GDPR Compliance

Last Updated: February 16, 2026

General Data Protection Regulation (GDPR)

LinkDaddy Outreach is committed to protecting the privacy and security of personal data in accordance with the EU General Data Protection Regulation (GDPR). This policy outlines how we collect, process, store, and protect personal data of individuals in the European Economic Area (EEA).

1. Data Controller

LinkDaddy® (parent organization of LinkDaddy Outreach) acts as the data controller for all personal data processed through our platform.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: You have given explicit consent for us to process your personal data for specific purposes (e.g., email marketing campaigns).
  • Contract: Processing is necessary for the performance of a contract to which you are a party (e.g., service delivery).
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, network security).
  • Legal Obligation: Processing is necessary to comply with legal obligations (e.g., tax reporting, anti-money laundering).

3. Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Name, email address, company name, billing address
  • Usage Data: IP address, browser type, device information, access times
  • Campaign Data: Prospect email addresses, company names, interaction history
  • Payment Information: Credit card details (processed securely through Stripe)

4. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:

  • Account Data: Retained for the duration of your account plus 7 years for tax/legal compliance
  • Campaign Data: Retained for 2 years after campaign completion
  • Usage Logs: Retained for 90 days

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all third-party processors
  • Encryption in transit and at rest

7. Third-Party Processors

We share personal data with the following categories of third-party processors:

  • Email Service Providers: Postmark, SendGrid, Mailgun, Brevo, Mailforge, ElasticEmail, SMTP2GO
  • Payment Processor: Stripe (PCI DSS Level 1 certified)
  • Cloud Infrastructure: Manus (SOC 2 Type II certified)
  • Analytics: Umami (privacy-focused, GDPR-compliant)

8. Data Security

We implement industry-standard security measures:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA) for account access
  • Regular security audits and penetration testing
  • Access controls and role-based permissions

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR. For a list of EU data protection authorities, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en

11. Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

13. Updates to This Policy

We may update this GDPR policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect.

14. Contact Information

For questions about this GDPR policy or our data practices, please contact: