Privacy Policy
1. Data Controller
answer-me ("we", "our", "us") operates the answer-me platform, an AI-powered multichannel inbox for sales teams. This privacy policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable French data protection laws. The data controller is the legal entity operating answer-me, contactable at privacy@answer-me.ai.
2. Data We Collect
Account data
When you create an account, we collect your name, email address, and password (hashed with industry-standard algorithms). If you connect third-party services, we store OAuth tokens encrypted with AES-256-GCM.
Conversation data
Messages received from your prospects (via email, LinkedIn, or other connected channels) are stored to enable AI-powered reply generation. This includes sender name, email address, LinkedIn profile URL, and message content.
AI-generated content
Draft replies generated by our AI are stored and associated with your conversations. Your feedback (ratings, refinement notes) is stored to improve generation quality for your workspace only — we never share your data across workspaces.
Enrichment data
When you use prospect enrichment features, we may store publicly available professional information (job title, company, LinkedIn activity) obtained from third-party providers you have configured. With "Bring Your Own Key" (BYOK) providers (Apollo, Clearbit, Kaspr, Lusha, PhantomBuster, Datagma), your API keys are stored encrypted and data is fetched directly from those providers on your behalf.
Technical data
We log IP addresses, user-agent strings, and timestamps for security and fraud prevention. These logs are retained for 30 days.
3. Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the service you subscribed to.
- Legitimate interest (Art. 6(1)(f) GDPR): Maintaining security, preventing abuse, and aggregated analytics.
- Consent (Art. 6(1)(a) GDPR): Optional analytics cookies, enrichment providers, and AI training opt-in.
4. AI Data Processing
We use third-party AI services to generate reply suggestions:
- Anthropic (Claude): Generates prospect replies. Conversation context is sent to the Anthropic API. Anthropic does not use API data for model training.
- OpenAI (GPT-4o-mini): Used for the Emma chat assistant, enrichment analysis, and research briefs. OpenAI does not use API data for model training.
AI-processed data is not retained by our AI providers beyond the duration of the API request, per their respective data processing agreements.
5. Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | EU (Frankfurt) |
| Supabase | PostgreSQL database | EU (Ireland) |
| Upstash | Redis (rate limiting, job locks) | EU |
| Anthropic | AI reply generation | US |
| OpenAI | AI chat, analysis | US |
| Gmail API, Calendar API, Sheets API, Custom Search API | Global | |
| Unipile | LinkedIn hosted authentication and messaging | EU (France) |
| Stripe | Billing and subscription management | US / EU |
| Resend | Transactional emails | US |
| HubSpot | CRM sync when configured | US / EU |
| Fathom | Meeting transcription when configured | US |
| Apify | LinkedIn public profile enrichment | EU (Czech Republic) |
| La Growth Machine | Multichannel outreach integration | EU (France) |
6. Data Retention
- Account data: Until deletion is requested.
- Conversations, messages, replies: Until deletion or manual purge.
- AI training / feedback data: 90 days rolling window within your workspace.
- Enrichment cache: 30 days, then refreshed or removed.
- Session cookies: 7 days of inactivity.
- Security logs: 30 days.
- Billing records: 10 years (French Commercial Code).
7. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (request via /data-deletion)
- Port your data to another service
- Object to processing based on legitimate interest
- Restrict processing in certain circumstances
- Opt out of AI training improvements at any time
To exercise your rights, use /data-deletion for erasure or email privacy@answer-me.ai. You also have the right to lodge a complaint with the French supervisory authority (CNIL, cnil.fr).
8. Cookies
We use a minimal set of cookies. Full inventory and controls are on our Cookie Policy page. We do not use advertising cookies.
9. International Transfers
Some sub-processors (Anthropic, OpenAI, Stripe, Resend, HubSpot, Fathom) are based in the United States. Transfers rely on Standard Contractual Clauses (SCCs) and, where applicable, Data Privacy Framework certifications.
10. Security
HTTPS everywhere, AES-256-GCM encryption for stored credentials, HMAC-SHA256 webhook verification, rate limiting, Content Security Policy headers, and strict multi-tenant data isolation.
11. Changes to This Policy
We may update this policy. Material changes will be notified by email or in-app at least 30 days in advance.
12. Contact
Privacy questions: privacy@answer-me.ai. Data deletion: /data-deletion.
Last updated: April 20, 2026