Privacy Policy

1. Who we are

"Outbound Pass" ("we", "us") is the operator of the Outbound Founders' Pass membership program and the underlying products bundled into it. For the purposes of GDPR and similar laws, Outbound Pass is the data controller for membership data and a data processor for the data you upload into the products (e.g., contact lists, mailbox content).

2. What we collect

2.1 Membership data

• Name, email address, billing address, and payment method (the latter handled by Stripe).
• Company name, role, and other professional details you provide at signup.
• Founder enrollment number and cohort metadata.
• Login activity, IP address, device type, and basic analytics on how you use the member dashboard.

2.2 Product data

• ColdRelay: the email content you send, recipient addresses, and SMTP/sending logs.
• Handshake: LinkedIn account credentials (encrypted), connection lists, message templates and content.
• ZenVerifier: email addresses you submit for verification.
• LeadCart / QualifyFlow (when launched): search queries, lead lists you build, and signal subscriptions.
• Outbound Community: profile information, posts, comments, and engagement.

2.3 What we don't collect

We don't sell your data. We don't run third-party advertising trackers in the member dashboard or product apps (only privacy-preserving product analytics). We don't read or scan the personal content of your emails or LinkedIn messages outside of what's required to operate the products and protect against abuse.

3. Why we collect it (legal bases under GDPR)

Purpose	Lawful basis
Provide and operate the Pass and its products	Performance of contract
Process payments and renewals	Performance of contract
Send service communications (e.g., outage notices)	Legitimate interest
Send product marketing emails	Consent (you can opt out at any time)
Analytics & product improvement	Legitimate interest
Affiliate-program tracking and payouts	Performance of contract
Detect and prevent fraud, abuse, and spam	Legitimate interest, legal obligation
Comply with legal obligations	Legal obligation

4. Sub-processors

We use the following third parties to operate the Pass. Each has been vetted for adequate security and privacy practices, and a Data Processing Agreement (DPA) is in place with each.

Sub-processor	Purpose	Region
Stripe	Payment processing	USA / EU
Amazon Web Services	Cloud infrastructure	USA / EU
MillionVerifier	Email verification (ZenVerifier)	USA
Blitz API	Lead data (LeadCart)	USA
TheirStack	Signal data (QualifyFlow)	EU
Postmark / SendGrid	Transactional email	USA
Plausible / PostHog	Privacy-preserving product analytics	EU
Telegram	Founders' channel hosting	UAE / DE

A current list of sub-processors is maintained on this page. We will notify active members of any new sub-processor at least 30 days before they begin processing personal data, giving you the option to object or terminate before the change takes effect.

5. International transfers

If you are located outside the United States, your personal data may be transferred to and processed in the US (where some of our sub-processors are based). We rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (DPF) where applicable to provide an appropriate level of protection.

6. How long we keep it

Data type	Retention
Active membership data	For the duration of your membership
Membership data after cancellation	Up to 7 years (tax / accounting / legal)
Product data (lists, mailbox content)	Until you delete it, or 90 days after cancellation
Affiliate program data	Up to 7 years (tax)
Server logs	30–90 days, depending on log type
Marketing email subscribers	Until you unsubscribe, then deleted within 30 days

7. Your rights

Depending on your jurisdiction, you have rights including:

• Access: get a copy of the personal data we hold about you.
• Rectification: correct inaccurate data.
• Erasure: request deletion (subject to legal retention obligations).
• Portability: receive your data in a structured, machine-readable format.
• Restriction / objection: ask us to limit certain uses (e.g., direct marketing).
• Withdraw consent: for any processing based on consent, at any time.
• Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email founders@outboundpass.com with the subject line "Privacy request". We respond within 30 days.

8. Security

We use reasonable technical and organizational measures to protect personal data, including: encryption in transit (TLS 1.2+) and at rest; access controls and logging; isolated tenant environments; vetted sub-processors; periodic security reviews. No system is 100% secure, and we will notify affected members of any confirmed security incident involving their personal data within the timeframes required by applicable law.

9. Cookies & tracking

The marketing site (outboundpass.com) and member dashboard use a small number of cookies and similar technologies:

• Strictly necessary: session cookies to keep you logged in.
• Affiliate attribution: a 60-day cookie to credit the referring Founder when you sign up.
• Analytics: privacy-preserving (Plausible / PostHog) — no individual fingerprinting.

We do not run third-party ad-network trackers. Cookie preferences can be managed through the cookie banner on first visit (where applicable in your jurisdiction).

10. Children

The Pass is intended for business operators 18+ and is not directed at minors. We do not knowingly collect personal data from anyone under 18. If you believe a minor has signed up, please contact us so we can delete their data.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active members via email and reflected in the "last updated" date at the top. Continued use after notice of a material change constitutes acceptance.

12. Contact

Privacy questions, data subject requests, or DPA requests: founders@outboundpass.com (subject line "Privacy").