Privacy Policy

profileAPI Privacy Policy

Last Updated: April 24, 2026

This Privacy Policy explains how Truebase, Inc., a Delaware corporation doing business as profileAPI ("profileAPI," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with our websites, applications, documentation, APIs, MCP Server, data services, data feeds, GTM Engineering Services, professional services, and related products and services (collectively, the "Services").

Truebase, Inc. is the legal entity providing the Services. profileAPI is our trade name and product brand.

Our mailing address is 1151 Walker Rd Ste 100, PMB 285, Dover, DE 19904. Privacy and legal requests may be sent to [email protected].

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information we process when you:

  • visit profileapi.com or our related websites;

  • create an account or use our application;

  • request API access or generate API keys;

  • use our APIs, MCP Server, data feeds, documentation, or self-serve tools;

  • purchase, evaluate, or subscribe to the Services;

  • submit information through forms, email, support, sales, or proof-of-concept workflows;

  • interact with us as a customer, prospect, user, supplier, partner, or business contact;

  • appear in professional or business data made available through the Services.

This Privacy Policy does not apply to third-party websites, applications, platforms, or services that we do not control.

If we process personal information on behalf of a customer under a signed agreement, order form, or data processing addendum, we generally act as that customer's processor or service provider for that processing. In those cases, the customer's agreement with us and the customer's own privacy policy may also apply.

2. Personal Information We Collect

We collect different categories of personal information depending on how you interact with us.

2.1 Information You Provide to Us

We may collect information that you provide directly, including:

  • name;

  • business email address;

  • phone number;

  • company name;

  • job title and role;

  • account login information;

  • billing and payment-related information;

  • support requests and communications;

  • sales, demo, trial, proof-of-concept, or onboarding information;

  • files, CSVs, identifiers, prompts, workflow requirements, ICP definitions, persona definitions, campaign requirements, suppression lists, messaging inputs, and other materials you submit to the Services.

2.2 Account, Usage, and Technical Information

When you use the Services, we may collect:

  • IP address;

  • device and browser information;

  • log data;

  • cookie and similar technology data;

  • pages viewed and actions taken on our websites;

  • account activity;

  • API usage, endpoints called, request metadata, response metadata, and usage volumes;

  • MCP Server usage, tool calls, prompts, instructions, workflow metadata, and connected client metadata;

  • webhook, integration, and delivery metadata;

  • authentication, security, and audit logs;

  • billing, credit, subscription, and plan usage information.

2.3 Customer Data

Customers may provide or connect data to the Services so we can perform enrichment, analysis, workflow configuration, campaign setup, data operations, GTM Engineering Services, or related services.

Customer Data may include:

  • customer records;

  • prospect, lead, account, contact, vendor, partner, or user records;

  • business identifiers;

  • professional contact information;

  • firmographic information;

  • employment and role information;

  • email addresses, phone numbers, domains, company websites, LinkedIn URLs, and similar identifiers;

  • prompts, agent instructions, workflow metadata, campaign requirements, and messaging inputs;

  • CRM, marketing automation, sales engagement, cloud storage, or other third-party tool data that customers authorize us to access.

2.4 Professional and Business Data in Our Services

profileAPI provides business data about companies, people, and contacts. We may collect, receive, infer, generate, license, or otherwise process professional and business-related personal information, including:

  • name;

  • business email address;

  • business phone number;

  • employer or company affiliation;

  • job title, seniority, role, department, and function;

  • professional profile information;

  • professional social profile URLs and identifiers;

  • employment history and professional background;

  • business location information;

  • company, account, and firmographic context;

  • professional interests, expertise, or skills where business-related;

  • inferred business traits, classifications, scores, signals, and recommendations;

  • confidence scores and matching metadata;

  • source, timestamp, freshness, and verification metadata.

We do not design the Services for consumer credit, tenant screening, employment eligibility, insurance eligibility, healthcare eligibility, legal decisions, or other high-risk decisions about individuals.

2.5 Inferences and Derived Data

We may infer, derive, normalize, enrich, classify, score, or otherwise generate additional information from data we collect or receive. For example, we may infer business traits, professional classifications, company attributes, likely departments, confidence scores, market categories, role categories, or change signals.

2.6 Payment Information

If you purchase paid Services, payment information may be processed by third-party payment processors. We may receive limited payment-related information such as billing contact, payment status, invoice history, transaction identifiers, and card brand or last four digits, but we do not store full payment card numbers unless expressly stated by the payment processor.

3. Sources of Personal Information

We may collect personal information from:

  • you directly;

  • your employer or organization;

  • customers and users of the Services;

  • public websites and publicly available sources;

  • company websites, career pages, investor pages, press pages, blogs, and public directories;

  • public or professional profiles and professional networks;

  • data providers, enrichment providers, identity providers, verification providers, and business data partners;

  • CRM, marketing automation, sales engagement, cloud storage, analytics, support, and other third-party tools that customers connect or authorize;

  • service providers and subprocessors;

  • business partners, referrals, and event sources;

  • our own analysis, matching, inference, enrichment, and quality processes.

4. How We Use Personal Information

We use personal information to:

  • provide, operate, maintain, secure, and improve the Services;

  • create and manage accounts;

  • authenticate users and issue API keys or access credentials;

  • process transactions, billing, credits, usage, subscriptions, and payments;

  • deliver API responses, MCP Server outputs, data feeds, enrichments, recommendations, classifications, and other outputs;

  • perform identity resolution, matching, enrichment, verification, inference, scoring, classification, and data quality processes;

  • provide GTM Engineering Services, professional services, support, onboarding, and customer success;

  • configure integrations, workflows, webhooks, automations, cloud deliveries, and connected systems;

  • respond to requests, questions, support tickets, sales inquiries, legal requests, and privacy requests;

  • send administrative messages, product notices, security notices, service updates, and billing notices;

  • send marketing communications where permitted by law;

  • analyze usage, performance, reliability, security, capacity, and product effectiveness;

  • detect, prevent, investigate, and respond to fraud, abuse, security incidents, policy violations, platform risk, and illegal activity;

  • comply with legal obligations and enforce our agreements;

  • develop, test, improve, and train systems, models, workflows, and services, subject to our contractual commitments and applicable law;

  • generate aggregated, anonymized, or de-identified data for analytics, benchmarking, capacity planning, quality improvement, and service improvement.

5. Legal Bases for Processing

Where applicable law requires a legal basis for processing personal information, we may rely on one or more of the following:

  • Contract: to provide the Services, manage accounts, process payments, and perform agreements;

  • Legitimate Interests: to operate, improve, secure, market, and develop the Services; provide business data services; prevent fraud and abuse; and support business-to-business workflows;

  • Consent: where we ask for consent, such as for certain marketing communications or cookies where required;

  • Legal Obligations: to comply with law, respond to lawful requests, maintain records, and enforce rights;

  • Customer Instructions: when we process personal information as a processor or service provider on behalf of a customer.

6. How We Disclose Personal Information

We may disclose personal information to:

6.1 Customers and Users

We make business and professional data available to customers and authorized users through the Services, including APIs, MCP Server outputs, data feeds, dashboards, files, enrichments, and deliverables.

Customers are responsible for using the data they receive from the Services in compliance with applicable law, their own privacy notices, and their agreements with us.

6.2 Service Providers and Subprocessors

We may disclose personal information to service providers, subprocessors, and contractors who help us operate the Services, including hosting, cloud infrastructure, storage, security, analytics, support, communications, payments, billing, CRM, data processing, verification, enrichment, and operational tools.

6.3 Data Partners and Providers

We may disclose or receive personal information from data partners, enrichment providers, verification providers, identity providers, and other business data partners as necessary to provide, verify, improve, or operate the Services.

6.4 Integrations and Customer-Directed Destinations

At a customer's direction, we may disclose or deliver information to third-party destinations such as CRM systems, marketing automation platforms, sales engagement tools, cloud storage buckets, SFTP destinations, data warehouses, AI tools, MCP clients, agent frameworks, webhooks, or other systems.

6.5 Legal, Safety, and Compliance

We may disclose information if we believe disclosure is required or appropriate to comply with law, legal process, government requests, sanctions/export requirements, tax requirements, security obligations, or to protect the rights, safety, security, integrity, or property of profileAPI, our customers, users, third parties, or the public.

6.6 Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, diligence process, or similar corporate transaction.

6.7 Professional Advisors

We may disclose information to lawyers, auditors, accountants, insurers, banks, and other professional advisors where necessary for business, legal, compliance, insurance, accounting, or financial purposes.

7. Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, and similar technologies to operate our websites and Services, remember preferences, authenticate users, understand usage, improve performance, analyze traffic, secure the Services, and support marketing.

Cookies may be set by us or by third-party providers acting on our behalf. You can control cookies through your browser settings and, where available, through cookie consent tools on our website.

If you disable certain cookies, some website or Service features may not work properly.

8. Your Privacy Choices

Depending on where you live and how we process your personal information, you may have rights to:

  • access personal information about you;

  • correct inaccurate personal information;

  • delete personal information;

  • obtain a copy of personal information;

  • opt out of certain sales, sharing, targeted advertising, or profiling where applicable;

  • restrict or object to certain processing;

  • withdraw consent where processing is based on consent;

  • appeal a denied privacy request where applicable.

To submit a privacy request, email [email protected] with the subject line "Privacy Request." Please include enough information for us to understand, verify, and process your request.

We may need to verify your identity and authority before fulfilling a request. If you submit a request on behalf of someone else, we may require proof of authorization.

9. Opt-Out Requests for Business Contact Data

If you believe your professional or business contact information appears in profileAPI data and you want to request access, correction, deletion, or opt-out, email [email protected] with the subject line "Business Data Privacy Request."

Please include the information needed to locate the relevant record, such as your name, business email, company, professional profile URL, or other relevant business identifier.

We will evaluate and respond to requests as required by applicable law. In some cases, we may retain limited information to honor opt-outs, maintain suppression records, prevent re-collection, comply with law, resolve disputes, enforce agreements, prevent abuse, or maintain security.

10. U.S. State Privacy Notice

Residents of certain U.S. states may have additional rights under applicable privacy laws.

10.1 Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information:

  • Identifiers, such as name, business email, business phone number, account identifiers, IP address, and online identifiers;

  • Personal information described in certain state privacy laws, such as contact information and billing information;

  • Commercial information, such as subscription, transaction, billing, usage, and customer relationship information;

  • Internet or electronic network activity information, such as website, app, API, MCP Server, and account usage information;

  • Geolocation information, such as approximate location inferred from IP address or business address information;

  • Professional or employment-related information, such as job title, employer, role, seniority, department, professional background, and professional profile information;

  • Inferences, such as inferred business traits, classifications, scores, segments, confidence scores, signals, and recommendations;

  • Sensitive personal information, only where incidentally provided by you or a customer and not intentionally requested for the Services.

10.2 Purposes

We collect and use these categories of personal information for the purposes described in this Privacy Policy, including providing the Services, operating a business data platform, supporting customers, billing, security, compliance, marketing, analytics, and service improvement.

10.3 Disclosure, Sale, and Sharing

We may disclose the categories of personal information listed above to the categories of recipients described in this Privacy Policy.

Because profileAPI provides business and professional data to customers, some disclosures of professional or business contact information may be considered a "sale" or "sharing" under certain U.S. state privacy laws, even if no money is exchanged for a specific record.

You may request to opt out of applicable sale, sharing, targeted advertising, or profiling by emailing [email protected] with the subject line "Opt-Out Request."

We do not knowingly sell or share personal information of individuals under 16 years old.

10.4 Sensitive Personal Information

We do not intentionally collect or use sensitive personal information to infer characteristics about individuals. The Services are designed for business and professional data, not sensitive personal information.

10.5 Non-Discrimination

We will not discriminate against you for exercising privacy rights, except as permitted by law.

11. European, UK, and International Privacy Rights

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar laws, you may have rights to access, correct, delete, restrict, object to processing, request portability, and lodge a complaint with a supervisory authority.

Where we act as a controller, you may submit requests to [email protected].

Where we process personal information on behalf of a customer as processor or service provider, we may refer your request to that customer or act on that customer's instructions.

12. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud and abuse, maintain security, honor opt-outs, and operate our business.

Retention periods vary depending on the type of information, the nature of the Services, customer instructions, legal requirements, contractual obligations, and operational needs.

We may retain aggregated, anonymized, or de-identified information that does not reasonably identify you.

13. Security

We use reasonable technical, organizational, and administrative measures designed to protect personal information. These measures may include access controls, encryption in transit and at rest, logging and monitoring, backups, least privilege controls, vulnerability management, and change control.

No system is completely secure. You are responsible for securing your accounts, credentials, API keys, tokens, connected systems, cloud destinations, agents, MCP clients, and downstream systems.

14. International Transfers

We are based in the United States and may process information in the United States and other countries. These countries may have privacy laws that differ from those where you live.

Where required, we use appropriate transfer mechanisms, such as standard contractual clauses, data processing agreements, or other lawful mechanisms.

15. Children's Privacy

The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 16.

If you believe a child has provided personal information to us, please contact [email protected].

16. Third-Party Links and Services

Our websites and Services may link to third-party websites, platforms, documentation, applications, integrations, or services. We are not responsible for the privacy practices of third parties. Your use of third-party services is governed by their privacy policies and terms.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the "Last Updated" date, posting the updated policy, sending notice, or using another reasonable method.

Your continued use of the Services after an updated Privacy Policy becomes effective means that you acknowledge the updated policy.

18. Contact Us

Truebase, Inc., d/b/a profileAPI

1151 Walker Rd Ste 100, PMB 285

Dover, DE 19904

Email: [email protected]