Privacy Policy

Effective date: March 11, 2026

ercel ("ercel," "we," "us," or "our") operates the ercel.ai platform, an AI-powered outreach tool built for B2B agencies. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, application, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, password (stored as a bcrypt hash), and organization name. If you sign up using Google OAuth, we receive your name, email address, and profile image from Google.

Prospect Data

You may upload or manually enter prospect information into ercel, including names, email addresses, company names, websites, phone numbers, and other business contact details. You may also use our Google Maps discovery feature, which retrieves publicly available business information. You are responsible for ensuring that you have a lawful basis to process any personal data you upload to the Service.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, campaign performance metrics (opens, replies, bounces), timestamps, browser type, operating system, and IP address.

Cookies

We use session cookies strictly for authentication and maintaining your login state. We do not use third-party tracking cookies, advertising cookies, or analytics cookies from external providers. See Section 10 for more details.

2. How We Use Information

We use the information we collect to:

  • Provide the Service: Manage your account, process prospect data, generate AI-powered research briefs, create personalized emails, and deliver campaign analytics.
  • AI Processing: Analyze prospect websites and generate research summaries and personalized outreach emails using artificial intelligence (see Section 3).
  • Billing: Process subscription payments, manage plan limits, and send billing-related communications.
  • Service Improvement: Analyze usage patterns to improve features, fix bugs, and enhance the overall user experience.
  • Communications: Send transactional emails related to your account, such as password resets, billing receipts, and important service updates.
  • Security: Detect and prevent fraud, abuse, and unauthorized access to the Service.

3. AI Data Processing

ercel uses Anthropic's Claude AI to power two core features:

  • Prospect Research: When you initiate research on a prospect, ercel scrapes the prospect's publicly available website content and sends it to Claude AI for analysis. The AI identifies the prospect's industry, technology stack, potential pain points, and opportunities relevant to your agency's services.
  • Email Generation: ercel sends prospect research data and your campaign parameters to Claude AI to generate personalized outreach emails tailored to each prospect.

Important: Your prospect data is sent to Anthropic's API solely for the purpose of generating research and email content on your behalf. Anthropic does not use data submitted through its API to train or improve its AI models. The data is processed in accordance with Anthropic's Privacy Policy and API terms.

We do not use your data to train any AI models. Your prospect data and generated content remain yours.

4. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information or prospect data to third parties. We share data only with the following service providers, strictly as necessary to operate the Service:

  • Stripe — Processes subscription payments and manages billing. Stripe receives your payment method details (e.g., credit card information) directly. We do not store your full payment card details on our servers. See Stripe's Privacy Policy.
  • Resend — Delivers outreach emails and transactional emails on your behalf. Resend processes recipient email addresses and email content. See Resend's Privacy Policy.
  • Anthropic — Processes prospect website data and campaign parameters through Claude AI to generate research briefs and personalized emails. See Anthropic's Privacy Policy.

We may also disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of ercel, our users, or the public.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at Rest: Data stored in our databases is encrypted at rest using AES-256 encryption.
  • Password Security: Passwords are hashed using bcrypt with 12 salt rounds. We never store plaintext passwords.
  • Access Controls: All database queries are scoped to your organization. Team members can only access data belonging to their own organization.
  • Security Headers: We enforce HSTS, Content Security Policy, X-Frame-Options, and other HTTP security headers to protect against common web vulnerabilities.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Data Retention

We retain your account information and prospect data for as long as your account is active and as needed to provide the Service. If you delete your account or request data deletion, we will remove your personal data and prospect data from our active systems within 30 days.

We may retain certain information as required by law (e.g., billing records for tax compliance) or for legitimate business purposes such as resolving disputes or enforcing our agreements. Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics purposes.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data. You can update most account information directly through the Service settings.
  • Deletion: Request deletion of your personal data and prospect data. Upon receiving a verified deletion request, we will remove your data within 30 days.
  • Export: Request an export of your data in a machine-readable format (e.g., CSV or JSON).
  • Unsubscribe: Opt out of non-essential email communications at any time. Every email we send includes an unsubscribe link. You can also visit ercel.ai/unsubscribe to manage your preferences.
  • Restrict Processing: Request that we limit the processing of your personal data under certain circumstances.
  • Object: Object to the processing of your personal data where we rely on legitimate interest as the lawful basis.

To exercise any of these rights, contact us at privacy@ercel.ai. We will respond to your request within 30 days.

8. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional terms apply:

Data Controller and Data Processor

When you use ercel to manage prospect data, you act as the Data Controller and ercel acts as the Data Processor. You determine the purposes and means of processing prospect personal data, and we process that data on your behalf in accordance with your instructions and this Privacy Policy.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: Processing necessary to perform our contract with you (e.g., providing the Service, managing your account).
  • Legitimate Interest: Processing necessary for our legitimate interests (e.g., improving the Service, preventing fraud), where those interests are not overridden by your rights and freedoms.
  • Consent: Where you have given us explicit consent for specific processing activities.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

Right to Erasure

Under Article 17 of the GDPR, you have the right to request erasure of your personal data. Upon receiving a valid erasure request, we will delete your data from our active systems within 30 days, unless we are required to retain it for legal compliance. We will also instruct our sub-processors to delete the data.

9. CAN-SPAM Compliance

ercel is designed to help you send compliant outreach emails. We provide tools to support your compliance with the CAN-SPAM Act and similar regulations:

  • Unsubscribe Mechanism: Every outreach email sent through ercel includes a functioning unsubscribe link. Unsubscribe requests are processed automatically and honored within 24 hours.
  • Physical Address: The CAN-SPAM Act requires that commercial emails include a valid physical postal address. You are responsible for configuring your organization's physical address in the ercel settings, which will be included in your outreach emails.
  • Accurate Headers: ercel ensures that "From," "To," and "Reply-To" headers accurately reflect the sender and the sending organization.
  • No Deceptive Subject Lines: Our AI-generated subject lines are designed to accurately reflect the content of the email body.

As a user, you are ultimately responsible for ensuring your outreach campaigns comply with all applicable anti-spam laws in the jurisdictions where your prospects are located.

10. Cookies

We use cookies minimally and only for essential purposes:

  • Session Cookies: Used to authenticate your identity and maintain your login session. These cookies are necessary for the Service to function and expire when you close your browser or after a set period.
  • Security Cookies: Used to support security features such as CSRF protection.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

11. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as soon as possible. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@ercel.ai.

12. International Data Transfers

Your data may be processed in the European Union and the United States, depending on the location of our infrastructure and sub-processors. When data is transferred internationally, we ensure that appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all sub-processors that include adequate data protection obligations.
  • Compliance with applicable data transfer frameworks.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Effective date" at the top. For significant changes, we may also notify you by email. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ercel

Email: privacy@ercel.ai

Website: ercel.ai

We aim to respond to all privacy-related inquiries within 30 days.