Privacy Policy

Effective date: July 8, 2026

Innovare, Inc. and Innovare GmbH ("InnovareAI," "we," "us," or "our") provide the SAM platform and related services (the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, use the Services, communicate with us, or interact with outreach workflows operated through the Services.

If you are established in the European Economic Area, United Kingdom, or Switzerland and use the Services as a customer, your contracting entity is generally Innovare GmbH, Taunusanlage 8, 60329 Frankfurt, Germany, unless otherwise stated in an order form or agreement. For other customers, the contracting entity is generally Innovare, Inc., 1250 Borregas Ave, Sunnyvale, CA 94089, USA. Innovare, Inc. may act as merchant of record and payment administrator for all customers, including customers who contract for the Services with Innovare GmbH.

Scope

This Privacy Policy applies to personal information we process as a controller, business, or similar responsible party, such as website visitor data, account administration data, billing data, support data, and direct communications with us.

When customers use the Services to process personal data about prospects, leads, contacts, users, or other individuals, InnovareAI generally acts as a processor or service provider on behalf of the customer. That processing is governed by our Data Processing Agreement and the customer's instructions. If you receive outreach from one of our customers, the customer is usually responsible for deciding how and why your personal information is processed.

Personal information we collect

We may collect the following categories of personal information:

  • contact information, such as name, business email address, phone number, company, job title, and message content;
  • account information, such as login identifiers, workspace details, user roles, preferences, and authentication-related information;
  • billing information, such as subscription status, invoices, transaction metadata, billing contact details, and payment-related information processed by our payment providers;
  • service data, such as prospects, leads, contacts, LinkedIn and company data, outreach messages, replies, conversation content, scheduling information, enrichment results, and workflow configuration submitted by or on behalf of customers;
  • usage and technical data, such as IP address, device type, browser, operating system, log data, product usage, error reports, and security events;
  • website and cookie data, as described in our Cookie Policy;
  • support and communications data, such as requests, feedback, survey responses, and correspondence with us;
  • professional or employment-related information, such as employer, role, public business profile information, and professional background.

We do not intentionally collect special categories of personal data, sensitive personal information, children's data, health data, financial account data, government identification numbers, criminal conviction data, or other highly sensitive information through the Services unless expressly agreed in writing.

How we collect personal information

We collect personal information directly from you when you create an account, contact us, subscribe to the Services, request support, complete forms, or communicate with us.

We collect personal information from customers when they submit or configure data in the Services. This may include business contact data, prospect data, message content, replies, and workflow data processed on the customer's behalf.

We may collect personal information from third-party sources, such as business data providers, enrichment providers, public websites, LinkedIn or other professional networks, payment providers, authentication providers, analytics providers, and communication tools.

We collect technical and usage information automatically when you visit our website or use the Services.

How we use personal information

We use personal information to:

  • provide, operate, maintain, secure, and improve the Services;
  • create and administer accounts and workspaces;
  • process subscriptions, billing, payments, and invoices;
  • provide support and respond to requests;
  • perform customer-instructed prospecting, enrichment, outreach, engagement, reply handling, scheduling, analytics, and workflow automation;
  • personalize and configure the Services;
  • monitor service performance, debug errors, prevent fraud, detect abuse, and protect security;
  • communicate with customers and users about the Services, product updates, legal notices, and support matters;
  • comply with legal obligations and enforce our agreements;
  • conduct internal business operations such as accounting, compliance, reporting, and vendor management.

We do not use Customer Personal Data processed on behalf of customers to train external or general-purpose AI models. We do not permit third-party model providers to use Customer Personal Data to train their general-purpose models. See our AI Data Usage Policy for more detail.

Legal bases for EEA, UK, and Swiss processing

Where GDPR, UK GDPR, or Swiss data protection law applies, we rely on the following legal bases:

  • contract performance, where processing is necessary to provide the Services or administer an account;
  • legitimate interests, such as securing, maintaining, improving, and marketing the Services, preventing fraud and abuse, and communicating with business users;
  • consent, where required for cookies, marketing communications, or certain optional processing;
  • legal obligation, where processing is necessary to comply with applicable law;
  • customer instructions, where we act as processor or sub-processor on behalf of a customer.

How we disclose personal information

We may disclose personal information to:

  • service providers and sub-processors that help us provide hosting, infrastructure, messaging, enrichment, payment, analytics, support, security, and business operations;
  • model providers where configured or selected for message generation or other AI-enabled functionality;
  • payment providers and billing administrators, including Stripe and Innovare, Inc. where it acts as merchant of record;
  • customers, where we process personal information on their behalf or provide account/workspace functionality;
  • professional advisers, such as lawyers, accountants, auditors, and insurers;
  • authorities, regulators, courts, or other parties where required by law or necessary to protect rights, safety, security, or legal interests;
  • successors or counterparties in connection with a merger, financing, acquisition, reorganization, or sale of assets.

Our Services sub-processors are listed on our Sub-processors page.

International transfers

Customer service data is stored at rest in a self-hosted database located in the European Union, currently Germany.

Some service providers, billing providers, corporate systems, or optional model providers may process personal information outside your country, including in the United States. Where required, we use appropriate transfer safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, Swiss adaptations, adequacy decisions, or other lawful mechanisms.

Customers that require GDPR Article 28 terms may enter into our Data Processing Agreement.

Cookies and tracking

We use cookies and similar technologies as described in our Cookie Policy. If we use analytics, advertising, retargeting, conversion tracking, or similar technologies, we will disclose those technologies and provide consent or opt-out mechanisms where required.

Sale or sharing of personal information

InnovareAI does not sell personal information for money.

InnovareAI does not share personal information for cross-context behavioral advertising where it has disabled or does not use advertising pixels, conversion tags, retargeting tools, or similar tracking technologies that would constitute "sharing" under the CCPA/CPRA.

If we later use technologies or practices that constitute a sale or sharing of personal information under applicable law, we will update this Privacy Policy and provide a "Do Not Sell or Share My Personal Information" mechanism as required. See our Privacy Choices page.

Data retention

We retain personal information for as long as reasonably necessary to provide the Services, operate our business, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and preserve legitimate business records. See our Data Retention and Deletion Policy for details.

Customer-controlled service data is retained for the term of the customer relationship unless deleted earlier by the customer or as otherwise agreed. Following termination, Customer Personal Data is deleted or returned according to our Data Processing Agreement and applicable retention procedures.

Account data, such as user profile, login, and workspace information, is deleted within 30 days of account cancellation, except where a retained backup copy persists until it ages out of our ordinary backup retention cycle, or where retention is required by law.

Billing, tax, accounting, and legal records may be retained for longer periods where required by law. Backups are deleted according to ordinary backup retention cycles.

Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, encryption at rest where supported, access controls, role-based permissions, customer workspace isolation, logging, monitoring, and incident response procedures. No method of transmission or storage is completely secure.

Additional information is available on our Security page.

Children's privacy

The Services are intended for business users and are not directed to children. We do not knowingly collect personal information from children.

Your privacy rights

Depending on your location and relationship with us, you may have rights to access, correct, delete, object to, restrict, or port your personal information, withdraw consent, opt out of certain processing, or lodge a complaint with a regulator.

You may exercise privacy rights by contacting privacy (at) innovareai (dot) com or dpo (at) innovareai (dot) com. We may need to verify your identity and authority before processing your request. See our Privacy Choices page for more detail.

If your personal information is processed by InnovareAI on behalf of one of our customers, we may refer your request to that customer or assist the customer in responding.

EEA, UK, and Switzerland

Individuals in the EEA, UK, and Switzerland may have the right to request access, correction, deletion, restriction, portability, objection to processing, and withdrawal of consent. You may also have the right to lodge a complaint with your local data protection authority.

California: CCPA/CPRA

California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and non-discrimination for exercising privacy rights.

We may collect identifiers, commercial information, internet or electronic network activity information, professional or employment-related information, communications content, and inferences. We use these categories for the purposes described in this Privacy Policy.

California residents may exercise rights by contacting privacy (at) innovareai (dot) com or dpo (at) innovareai (dot) com. Authorized agents may submit requests where permitted by law, subject to verification.

Canada: PIPEDA

For individuals in Canada, we handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act where applicable. We collect, use, and disclose personal information for the purposes described in this Privacy Policy and rely on consent where required.

Individuals in Canada may request access to personal information we hold about them and may request correction of inaccurate or incomplete information, subject to applicable exceptions. You may also have the right to contact the Office of the Privacy Commissioner of Canada or a relevant provincial privacy authority.

Australia: Privacy Act and Australian Privacy Principles

For individuals in Australia, we handle personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles where applicable. This includes transparency, purpose limitation, security safeguards, access and correction rights, and cross-border disclosure safeguards where required.

Individuals in Australia may request access to or correction of personal information. If you have a privacy complaint and are not satisfied with our response, you may have the right to contact the Office of the Australian Information Commissioner.

New Zealand: Privacy Act 2020

For individuals in New Zealand, we handle personal information in accordance with the New Zealand Privacy Act 2020 where applicable. Individuals may request access to and correction of personal information. Where required, we will notify affected individuals and/or the New Zealand Privacy Commissioner of a notifiable privacy breach.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date. Material changes may be communicated by email, in-product notice, website notice, or other reasonable means.

Contact

Innovare, Inc.
1250 Borregas Ave
Sunnyvale, CA 94089
United States

Innovare GmbH
Taunusanlage 8
60329 Frankfurt
Germany

Privacy contact: privacy (at) innovareai (dot) com
Data protection contact: dpo (at) innovareai (dot) com