Privacy Policy

1. Who we are (data controller)

Plug2Data operates an e-commerce intelligence platform that provides information about online stores and business-to-business (B2B) decision-maker contacts, used by our customers for sales, marketing, recruitment and partnership outreach.

Plug2Data is a trading name of Plug2 FZE LLC, a free-zone company registered at Business Centre, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates (licence no. 4412524). Plug2 FZE LLC is the data controller for the personal data described in this Policy. You can reach us about privacy matters at privacy@plug2data.com.

EU & UK representatives (Article 27 GDPR / UK GDPR): as we are established outside the EEA and the UK, we have appointed Prighter as our representative. EU representative: Prighter (Prighter Group), Vienna, Austria. UK representative: Prighter, London, United Kingdom. Individuals in the EEA or the UK may contact our representative directly via https://app.prighter.com/portal/14393343129, or reach us at privacy@plug2data.com.

2. Personal data we collect about customers & visitors

Account & identity data: your name, work email, company name, role, and authentication metadata when you register, sign in or contact us.

Billing data: your billing details are processed by our payment provider (Stripe). We do not store full card numbers.

Usage & device data: pages viewed, searches, filters, exports and API calls, IP address, browser/device type and similar log data — used for security, fraud prevention and to operate and improve the service.

Communications: messages you send us via Help, email or forms.

3. Business-contact data in our database

Our database contains professional, business-context information about e-commerce companies and the people who make decisions for them. The data fields may include: full name, job title and seniority, professional/work email address, business phone number, professional social profile (e.g. LinkedIn), employer name and the employer's publicly observable business attributes (platform, estimated revenue and traffic, technologies, shipping signals, country).

We do not knowingly collect or process special categories of personal data (such as health, race, religion or political opinions), nor data relating to children.

Sources: this information is compiled from publicly available sources and from licensed third-party data providers. We take reasonable steps to keep it accurate and up to date.

A decision-maker's contact details are only disclosed to a customer when that customer specifically requests enrichment for a given company.

4. How we use personal data (purposes)

To provide, secure, operate and improve the service and our website.

To process registrations, subscriptions, payments and support requests.

To compile and provide B2B business-contact data to our customers for legitimate B2B outreach.

To send service, transactional and (where permitted) relevant marketing communications, which you can opt out of at any time.

To comply with our legal obligations and to establish, exercise or defend legal claims.

5. Legal bases (GDPR / UK GDPR)

Contract: to provide the service you have signed up for and to manage your account and billing.

Legitimate interests: to operate, secure and improve the service; and, for the business-contact data, our and our customers' legitimate interest in B2B prospecting and outreach. We have weighed these interests against the rights and freedoms of the individuals concerned and limit the data to a professional, business context.

Consent: where required, for example certain non-essential cookies or marketing emails. You may withdraw consent at any time.

Legal obligation: where we must process data to comply with the law.

6. Cookies & analytics

We use strictly necessary cookies to run the site and keep you signed in. Where we use analytics or non-essential cookies, we do so in accordance with applicable law and, where required, with your consent. You can control cookies through your browser settings.

7. Sharing & sub-processors

We share personal data with service providers that process it on our behalf under data-processing agreements, including: hosting and infrastructure (Vercel), database and authentication (Supabase), payments (Stripe), transactional email (Resend), and our contact-enrichment providers.

We provide B2B business-contact data to our customers under contractual terms that require lawful use.

We do not sell the personal data of our website visitors. We may disclose data where required by law or to protect our rights.

8. International transfers

We are established in the United Arab Emirates, and some of our service providers process data in the United States, the EU and elsewhere. For personal data of individuals in the EEA or the UK, we rely on appropriate safeguards — principally the European Commission's Standard Contractual Clauses (with the UK Addendum), and, for US service providers, their certification under the EU-US Data Privacy Framework or equivalent clauses. A transfer impact assessment is maintained where required. Details are available at privacy@plug2data.com.

9. Data retention

Account & billing data: kept while your account is active and for up to 7 years after closure to meet legal, tax and accounting obligations, then deleted or anonymised.

Usage & server logs (incl. IP): retained up to 12 months for security and fraud prevention, then deleted or aggregated.

Business-contact data: re-verified on a rolling basis and kept while it remains accurate and relevant for B2B purposes; records that cannot be re-verified are removed. On a valid objection or erasure request we add the individual to a permanent suppression list (kept solely to ensure their data does not reappear) and stop processing their details across our database and exports.

10. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege practices. No system is completely secure, but we work continuously to protect personal data and will notify affected individuals and authorities where legally required.

11. Your rights

Subject to applicable law (including the GDPR, UK GDPR and CCPA/CPRA), you have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent. California residents may request information about, deletion of, and to opt out of any 'sale' or 'sharing' of personal information; we do not sell visitor data.

To exercise any right — including to object to, or be removed/suppressed from, our business-contact database — email privacy@plug2data.com. We will respond within the timeframe required by law. There is no charge unless your request is manifestly unfounded or excessive.

We maintain a suppression list and honour opt-out and do-not-contact requests across our database.

You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Automated decision-making & children

We do not make decisions producing legal or similarly significant effects about individuals based solely on automated processing.

Our service is intended for business users and is not directed to children; we do not knowingly process the personal data of children.

13. Changes to this Policy

We may update this Policy from time to time. The "last updated" date above reflects the current version, and material changes will be notified where appropriate. Questions or requests: privacy@plug2data.com.