We, at lemonreach, are dedicated to serving our customers and contacts to the best of our abilities. Part of our commitment involves the responsible management of personal information collected through our website lemonreach.com, and any related interactions.

Our primary goals in processing personal information include:

• Enhancing the user experience on our platform by understanding customer needs and preferences
• Providing timely support and responding to inquiries or service requests
• Improving our products and services to meet the evolving demands of our users
• Conducting necessary business operations, such as billing and account management

We process personal information with the utmost respect for privacy and security. We adhere to all relevant regulations and guidelines, including the General Data Protection Regulation (GDPR), to ensure that the data we handle is protected against unauthorised access, disclosure, alteration, and destruction.

lemonreach is operated by lemonreach AB, registered in Sweden, with its registered address at Industrigatan 4A, 212 14 Malmö, Sweden. We do not have a designated Data Protection Officer (DPO) but remain fully committed to addressing your privacy concerns. For questions, contact us at [email protected].

This privacy policy applies to all stakeholders who interact with lemonreach, including website visitors, registered users, and customers. Whether you are browsing our website, using our services as a registered user, or engaging with us as a customer, we ensure that your personal data is processed with the highest standards of privacy and security.

lemonreach acts as a data controller in respect of personal data we collect directly from you — such as account, billing, and usage information. Where you use lemonreach to retrieve or process personal data of third parties (such as prospects), lemonreach acts as a data processor on your behalf. In that capacity, you are the data controller and are responsible for ensuring that your use of such data complies with applicable law. This distinction is explained further in Section 3.

3.1 Account Information

When you create an account, we collect:

• First name and last name
• Email address
• Company information (where provided)

3.2 Payment Information

When you subscribe or purchase credits, we collect payment-related data through our payment processor, including:

• Payment method details (e.g. credit card information, processed and stored by our payment provider)
• Payment method and billing history
• Purchase history (subscriptions, top-ups, plan changes)

3.3 Prospect & Contact Data (as Data Processor)

When you use lemonreach's prospecting or enrichment features, our platform retrieves and processes business contact information on your behalf. This may include:

• Names, business email addresses, and job titles of individuals you search for or import
• Company names and other professional information associated with those individuals
• Publicly available professional profile data retrieved via our enrichment feature

This data is processed solely on your instructions and for the purpose of providing the Service. You are the data controller in respect of this data, and you are responsible for ensuring you have a lawful basis for processing it. We do not use this data for our own purposes or share it beyond what is necessary to provide the Service.

3.4 Technical and Usage Data

When you use our website and application, we automatically collect:

• IP address
• Browser information and language
• Device identifiers
• Interaction logs (e.g. clicks, pages visited, features used)

We use the personal information we collect for the following purposes:

• Authentication and security: to verify your identity and secure your account
• Service delivery: to provide the core lemonreach platform, including AI-powered email generation, prospect data enrichment, and contact prospecting
• Payment processing: to manage subscriptions, process payments, and handle billing
• Analytics and performance tracking: to understand how users interact with our platform, enabling us to improve the user experience
• Communication: to send transactional emails (e.g. password resets, billing confirmations) and, with your consent, marketing communications
• Compliance with legal obligations: to meet our obligations under GDPR and other applicable laws
• Customer support: to respond to your enquiries and resolve issues

Prospect and contact data retrieved through our prospecting or enrichment features is used solely to deliver those features to you. We do not use this data for our own marketing, analytics, or any other internal purpose.

5.1 Data Storage Locations

Personal information is stored on secure servers in the following locations:

• European Union (Germany): our primary infrastructure is hosted on secure cloud servers within the EU
• United States: certain data may be processed in the US through our payment processor

5.2 Data Protection Measures

We implement the following security measures to protect your data:

• Encryption: all data is encrypted in transit (TLS/HTTPS) and at rest
• Access control: access to personal information is strictly limited to authorised personnel with a legitimate business need. We enforce strict access controls and regularly review permissions
• Secure authentication: user authentication is managed with industry-standard security practices

We may share your information with third-party service providers who perform services on our behalf. These parties have access to personal information on a need-to-know basis and are contractually obliged to keep your information confidential.

6.1 Third-Party Service Providers

6.2 Data Processing Agreements

When we share your data with third-party service providers, we do so under the protection of Data Processing Agreements (DPAs) that ensure your information is managed in accordance with GDPR and other relevant data protection laws.

6.3 Transparency and Control

You will always be informed about significant changes to our data sharing practices. Your trust is important to us, and we ensure that your personal information is disclosed only in accordance with this policy and when there is a justified reason to do so.

We may transfer your personal information to locations outside the European Economic Area (EEA), including to the United States through certain service providers. Any such transfers are conducted in compliance with GDPR, using appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal information:

• Right of access (Art. 15 GDPR): request access to the personal information we hold about you
• Right to rectification (Art. 16 GDPR): request correction of inaccurate or incomplete personal information
• Right to erasure (Art. 17 GDPR): request deletion of your personal information when it is no longer necessary
• Right to restriction of processing (Art. 18 GDPR): request that we restrict processing under certain conditions
• Right to data portability (Art. 20 GDPR): receive your personal information in a structured, machine-readable format
• Right to object (Art. 21 GDPR): object to processing, including for direct marketing purposes
• Right to withdraw consent (Art. 7(3) GDPR): withdraw consent at any time where processing is based on consent
• Right to lodge a complaint (Art. 77 GDPR): lodge a complaint with a supervisory authority if you believe our processing violates data protection laws

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframes stipulated by applicable law. In some cases, we may need to verify your identity before processing your request.

We use cookies and similar tracking technologies on our website to ensure functionality and improve your experience. For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

Upon your first visit, our website will present you with a cookie consent banner where you can accept all cookies, reject non-essential cookies, or customise your preferences.

Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you are under the age of 18, please do not use our services or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take prompt steps to delete such information. If you believe we may have collected information from a child, please contact us immediately at [email protected].

We may use your personal information to send you direct marketing communications about our products, services, and promotions. We are committed to transparent and lawful marketing practices in compliance with GDPR and the ePrivacy Directive.

• Opt-in consent: we will obtain your explicit consent before sending marketing communications, where required by law
• Unsubscribe option: every marketing communication will include clear instructions on how to opt out. You can exercise your right to unsubscribe at any time

In the event of a data breach that poses a risk to your privacy rights and freedoms, we have established procedures for promptly identifying, assessing, and mitigating the impact.

• Internal monitoring: we employ security measures and monitoring systems to detect and respond to potential breaches promptly
• Regulatory notification: if required by law, we will notify the relevant data protection authorities within 72 hours of becoming aware of the breach
• User notification: if a breach poses a significant risk to your rights, we will notify you promptly with clear information about the breach and recommended steps

If you have any concerns about a potential data breach, please contact us immediately at [email protected].

We may update this privacy policy from time to time to reflect changes in legal requirements, industry standards, or our business operations. When we make significant changes that may affect your rights, we will notify you by email or through a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our services after any changes signifies your acceptance of the updated terms.

If you have any questions or concerns about this privacy policy, please contact us: