Privacy Policy
Effective date: May 27, 2026
Zendbee is a lead enrichment and outreach personalization tool operated by Floclick ("we", "us", "our"). This policy explains what personal data we collect, why we collect it, the legal basis for doing so, who we share it with, and what rights you have over it.
This policy applies to the Zendbee website and platform at zendbee.com. For questions: info@floclick.com.
Beta notice. Zendbee is currently in closed beta. Features and data practices may evolve. We will update this policy and notify you of material changes before they take effect.
1. Who this policy applies to
This policy applies where Floclick acts as a data controller — meaning we determine why and how your personal data is processed. This covers account data, waitlist signups, and any direct communications with us.
When you upload company lists for enrichment, we act as a data processor on your behalf. That data belongs to you. We process it only to return enriched results and for no other purpose. You are the data controller for any personal data in your uploads and are responsible for having a lawful basis to process it.
2. What we collect and why
The table below sets out each category of personal data we collect, the purpose, and the legal basis under GDPR Article 6.
| Data | Purpose | Legal basis |
|---|---|---|
| Email address (waitlist) | To send you your invite when your spot opens | Consent (you submitted the form) |
| Email address and password (account) | Account creation, authentication, and access control | Performance of a contract |
| Job metadata (name, status, lead count, timestamps) | To display your enrichment history and results | Performance of a contract |
| Session cookies | To keep you logged in between page loads | Strictly necessary — no consent required |
| Email correspondence | To respond to support requests and enquiries | Legitimate interest |
We do not collect payment data directly. Payments are processed by Stripe. We do not use your data for advertising and we do not sell it to third parties.
3. Cookies
We use one strictly necessary cookie: an authentication session cookie set by Supabase when you sign in. This cookie is required to keep you logged in and cannot be disabled without breaking the service. It expires when you sign out or after 7 days of inactivity.
We do not use analytics, advertising, or tracking cookies.
4. Third-party processors
The following services process personal data on our behalf under data processing agreements:
Supabase
Stores your account credentials and job metadata. Supabase is a US-based company. Transfers are covered by Standard Contractual Clauses. Privacy policy.
Beehiiv
Stores waitlist email addresses and manages invite communications. Privacy policy.
Our enrichment pipeline processes publicly available company-level data only. No personal data is passed to enrichment services.
5. Data retention
| Data type | Retention period |
|---|---|
| Waitlist email | Until you unsubscribe or request deletion |
| Account credentials | Until account deletion, then deleted within 30 days |
| Job metadata and enriched results | Until account deletion, then deleted within 30 days |
| Email correspondence | Up to 2 years for support and legal purposes |
| Session cookies | 7 days or until sign-out |
6. Account deletion
To delete your account, email info@floclick.com with the subject line "Delete my account". We will confirm receipt within 2 business days and complete the deletion within 30 days. After deletion, your account credentials and job data are permanently removed from our systems. Waitlist subscriptions are managed separately through Beehiiv — use the unsubscribe link in any email from us to remove yourself from that list.
7. Security
We apply the following technical and organisational measures to protect your personal data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Passwords are hashed using bcrypt and never stored in plain text.
- Access to production systems is restricted to authorised personnel only.
- We rely on Supabase's SOC 2 Type II certified infrastructure for data storage.
No system can guarantee absolute security. In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33.
8. International transfers
Supabase is based in the United States. Transfers of personal data to Supabase are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission, which provide equivalent protection to data processed within the EEA. No other personal data is transferred outside the EEA.
9. Your rights under GDPR
If you are in the European Economic Area or United Kingdom, you have the following rights:
- Access (Article 15) — request a copy of the personal data we hold about you.
- Correction (Article 16) — ask us to correct inaccurate or incomplete data.
- Deletion (Article 17) — request that we erase your personal data where there is no legitimate reason to keep it.
- Portability (Article 20) — receive your data in a structured, commonly used, machine-readable format (JSON or CSV). We will fulfil portability requests within 30 days.
- Objection (Article 21) — object to processing based on legitimate interest. We will stop unless we have compelling legitimate grounds that override your interests.
- Restriction (Article 18) — request that we restrict processing while a dispute about accuracy or lawfulness is resolved.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email info@floclick.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.
You have the right to lodge a complaint with your national data protection authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY) — imy.se. If you are in another EEA country, you may contact your local authority instead.
10. Changes to this policy
We may update this policy as the service evolves. We will notify you of material changes by email at least 14 days before they take effect. The effective date at the top of this page reflects the latest revision. Continued use of the service after a change takes effect constitutes acceptance.
11. Contact
Floclick is the data controller responsible for personal data processed under this policy.
Email: info@floclick.com
← Back to home