Privacy Policy
How BDR Team collects, uses, and protects data. Last updated May 2026.
1. Who we are
BDR Team (“we”) operates the bdrteam.co outbound sales platform. We act as a data processor for the prospect data our customers upload, and as a data controller for customer account information.
2. Data we process
- Account data — name, work email, hashed password, workspace settings.
- Customer-uploaded lead data — names, business emails, company info you import.
- Operational data — message events (sent/open/click/reply), audit logs.
- Limited technical data — IP and user agent for security and rate limiting.
3. How we use it
Strictly to provide the service: generating outreach, sending from your connected mailboxes, routing replies, and producing analytics for your workspace. We do not sell personal data and do not use customer lead data to train shared models.
4. Subprocessors
Google Cloud (hosting), Supabase (database), and the AI providers you configure (OpenAI, Google). Email is sent through mailboxes you own or connect.
5. Retention
Configurable per workspace under Admin → Compliance. Defaults: messages 730 days, audit logs 365 days, AI call logs 90 days. A daily job enforces these windows.
6. Your rights
Workspace admins can export or erase any contact’s data on demand (Admin → Compliance), satisfying GDPR/CCPA access and erasure requests. Contact our team for account-level requests.
7. Security
Secrets are encrypted at rest (AES-256-GCM), traffic is TLS-only behind a managed load balancer, and every workspace is strictly tenant-isolated at the query layer.