Privacy Policy

Last updated: 16 June 2026

Summary

We take your privacy seriously. This policy explains how Handshake collects, uses, and protects personal data when you use our outreach-automation platform. In short:

  • We process the contact data you upload or target on your behalf - for that data you are the controller and we are the processor.
  • We use AI to help draft and personalize your outreach messages based on available professional information.
  • We connect to LinkedIn and email providers to send and manage communications you direct.
  • We use reasonable security measures and retain data only as long as needed.
  • You have rights to access, correct, and delete your personal data.
  • We support GDPR, UK GDPR, and CCPA/CPRA rights for the people they protect.

1. Introduction

Grobot Technologies LLC ("we", "us", "our", or "Handshake") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you:

  • use our website and platform;
  • use the Services as a Client or Partner;
  • interact with outreach communications sent through the platform; or
  • contact us for support.

Company details:

Grobot Technologies LLC

30 N Gould St, Ste R, Sheridan, WY 82801, United States

Email: support@gro.bot

This Privacy Policy should be read together with our Terms and Conditions and Data Processing Addendum.

2. Information we collect

2.1 Information you provide directly

  • Account information: name, email, phone, company name, job title.
  • Billing information: payment method and billing details (handled by our payment processor).
  • Connected accounts: LinkedIn and email account connection details and access tokens needed to operate the Services on your behalf.
  • Campaign information: target audience criteria, messaging templates and content, and campaign settings.
  • Communications: messages sent and received through the platform, and support correspondence.

2.2 Contact data processed on your behalf

When you use the platform to conduct outreach, we process personal data about the people you target ("End Contacts"), which may include name, job title, company, industry, publicly available profile information, business email, professional background, engagement history (for example, opens, clicks, replies), and scheduling information.

Important: For End Contact data, we act as a processor on your behalf, and you act as the controller. You are responsible for having a lawful basis to collect and use this data and for providing any required notices to End Contacts.

2.3 Information collected automatically

IP address and approximate location, device and browser information, usage data, log files, and cookies and similar technologies.

2.4 Data from third-party platforms

  • LinkedIn: profile data, connection information, and messaging activity needed to provide the Services.
  • Email providers: sending and receiving data, delivery status, and engagement metrics.
  • Calendar systems: availability and scheduling data, where you connect them.

3. How we use information

  • Provide the Services: operate and maintain the platform, draft and send personalized outreach, manage conversations and replies, and schedule meetings.
  • AI features: use AI to analyze available professional information and to generate and optimize messaging. We do not use your Customer Data to train AI models for unrelated purposes; any model improvement uses aggregated or de-identified data.
  • Improve and secure the platform: monitor performance, analyze usage, develop features, and prevent fraud and abuse.
  • Communicate with you: send transactional and service messages, respond to support, and (with consent where required) send marketing.
  • Comply with law: meet legal obligations and enforce our Terms.

4. Legal bases for processing (EEA/UK)

PurposeLegal basis
Providing the Services to youPerformance of a contract
Billing and paymentsPerformance of a contract
Outreach to End Contacts (on your behalf)Your lawful basis as controller
Platform improvement, security, fraud preventionLegitimate interests
Marketing communicationsConsent (where required) / legitimate interests
Legal complianceLegal obligation

5. How we share information

  • We do not sell your personal data.
  • Service providers: cloud hosting, payment processing, email delivery, analytics, support tools, and AI infrastructure providers, each under contractual data-protection obligations. Our current list of sub-processors is available on request.
  • Third-party platforms: LinkedIn, email providers, and calendar systems, as needed to deliver the Services you direct.
  • Partners: if you are an End Contact of, or a user managed by, one of our Partners, we share data with that Partner as needed to provide the Services.
  • Legal requirements: where required by law or valid legal process, or to protect rights, safety, and security.
  • Business transfers: in a merger, acquisition, or sale of assets, with notice as required.

6. International data transfers

We are based in the United States, and our service providers may operate in the United States, the European Union, and elsewhere. Where personal data is transferred from the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the Standard Contractual Clauses and the UK International Data Transfer Addendum. See our Data Processing Addendum for details.

7. Data retention

We retain personal data only as long as necessary for the purposes described and to comply with legal obligations.

Data typeRetention
Account informationDuration of account + up to 2 years
Campaign and messaging dataDuration of campaign + up to 1 year
End Contact conversation historyDuration of active outreach + up to 6 months
Billing recordsAs required by law (typically up to 7 years)
Support communicationsUp to 3 years after closure
Aggregated / de-identified analyticsIndefinitely

You may request deletion at any time, subject to legal retention requirements. On account termination, we delete or anonymize your data in line with these periods unless longer retention is required by law.

8. Data security

We use reasonable technical and organizational measures, including encryption in transit and at rest, least-privilege access controls, monitoring, and an incident-response process. No system is completely secure; you are responsible for safeguarding your credentials and for notifying us promptly of any suspected unauthorized access.

9. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal data, to withdraw consent, and to opt out of marketing. To exercise these rights, contact us at support@gro.bot. We will respond within the time required by applicable law and may need to verify your identity.

Our platform uses AI to generate messages and assist with conversation handling. You have the right to be informed about, and to request human review of, decisions that significantly affect you and are based solely on automated processing.

Where we process End Contact data on a customer's behalf, we will refer requests from those individuals to the relevant customer (the controller) and assist as required.

You may also lodge a complaint with your local data protection authority.

10. Cookies and tracking

Our website and platform use cookies and similar technologies that are essential for functionality and authentication, and (with consent where required) for analytics and marketing. You can control non-essential cookies through your browser settings or our cookie controls where available. Blocking essential cookies may affect functionality. See our Cookie Policy for details.

11. Children's privacy

The Services are not directed at anyone under 18, and we do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

12. Region-specific rights

  • EEA / UK: you have the rights described in Section 9 under the GDPR and UK GDPR, including the right to lodge a complaint with your supervisory authority.
  • California (CCPA/CPRA): you have the right to know, access, correct, delete, and opt out of the "sale" or "sharing" of personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA. When we process personal information on a customer's behalf, we act as a service provider.
  • Other US states: where applicable state privacy laws apply, we honor the equivalent rights.

13. Our roles: controller and processor

  • We are a controller for your account information, billing data, website and platform usage data, and our own marketing.
  • We are a processor for the End Contact data and outreach content you process through the platform. For that data, you are responsible for your lawful basis, consents, notices, and responding to data-subject requests. Our processing as a processor is governed by our Data Processing Addendum.

14. Changes to this policy

We may update this policy from time to time. We will post the updated policy with a new "Last updated" date and, for material changes, notify registered users by email or in-app. Continued use after changes take effect means you accept the updated policy.

15. Contact

Questions or privacy requests:

Grobot Technologies LLC

30 N Gould St, Ste R, Sheridan, WY 82801, United States

Email: support@gro.bot