B2BDatabase

Orientation, pending counsel review

Privacy Policy

Effective 2026-06-30. Operating entity: Zenith Worldwide LLC (operating b2bdatabase.net).

This policy explains how we handle personal information in two roles: as a provider of a B2B contact database (where we act as a controller of business-contact data), and as a processor of data on behalf of our customers. Where the two differ, we say so.

1. What we collect, and where it comes from

We compile business-contact records: name, professional role and seniority, employer, business email and phone, professional social profile, and firmographic attributes (industry, company size, location, technologies). We obtain this information from a mix of public and commercial sources, including publicly accessible web pages and professional profiles, licensed data partners, our own enrichment and verification, and direct submissions. Every record carries a documented source and source batch; segments that cannot be sourced lawfully are excluded rather than shipped.

2. Lawful bases (GDPR / UK GDPR)

For business-contact data about individuals in their professional capacity, we rely on our legitimate interests (Article 6(1)(f)) in offering a B2B sales-intelligence service, balanced against the limited, work-context nature of the data and the controls described here. We do not rely on legitimate interest for special-category data and do not knowingly process it.

Where personal data is obtained from sources other than the individual, Article 14 requires transparency and, in the applicable cases, individual notification. We provide this policy as the standing Article 14 notice and are building a per-record notification capability before offering EU contact data at scale. Until that program is live, EU consumer records are held back and EU business records are gated. (This reflects the enforcement reality established in cases such as CNIL v Kaspr and Poland v Bisnode.)

3. US privacy laws (CCPA/CPRA and state equivalents)

California and similar-state residents have the rights to know, delete, correct, and opt out of the sale or sharing of personal information, and to non-discrimination for exercising them. We honor Global Privacy Control (GPC) signals as a valid opt-out. Exercise these rights via the Privacy Center or Do Not Sell or Share My Personal Information.

4. India DPDP and other regimes

As India's Digital Personal Data Protection Act obligations phase in, we apply the same suppression, deletion, and notice mechanisms to India-related data and adjust our posture as the rules take effect. For jurisdictions whose electronic-marketing regimes require prior opt-in consent (for example EU/UK ePrivacy/PECR and Canada CASL for consumer marketing), we do not offer consumer records for cold outreach.

5. How we use the data

We use contact data to operate the database โ€” search, faceting, verification, and the reveal and export of records to authenticated customers โ€” and to maintain accuracy through ongoing re-verification. Customers use exported records under our Terms and DPA, including the prohibited-use list.

6. Verification and accuracy honesty

We layer email verdicts (valid, catch-all, risky, invalid, unknown) and show the verdict mix before a record is revealed. A "verified" label means a deliverable verdict only โ€” catch-all addresses are never presented as verified. Where a revealed email returns an invalid verdict, the credit is automatically refunded. We do not overstate accuracy.

7. Your rights and how to exercise them

Self-serve removal: Privacy Center. We acknowledge requests within 24 hours and complete suppression/deletion of matched records within 45 days. Removal adds a one-way hash of your email to a permanent suppression list, so the record will not reappear in future updates.

8. Sharing and processors

We share data with customers who reveal or export records, and with service providers (hosting, payments, email delivery, verification) bound by contract to process it only on our instructions. We do not sell special-category or sensitive data, location data, or data about minors.

9. Retention and security

We retain contact records while they remain accurate and useful for the service and re-verify or decay stale records. Suppression entries are retained permanently so opt-outs are honored indefinitely. We apply access controls, hashed credentials and API keys, rate limits, export caps, and an audit log; we never permit full-database exports.

10. Contact

Privacy and data-subject requests: privacy@b2bdatabase.net. Operating entity: Zenith Worldwide LLC (operating b2bdatabase.net).

This policy is provided for orientation and transparency and is pending review by counsel. It is not legal advice. We will update it as our registrations, notification program, and product scope evolve.