ProspectPagePrivacy Policy
Last updated: May 29, 2026
This Privacy Policy explains how Nortik DOO (“we”, “us”, or “ProspectPage”) collects, uses, shares, and protects personal data when you visit prospectpage.io, the application at app.prospectpage.io, or otherwise interact with our services (collectively, the “Service”).
We process personal data in line with the EU General Data Protection Regulation (GDPR) and the Serbian Law on Personal Data Protection (“LPDP”).
1. Who we are
The data controller is Nortik DOO, a limited liability company registered in Serbia.
- Registered office: Jovana Cvijića 21, 21000 Novi Sad, Serbia
- VAT / PIB: 112022187
- Contact: support@prospectpage.io
2. Scope
This Privacy Policy applies to:
- Visitors to our marketing site at prospectpage.io.
- Users of the ProspectPage application at app.prospectpage.io.
- People who contact us by email or through our forms.
It does not apply to third-party websites linked from the Service, or to pages you publish using the Service when accessed by your own prospects (those visits are processed by us on your behalf, with you as the controller of the prospect data you upload).
3. Personal data we collect
3.1 Account data
When you create an account: your name, email address, a securely hashed password, workspace name, and any profile information you choose to add.
3.2 Billing data
Payments are processed by our payment provider, Polar. We do not store your full card number. We receive and store: the last four digits of your card, card brand, expiry, billing country, subscription plan and status, invoices, and transaction history. During your free trial we authorize a small charge (typically $1) to verify the card; this authorization is voided or refunded.
3.3 Prospect data you upload
To generate personalized pages, you provide us with information about the people and companies you are reaching out to (for example: name, role, company name, company website, LinkedIn URL, notes). You are the controller of this data; we process it as your processor under the terms of our agreement.
3.4 Generated content
Pages, copy, and images created with the AI Page Builder, AI Image Generation, and Bulk Campaigns features.
3.5 Usage and technical data
Pages created, sessions, feature usage, IP address, user agent, device type, referrer URL, language, and server log data.
3.6 Cookies and trackers
See our Cookie Policy for details on the cookies and similar technologies we use, and how to manage your preferences.
3.7 Communications
If you contact us by email or fill in a form, we keep your message, your contact details, and our response.
4. How we use personal data and our legal basis
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service (authentication, page generation, hosting your pages, analytics on your own pages) | Performance of contract (GDPR Art. 6(1)(b)) |
| Bill you and manage your subscription | Performance of contract; legal obligation for tax/invoicing (Art. 6(1)(b), (c)) |
| Secure the Service, prevent abuse, debug issues | Legitimate interest in protecting our Service and our users (Art. 6(1)(f)) |
| Service emails (account changes, billing notices, security) | Performance of contract (Art. 6(1)(b)) |
| Product analytics, session replay, marketing analytics | Consent (Art. 6(1)(a)) where required by cookie / ePrivacy rules |
| Product update and marketing emails to existing customers | Legitimate interest in marketing similar products to customers, with an easy unsubscribe (Art. 6(1)(f)) |
| Comply with legal obligations (tax, accounting, lawful requests) | Legal obligation (Art. 6(1)(c)) |
5. Sharing and subprocessors
We share personal data only with the following categories of recipients and only as needed to provide the Service:
| Subprocessor | Purpose | Data shared | Location |
|---|---|---|---|
| Vercel Inc. | Hosting, CDN, edge functions | All Service data in transit; logs | United States / EU regions |
| Supabase Inc. | Database, authentication, file storage | Account, prospect, and content data | EU region |
| Polar Software Inc. | Payments, subscription billing, invoicing | Name, email, billing address, card metadata, transactions | United States |
| Anthropic, PBC | Large-language-model generation (Claude) | Prompts containing prospect inputs you supply | United States |
| OpenAI, L.L.C. | Large-language-model and image generation | Prompts and image-generation inputs you supply | United States |
| Google LLC (Google Analytics 4) | Marketing-site analytics | IP, device, page-view events (with consent) | United States |
| PostHog Inc. | Product analytics and session replay | Pseudonymous events, device data, session recordings (with consent) | European Union |
Per our agreements with Anthropic and OpenAI, prompts and content sent via their APIs are not used to train their models. We will update this list before adding any new subprocessor that processes personal data on our behalf.
6. International data transfers
Several of our subprocessors are based in the United States. Where we transfer personal data outside the European Economic Area or Serbia, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework.
7. How long we keep data
- Account data: for as long as your account is active, plus 30 days after account deletion to allow recovery and to settle outstanding payments.
- Prospect data and generated content: until you delete it or close your account.
- Billing records: 10 years, as required by Serbian tax and accounting law.
- Server and security logs: up to 90 days.
- Support emails: up to 3 years from the last interaction.
8. Security
We use industry-standard safeguards, including:
- TLS encryption for all data in transit.
- Encryption at rest for our databases and object storage.
- Password hashing using modern algorithms (bcrypt / Argon2 family).
- Role-based access controls and the principle of least privilege.
- Logging and monitoring of administrative access.
No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify the competent supervisory authority and affected users as required by law.
9. AI and large-language-model processing
ProspectPage uses third-party large-language models (currently Anthropic Claude and OpenAI) to generate personalized pages, copy, and images based on the inputs you provide. Prompts sent to these providers may contain prospect data you upload. By our contractual arrangements, prompts and outputs are not used to train provider models. You are responsible for ensuring you have the right to share prospect data with us for this purpose.
10. Your rights
Under GDPR and the LPDP, you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased, subject to legal retention requirements.
- Restrict or object to certain processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with a supervisory authority. In Serbia: the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti). In the EU: your local Data Protection Authority.
To exercise any of these rights, email support@prospectpage.io. We will respond within 30 days.
11. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available at this URL with the “Last updated” date at the top. We will notify registered users by email of any material change before it takes effect.
13. Contact
Questions, requests, or complaints about this Privacy Policy or our processing of your personal data:
- Email: support@prospectpage.io
- Post: Nortik DOO, Jovana Cvijića 21, 21000 Novi Sad, Serbia