Trust & Safety

Last Updated: 10 December 2025

1. Data Minimisation

Cold AI operates on a principle of minimal data access. We are a processor, not a controller, of your prospect data.

What We Process

We process public business information (LinkedIn URLs, Company Websites) solely for the purpose of generating outbound messaging drafts.

2. Data Retention Policy

Unlike traditional databases that hoard contact info, Cold AI is ephemeral.

• Input Data: Retained only for the duration of the active campaign session.
• Generated Drafts: Stored for 30 days to allow for user review/refinement, then effectively deleted.
• LLM Training: Your prospect data is strictly excluded from our model training sets. We do not train on customer inputs.

3. Third-Party Subprocessors

To deliver our service, we rely on the following enterprise-grade infrastructure providers:

• OpenAI / Anthropic: LLM Inference (Zero-retention tier).
• Vercel/AWS: Hosting and Compute.
• Supabase: Encrypted Database.

4. GDPR & Compliance

We rely on Legitimate Interest (Article 6(1)(f)) for B2B prospecting capabilities. We provide all data subjects with the Right to Erasure.

Contact the DPO: [email protected]