Privacy Policy

GTMBase ("we", "us") is operated by Taimoor Tariq as a sole proprietor. Contact details are in the Imprint. Email: taimoor@gtmbase.io.

This policy describes what personal data we process when you visit gtmbase.io and use the GTMBase account-mapping web app, and your rights under the EU General Data Protection Regulation (GDPR).

When you sign up and use the app we collect and store:

• Your email address (used for login via magic link or Google OAuth)
• Your company's domain and a buyer profile you create (value proposition, ICP, buying committee — anything you type into the profile editor)
• The accounts you map, the results we produce, and feedback you submit (👍/👎 on recommendations)
• Anonymous usage logs (timestamp + map ID + cost estimate) for rate limiting and abuse prevention

Legal basis: performance of the contract you enter into when signing up (GDPR Art. 6(1)(b)).

To produce an account map we fetch publicly-available LinkedIn profile data — name, public job title, current company, public profile URL, public profile photo URL, public employment history and headline — for employees of the company you ask us to map. We do this via:

• Blitz (third-party LinkedIn data provider) — under a data-processing agreement. They source data from public LinkedIn pages.
• Direct read of the public LinkedIn page — only the HTML <title> tag, used to verify that a recommended contact is still at the company we're mapping.

We cache this data in our own database so we don't re-query the same person twice. Cached data is shared across all users of GTMBase (one Blitz call for "Stripe employees" serves anyone mapping Stripe), but your buyer profile, your maps, and your feedback are private to your account.

Legal basis: legitimate interest in providing a B2B sales-intelligence service (GDPR Art. 6(1)(f)). The data we process about third parties is limited to public business contact information, which they have themselves published on a professional networking platform. We do not enrich personal email addresses or phone numbers in the free tier.

Anyone whose data appears in our system — whether you, or a third party we've mapped — has the right under GDPR to:

• Access the data we hold about them (Art. 15)
• Correct or update inaccurate data (Art. 16)
• Request deletion ("right to be forgotten", Art. 17)
• Object to processing (Art. 21)
• Request a copy in machine-readable form (Art. 20)
• Lodge a complaint with a supervisory authority (Art. 77) — in Germany, the BfDI

To exercise any of these rights, email taimoor@gtmbase.io. We respond within 30 days as required by law.

We rely on the following services to operate. They process data on our behalf under contract:

• Supabase (database + auth) — EU region. Hosts your account, buyer profile, maps, and feedback.
• Vercel (hosting + serverless) — processes requests and runs the engine.
• Resend (transactional email) — sends magic-link login emails.
• Blitz (LinkedIn data) — public profile enrichment.
• DeepSeek (LLM provider) — generates the buyer profile during onboarding and ranks contacts during a map run. We send the candidate pool (public LinkedIn data) and your buyer profile to DeepSeek; we do not send your email or any login data.

We use only the cookies required to keep you logged in (Supabase auth session). We do not use third-party analytics or advertising cookies. No consent banner is needed because we use only strictly necessary cookies (ePrivacy Directive § 5(3)).

We keep your account data as long as your account is active. If you delete your account, we erase your profile, maps, feedback, and login records within 7 days. Cached third-party LinkedIn data is refreshed on a rolling 14-day window and is removed when no longer needed for the service.

Supabase + Vercel: EU region. Resend: EU. DeepSeek: data is sent to DeepSeek's API endpoints (operated outside the EU). The data we send to DeepSeek is limited to: your buyer profile + public LinkedIn data for the account you're mapping. No login identifiers, no internal user IDs.

We'll post any changes here and update the "Effective" date at the top. For material changes that affect your data, we'll also email you.

Questions about this policy or your data: taimoor@gtmbase.io.