses) | openai.com/privacy |
| Anthropic | AI-powered report generation and insights | USA (Standard Contractual Clauses) | anthropic.com/privacy |
| Resend | Transactional email delivery | USA (Standard Contractual Clauses) | resend.com/privacy |
| Upstash | Rate limiting and security (Redis) | EU | upstash.com/privacy |
| Puppeteer/Chromium | PDF report generation | Runs locally on our servers | N/A |
| Google Analytics (GTM) | Marketing analytics (consent-gated) | USA (EU-US Data Privacy Framework) | policies.google.com/privacy |
| Google (Gemini) | Fallback AI analysis | USA (Standard Contractual Clauses) | cloud.google.com/privacy |
| Google Drive | PDF report storage | USA (EU-US Data Privacy Framework) | policies.google.com/privacy |
| Apollo.io | Company enrichment | USA (Standard Contractual Clauses) | apollo.io/privacy |
| Companies House API | UK company data | UK | gov.uk/government/organisations/companies-house/about/personal-information-charter |
| Brandfetch | Brand data extraction | USA (Standard Contractual Clauses) | brandfetch.com/privacy |
| Sentry | Error monitoring | EU (Standard Contractual Clauses) | sentry.io/privacy |
| Axiom | Logging and observability | USA (Standard Contractual Clauses) | axiom.co/privacy |
| PostHog | Product analytics (pageviews only) | EU (Standard Contractual Clauses) | posthog.com/privacy |
| Hostinger | Compute processing (VPS) | UK | hostinger.com/privacy |
We do not sell your personal data to any third party. We do not share your data with advertisers.
6. Data Uploaded to Our Platform
When you upload CRM or pipeline data to Telepath Pro — whether as a free report user or a paid subscriber — you remain the data controller for that data. Telepath Pro acts as a data processor on your behalf.
Free report users: your data is processed solely to generate your ICP report and is permanently deleted after 90 days. No account or subscription is required.
Paid subscribers: processing is governed by our full Data Processing Agreement at telepath.pro/data-processing-agreement, which is automatically incorporated into your subscription.
We process uploaded data solely for the purpose of providing ICP analysis and pipeline scoring. We do not use your uploaded business data to train AI models, share it with other customers, or use it for any purpose beyond delivering your requested analysis.
When you connect your CRM, Telepath Pro writes pipeline intelligence scores and recommendations back to your deal records via custom properties prefixed with telepath_. We never modify or delete any of your existing CRM fields.
Our Data Processing Agreement (DPA) is published at telepath.pro/data-processing-agreement and is automatically incorporated into our Terms of Service for all paid subscribers. Enterprise customers requiring a countersigned copy can request one at privacy@telepath.pro.
7. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Active customer account data | Duration of subscription |
| ICP reports and analysis | Duration of subscription |
| Pipeline scoring sessions | 30 days from creation |
| Post-cancellation account data | 30 days after cancellation, then permanently deleted |
| Free report user data | 90 days from report generation, then permanently deleted |
| Payment records | 7 years (legal requirement for financial records) |
| Security and access logs | 90 days |
After the applicable retention period, your data is permanently and irreversibly deleted from our systems and all sub-processor systems.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of access — You can request a copy of all personal data we hold about you.
Right to rectification — You can ask us to correct inaccurate or incomplete personal data.
Right to erasure — You can ask us to delete your personal data. You can also do this directly from your account Settings page at any time.
Right to restriction — You can ask us to restrict processing of your data in certain circumstances.
Right to data portability — You can request your data in a machine-readable format.
Right to object — You can object to processing based on legitimate interests, including for direct marketing.
Rights related to automated decision-making — Our ICP scoring involves automated analysis. You have the right to request human review of any automated decisions that significantly affect you.
To exercise any of these rights, please email privacy@telepath.pro. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk/concerns.
9. Cookies
Strictly necessary cookies
- Session authentication cookie — keeps you logged in (30 days, httpOnly, secure)
telepath_cookie_consent— remembers your analytics preference (1 year)
Analytics cookies (optional — only set if you consent)
- Google Analytics cookies (
_ga,_gid) via Google Tag Manager — consent-gated, only loads if you accept cookies via our cookie banner. No personally identifiable information is collected. You can withdraw consent at any time by clicking “Cookie Settings” in the footer, or opt out globally at tools.google.com/dlpage/gaoptout
No tracking cookies are set until you explicitly consent. You can change your preference at any time via the Cookie Settings link in the footer. Disabling analytics cookies will not affect the functionality of the service.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- All data transmitted to and from telepath.pro is encrypted using TLS 1.2 or higher (HTTPS)
- Database data is encrypted at rest using AES-256 on SOC 2 Type II certified infrastructure (Supabase Cloud, EU West Ireland)
- API tokens and authentication credentials are encrypted using industry-standard algorithms
- Access to production systems is restricted and requires SSH key-based authentication (password authentication disabled)
- Compute processing hosted on Hostinger VPS, United Kingdom (ISO/IEC 27001:2022 certified)
- Dual-layer firewall: network-level firewall plus OS-level firewall, deny-all default policy
- All application traffic routed through Traefik reverse proxy for TLS termination
- No application ports directly exposed to the internet
- We conduct regular security reviews of our codebase and infrastructure
- All sub-processors are required to maintain appropriate security standards
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and will notify affected individuals without undue delay.
11. International Data Transfers
Some of our sub-processors are located outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework — for US-based providers certified under this framework (Stripe, Google Analytics, Google Drive)
- Standard Contractual Clauses (SCCs) — for other US-based providers (OpenAI, Anthropic, Vercel, Resend, Google (Gemini), Apollo.io, Brandfetch, Axiom)
- Adequacy decisions — for transfers to countries deemed adequate by the UK government
- Domestic (UK) — Hostinger and Companies House API are UK-based and do not require international transfer safeguards
12. Children's Privacy
Telepath Pro is a business-to-business service intended for use by professionals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. Your continued use of the service after notification constitutes acceptance of the updated policy.
14. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data:
Email: privacy@telepath.pro
Post: Telepath Pro, 1 Bolsover Road, Hove, BN3 5HQ, United Kingdom
ICO Registration: ZC101774
We aim to respond to all privacy enquiries within 5 business days.