Privacy Policy

1) Who we are

Email: privacy@pesterless.com

In this policy, “we”, “us” and “our” refers to Pesterless.

If you use Pesterless to store details about other people (for example, your contacts), you are typically the controller of that contact data and we act as your processor/service provider for that data (because we process it on your behalf to provide the service).

2) What data we collect

A) Account and profile data

• Email address (used for sign-in and account communications)
• Name (if you provide it)
• Time zone and reminder preferences (if you set them)
• Subscription status and plan information

B) Contact and relationship data you add

Depending on what you choose to store, this may include:

• Contact names, email addresses, phone numbers, company/role
• Notes and interaction history (what you discussed, context, outcomes)
• Follow-up dates and reminders (when you want to reach out next)
• Tags, pinned/archived status, and other organisation fields

Important: This may include personal data about third parties (your contacts). You should only add data you have a lawful reason to store and share with us (for example, it’s necessary for your networking/work, and it’s fair and expected).

C) Communications data

• Emails we send to you (for example, login links and reminder emails)
• Messages you send to us (support requests, feedback)

D) Technical and usage data

• IP address, device information, browser type, operating system
• App usage data (pages viewed, actions taken, timestamps) where needed for security, performance, and reliability
• Logs related to authentication and error reporting

E) Cookies and similar technologies

We use essential cookies (and similar technologies) to:

• Keep you signed in
• Protect the service and prevent abuse
• Remember key preferences where applicable

(See “Cookies” below for more detail.)

3) How we use your data (and why)

We use personal data to:

1. Provide the service
   • Create and manage your account
   • Store and display your contacts and interaction history
   • Power features like “Daily Focus” and follow-up scheduling
2. Send service emails
   • Sign-in (“magic link”) emails
   • Reminder emails you’ve enabled
   • Important account or security notices
3. Process payments and manage subscriptions
   • Activate and maintain paid access
   • Handle billing, invoices/receipts, refunds where applicable
4. Keep Pesterless secure and reliable
   • Detect fraud, abuse, and suspicious activity
   • Maintain backups, monitoring, and debugging logs
   • Enforce rate limits and protect our infrastructure
5. Support and improve the product
   • Respond to support requests
   • Fix bugs, improve usability and performance
   • Understand which features are used (in an aggregated or minimal way where possible)
6. Comply with legal obligations
   • Tax/accounting records (for paid plans)
   • Respond to lawful requests from authorities where required

4) Our lawful bases (UK GDPR)

We rely on the following legal bases:

• Contract: to provide the service you sign up for (account access, storing your CRM data, sending reminders you request).
• Legitimate interests: to secure, maintain, and improve the service (for example, preventing abuse, debugging, reliability). We balance this against your rights and minimise data use.
• Consent: where required (for example, if we ever send optional marketing emails or use non-essential cookies). You can withdraw consent at any time.
• Legal obligation: where we must keep certain records (for example, payment and tax records).

5) Reminder emails and marketing

Reminder emails (service messages)

If you enable reminders, we send emails related to the service (for example, daily or scheduled follow-up reminders). These are not marketing—they’re a core feature you control in settings.

Marketing emails

If we send marketing emails (such as product updates, tips, or offers), we will only do so where allowed by law (for example, with your consent, or where a “soft opt-in” applies). You’ll always be able to opt out via an unsubscribe link or your account settings.

6) Who we share data with (sub-processors)

We share personal data only when necessary to run Pesterless. Typical categories include:

• Hosting and infrastructure (to run the web app and store data)
• Database and authentication (account sign-in and secure storage)
• Email delivery (to send login and reminder emails)
• Payments (to process subscriptions and billing)
• Error monitoring/analytics (optional, to maintain reliability)

In the current architecture, common providers may include Supabase (database/auth), an email provider such as Resend, and a payments provider such as Stripe.

We require service providers to protect data and use it only to provide services to us.

We do not sell your personal data.

7) International transfers

Some of our service providers may process data outside the UK (for example, in the EEA or the US). Where data is transferred internationally, we use appropriate safeguards (such as UK-approved contractual clauses) and work with providers that offer strong security commitments.

8) How long we keep data (retention)

We keep personal data only as long as necessary:

• Account data: kept while your account is active.
• Your CRM content (contacts/notes): kept until you delete it or delete your account.
• Support messages: kept as long as needed to resolve your request and for reasonable follow-up.
• Billing records: kept for as long as required by law (for example, tax/accounting obligations).
• Security logs: kept for a limited period appropriate for security and troubleshooting.

You can request deletion of your account and associated CRM data at any time (see “Your rights” below).

9) Security

We use technical and organisational measures designed to protect your personal data, including access controls, encryption in transit, and least-privilege access for systems and staff.

No system is 100% secure, but we work to protect your data and continuously improve our security practices.

10) Your rights

Under UK GDPR, you may have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests
• Data portability (receive certain data in a usable format)
• Withdraw consent where processing is based on consent

You can exercise these rights by contacting us at hello@pesterless.com.

Complaints

If you’re not happy with how we handle your data, you can complain to the UK regulator: the Information Commissioner’s Office (ICO).

11) Cookies

Essential cookies

Needed for sign-in, session management, security, and basic site functionality. You cannot switch these off without affecting the service.

Optional cookies (if enabled)

If we use analytics or other non-essential tools, we’ll do so with appropriate notice and choices (for example, a cookie banner) where required.

12) Children

Pesterless is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided personal data, please contact us and we will take appropriate steps.

13) Changes to this policy

We may update this Privacy Policy from time to time. If changes are significant, we will provide a clear notice (for example, in-app or by email). The “Last updated” date at the top shows when it was last revised.

14) Contact us

For privacy questions or requests:

Email: hello@pesterless.com