We’ve raised $3.5M to rebuild global distribution with AI Read more >

Try for free

Try for free

Try for free

Privacy Policy

Privacy Policy

Effective Date: October 19, 2025

Controller: Kingpin, Inc. (“Kingpin”, “we”, “us”)

Email: privacy@kingpin.ai

Postal Address: Office 2902, 29th Floor, Iris Bay Tower, Dubai, UAE

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit kingpin.ai, interact with us, or use our web applications (the “Platform”).

If you are a Kingpin customer and we process Customer Data inside the Platform on your instructions (e.g., catalogs, orders, retailer data, integration payloads), we act as your processor and our Data Processing Addendum (DPA) governs that processing. This Policy covers our controller activities.

1) Scope and Roles

1.1 When we are Controller. We act as controller for website, account, billing, usage/telemetry, marketing, and support data.

1.2 When we are Processor. For Customer Data you upload or send to the Platform for your business purposes (e.g., prospecting, catalog management), we act as processor (or sub-processor via an integration partner), and will process only on your documented instructions under a DPA. We do not use such data for our own purposes, including adding it to our general database.

1.3 Third-Party Prospect Data. The Platform may surface B2B prospect/company/contact information licensed from third-party providers (e.g., Ocean.io) and/or compiled from public business sources (“Third-Party Prospect Data”). The third-party provider remains an independent controller of its dataset. You are the controller for any outreach you conduct using such data and must comply with applicable marketing and e-privacy laws.

2) Personal Data We Collect (Controller Context)

- Account & Profile: name, business email, phone, company, job title, authentication identifiers.

- Product Usage & Telemetry: IP address, device/browser data, timestamps, events, feature usage, diagnostics, crash logs.

- Website & Forms: messages, support tickets, attachments, meeting notes.

- Marketing & Events: preferences, subscription status, campaign engagement (opens/clicks), event RSVP data.

- Billing: billing contact details, tax IDs, limited payment info (full card data is handled by our payment processor).

- Prospect/Lead Data (for our own B2B marketing): business contact details of potential customers, collected from referrals, events, providers, or public business sources.

- Cookies/SDKs: identifiers needed for login, security, analytics, and (if enabled) advertising—see §7.

We do not intentionally collect sensitive categories (e.g., health, biometrics) via the website or our controller activities. For Prospect AI: Leads revealed (e.g., business contacts) are distinguished from platform usage data; we may use aggregated/anonymized Prospect AI interactions to train/improve our AI models, but never individual CRM or customer-submitted data.

3) Sources

- Directly from you (forms, sign-up, support, meetings).

- Automatically via cookies/SDKs when you use the site/app.

- From your employer/colleagues (if they register you).

- From partners and service providers (e.g., analytics, referral partners).

- From licensed data providers and public business sources for B2B outreach.

4) Purposes and Legal Bases (GDPR/UK GDPR)

We process personal data for:

- Provide and secure the Platform (create accounts, authenticate users, operate features, fraud/abuse prevention). Legal basis: contract; legitimate interests.

- Support and communications (tickets, incident notices, changes to terms/features). Legal basis: contract; legitimate interests; legal obligation for certain notices.

- Product improvement & analytics (diagnostics, usage measurement, QA, planning, AI training on aggregated data). Legal basis: legitimate interests.

- B2B marketing to business contacts (emails/events/content) where permitted; you may opt out at any time. Legal basis: legitimate interests and compliance with e-privacy rules.

- Compliance & corporate governance (sanctions/export checks, recordkeeping, enforcement of terms, M&A). Legal basis: legal obligation; legitimate interests.

Where required, we will seek consent (e.g., non-essential cookies in certain jurisdictions).

5) Your Responsibilities When Using Prospect Data

If you export or contact individuals using Prospect AI or any surfaced Third-Party Prospect Data, you determine the lawful basis (e.g., legitimate interests), provide required transparency notices, and honor opt-outs/suppression and other rights under applicable laws (e.g., PECR/ePrivacy, CAN-SPAM, CASL, local anti-spam regimes). You must not use the Platform to send unlawful or unsolicited communications.

6) Disclosures and Recipients

We disclose personal data to:

- Service Providers/Sub-processors (hosting, cloud compute, analytics, email/comms, customer support, payments, monitoring, integration tooling). They act under contract, access is least-privilege, and we remain responsible for their performance.

- Integration Partners (when you use an integration or request implementation) to the extent necessary to deliver the integration and support.

- Corporate Transactions (merger, acquisition, financing, or asset sale), subject to confidentiality and safeguards.

- Legal/Compliance (to comply with law, enforce terms, protect rights/safety, respond to lawful requests).

- Customers (when we act as processor) per the customer’s instructions.

We do not sell personal information in the ordinary sense. We do not knowingly “share” personal information for cross-context behavioral advertising unless you opt-in to such cookies (see §7 and US Addendum).

7) Cookies and Similar Technologies

- Strictly Necessary: authentication, session management, security, load balancing.

- Analytics/Performance: measure usage and performance; improve features.

- Advertising/Retargeting: only if and when we enable paid campaigns.

Your choices: You can manage cookies in your browser. Where required, our cookie banner lets you accept or reject non-essential cookies and change your choices at any time.

8) International Transfers

We operate globally and may transfer personal data to countries that may not provide the same level of protection. Where required, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses (SCCs), UK IDTA), and ensure recipients are bound to protect the data. For processor activities, the transfer mechanism is set out in the DPA.

9) Security

We maintain appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege, logging/monitoring, vulnerability management, and secure software development practices. No system is 100% secure; we monitor for incidents and will notify affected parties and/or authorities where required by law.

10) Retention

We retain personal data only as long as necessary for the purposes described or as required by law, then delete or anonymize it. Typical periods:

- Account & billing records: life of account + 12 months.

- Support tickets: ~24 months.

- Marketing records: until you opt-out or after a period of inactivity (12 months).

- Logs/analytics: rolling windows (6 months) unless needed to investigate security or legal issues.

11) Your Rights

Depending on your location, you may have rights to access, rectify, erase, restrict, port, or object to certain processing (including direct marketing). You may also withdraw consent where we rely on consent.

- To exercise rights or raise questions, contact privacy@kingpin.ai. We may need to verify your identity.

- You may opt-out of marketing at any time (unsubscribe link or email us).

- EU/UK residents may lodge a complaint with a supervisory authority (e.g., ICO in the UK or your local DPA). We would appreciate the chance to address your concerns first.

12) Children

Our Platform is for business use and not directed to children. We do not knowingly collect data from children.

13) Changes to this Policy

We may update this Policy to reflect changes in law or our practices. We will post the revised Policy with a new Effective Date and, where changes are material, provide additional notice (e.g., banner or email).

14) Contact

Kingpin, Inc.

Email: privacy@kingpin.ai

Address: Office 2902, 29th Floor, Iris Bay Tower, Dubai, UAE

EU/UK GDPR Supplement

- Controller/Processor Roles. As set out in §1.

- Lawful Bases. Contract, legitimate interests, legal obligation, and consent where applicable (see §4). We rely on legitimate interests for B2B marketing, product analytics, and platform security, balanced against your rights and expectations.

- International Transfers. Where required, we use SCCs/IDTA or other approved mechanisms (§8).

- Representatives. If we appoint an EU/UK representative, their details will appear here or in our DPA.

- Supervisory Authority Contact. You may contact your local authority or (for UK) the ICO (ico.org.uk).

United States Privacy Supplement (CPRA/State Laws)

This section applies to residents of California (CPRA) and similar U.S. state laws (e.g., VA, CO, CT, UT) where applicable.

Categories Collected (past 12 months): Identifiers (name, email, phone), commercial information (subscription tier), Internet/electronic activity (usage/telemetry), professional information (company, title), and in limited cases geolocation by inference (region/city from IP). We do not knowingly collect sensitive personal information via our controller activities.

Purposes: As in §4 (provide services, security, analytics, marketing to business contacts, compliance).

Sources & Disclosures: As in §§3 and 6. We disclose to service providers and, if enabled, to advertising/analytics partners. We do not sell personal information as commonly understood. We do not knowingly share personal information for cross-context behavioral advertising unless you opt-in to such cookies. You can opt-out by disabling advertising cookies in the banner and adjusting your browser settings.

Your State Rights:

- Right to know/access, correct, delete, and obtain a portable copy.

- Right to opt-out of sale/sharing (manage cookies/ads preferences).

- Right to non-discrimination for exercising rights.

Submit requests at privacy@kingpin.ai. We will verify your request (and, if applicable, agent authorization).

UAE/ADGM

We aim to align with UAE Federal Decree-Law No. 45 of 2021 and ADGM Data Protection Regulations 2021 (where relevant, DIFC DP Law 2020). If you are in the UAE/ADGM, you may request access, correction, deletion, or objection to processing by contacting [privacy@kingpin.ai](mailto:privacy@kingpin.ai). Where cross-border transfers occur, we apply appropriate safeguards as described in §8, including adequacy assessments or contractual protections.

Annex A — Key Terms

- “Customer Data”: data supplied by a customer for processing inside the Platform on that customer’s instructions.

- “Prospect AI / Third-Party Prospect Data”: business contact/company data surfaced in-product from licensed providers and/or public sources.

- “Processor/Sub-processor”: when we process Customer Data on a customer’s instructions; sub-processors are vendors we authorize to assist us.

- “Applicable Law”: laws that apply to the parties’ processing, including GDPR/UK GDPR, e-privacy/anti-spam, UAE DP Law, and US state privacy laws as relevant.