Security & compliance
Licensed sources, GDPR + CCPA compliant, encrypted storage, global suppression. No scraped data, no consumer PII.
Every contact in the database comes from licensed B2B data partnerships, public web data with respected robots.txt rules, and opt-in business directories. No scraped LinkedIn data, no purchased consumer lists.
We only sell B2B contact data — work emails, work phones, professional titles. We do not sell consumer data, home addresses, or personal information unrelated to a person’s professional role.
All API requests use TLS 1.2+. Database storage is AES-256 encrypted. API keys are hashed at rest and rotated on demand from your dashboard.
EU data subjects can request deletion via privacy@cheapb2bdata.com. Requests are processed within 30 days. We honor the right to be forgotten across the entire database, not just your account.
California residents can request access, deletion, or opt-out via privacy@cheapb2bdata.com. We do not sell personal information of California consumers — our dataset is B2B professional information only.
When a contact requests removal, they are suppressed across our entire customer base. You can’t accidentally re-import a suppressed contact through a CSV upload — we check on every export.
We do not use customer search history, lists, or unlocked records as training data for any internal or external AI system. Your account activity is your own.
Every API call, unlock, export, and team action is logged for 90 days. Available via API or your dashboard for SOC 2 / ISO audit review.
Is this data legal to use for cold outreach?
In the US: yes, B2B cold email and cold call to professional contacts is legal under CAN-SPAM and TCPA, with standard requirements (clear identification, working unsubscribe, do-not-call list compliance). In the EU: GDPR requires a lawful basis; legitimate-interest assessments for B2B prospecting are common and we provide guidance.
What if a contact emails to be removed?
Forward the request to privacy@cheapb2bdata.com or use the in-dashboard suppression tool. Removal applies to the entire database, not just your account.
Are you SOC 2 certified?
SOC 2 Type II audit is in progress. Current report available under NDA via the contact page. ISO 27001 follows in the next 12 months.
Where is data stored?
US-based AWS regions (us-east-1 primary, us-west-2 disaster recovery). EU data residency available on Enterprise plans.
Do you sign DPAs?
Yes. Standard DPA available on request. Custom procurement DPAs reviewed within 5 business days.
What happens to my data if I cancel?
Account data (saved lists, search history, audit logs) is retained for 30 days post-cancellation, then permanently deleted. Records you’ve unlocked remain yours — they’re your data, not a license you’re renting.
DPA, security questionnaires, SOC 2 report under NDA — email procurement@cheapb2bdata.com.