Privacy Policy
Last updated: July 3, 2026
This policy describes what DoEnrich stores, why, and who it is shared with. It covers two kinds of people: customers (you, the CRM account holder) and leads (the people whose records you ask us to enrich).
1. Data we store about customers
- Account data — your billing email, account settings, credit balance, and a per-account activity ledger (purchases, enrichments, adjustments).
- CRM API key — the key for your CRM (e.g. Follow Up Boss or Sierra Interactive), stored encrypted at rest with Google Cloud KMS; used solely to read and update your own CRM account.
- Payment data — handled by Stripe. We store your Stripe customer id and, if you enable auto-refill, a reference to your saved payment method. We never see full card numbers.
2. Data we process about leads
When you designate a lead for enrichment, we read that lead's contact data from your CRM account and submit relevant pieces (email addresses, phone numbers, names, addresses) to data providers for validation and enrichment. Results are written back into your CRM account, which remains the system of record. You act as the data controller for your leads' information; DoEnrich processes it on your instructions.
We do not build profiles of your leads, use their data for our own marketing, or sell personal information. Operational logs referencing lead record ids are retained for troubleshooting and billing accuracy and age out on our log-retention schedule.
3. Service providers
We share data with the following processors, each only what their function requires: ZeroBounce (email validation), Searchbug and Trestle (phone validation and reverse lookup), Melissa Data (property data), Stripe (payments), Resend (transactional email), your connected CRM (Follow Up Boss or Sierra Interactive), and Google Cloud (hosting, storage, and encryption infrastructure).
4. Security
- All traffic is encrypted in transit (TLS).
- Data is stored on Google Cloud with encryption at rest; your CRM API key is additionally encrypted with a dedicated Cloud KMS key whose use is audit-logged.
- The customer portal uses passwordless magic-link sign-in; no passwords are stored.
5. Retention and deletion
Account data is retained while your account is active. Closing your account deletes your settings (including your encrypted CRM API key) and deregisters our webhooks from your CRM. Enriched data already written into your CRM is yours and is unaffected. Backup copies age out of our backup rotation automatically.
6. Your rights
You can view and change your billing email in the portal, request a copy or deletion of your account data, and disconnect the Service at any time. For lead data subject requests (access/deletion under state privacy laws), the request should go to you as the controller; we will assist with processing it on your instruction.
7. Changes
Material changes to this policy will be announced via the email on your account before they take effect.
8. Contact
Privacy questions: contact your DoEnrich representative or the address on your invoice.