Privacy policy
Last Updated: July 12, 2026
This Privacy Policy describes how Excelvance ("we," "us," or "our") collects, uses, stores, and protects information when you visit our website, use our platform, or interact with our services (collectively, the "Service"). We are committed to protecting your privacy and processing data in compliance with the European General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Who We Are
Excelvance AI is a B2B lead-orchestration and data enrichment platform. We act as a data processor on behalf of our business clients (data controllers) when handling lead data, CRM records, and enrichment workflows through our platform.
For questions about this Privacy Policy or your data rights, contact us at:
Excelvance AI Email: privacy@excelvance.com
2. Information We Collect
2.1 Information You Provide
Account information: Name, business email address, company name, job title, and phone number when you create an account or contact us
Communication data: Messages, inquiries, and correspondence when you reach out via email, forms, or other channels
Billing information: Company billing details and payment information as required for service agreements
Client configuration data: API keys (stored as references only), CRM connection credentials, enrichment provider preferences, and workflow settings
2.2 Information Collected Automatically
Usage data: Pages visited, features used, timestamps, session duration, and interaction patterns
Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution
Cookies and similar technologies: See Section 8
2.3 Information Processed on Behalf of Clients (Processor Role)
When our business clients use the Excelvance platform, we process data on their behalf. This may include:
Lead and prospect data: Names, email addresses, phone numbers, job titles, company names, and other contact information submitted through inbound forms or CRM integrations
Enrichment data: Firmographic data, technographic profiles, corporate registry information, and beneficial ownership records sourced from third-party providers and public registries
CRM and workflow data: Lead scores, routing assignments, enrichment status, and pipeline metadata
We process this data strictly as instructed by our clients and in accordance with applicable data processing agreements.
3. How We Use Information
3.1 As a Data Controller (Our Website and Direct Interactions)
We use information we collect directly to:
Provide, maintain, and improve the Service
Respond to inquiries and support requests
Send service-related communications (account updates, security alerts, maintenance notices)
Process billing and manage accounts
Analyze usage patterns to improve the platform
Comply with legal obligations
Legal bases (GDPR Article 6):
Contract performance: Processing necessary to provide the Service you requested
Legitimate interest: Analytics, security, and service improvement, balanced against your privacy rights
Legal obligation: Compliance with applicable laws
Consent: Where required, such as for marketing communications
3.2 As a Data Processor (Client Data)
When processing data on behalf of our clients, we act solely under their instructions. We do not use client data for our own purposes, do not sell client data, and do not use client data to train AI models.
4. Data Security Architecture
Security is foundational to the Excelvance platform. We implement the following technical and organizational measures:
4.1 Zero Data Retention (ZDR)
All AI prompts, contexts, and outputs are processed strictly in memory. Once a request completes, memory is flushed and all prompt data is discarded. We log metadata (who requested, when, success/failure) but never log request or response content. This is our "forget by design" principle.
4.2 Encryption
In transit: All data is transmitted over HTTPS with TLS 1.2 or higher (TLS 1.3 preferred)
At rest: Data at rest is encrypted using industry-standard encryption
BYOK (Bring Your Own Key): Enterprise clients on Tier 2 and Tier 3 can use their own encryption keys stored in their own cloud KMS or HSM. Excelvance accesses only key references via envelope encryption. Raw key material never leaves the client's boundary
4.3 PII Masking Gateway (Tier 3)
For clients requiring the highest level of data protection, Tier 3 deploys a local, stateless redaction gateway directly inside the client's network (VPC or on-premises DMZ). Before any data reaches external AI models, it passes through a multi-stage redaction pipeline:
Stage 1: Deterministic regex masks high-structure PII (credit card numbers, social security numbers) in 5-10ms
Stage 2: Contextual heuristics identify additional sensitive patterns
Stage 3: Named Entity Recognition (NER) models identify sensitive names, addresses, and entities in under 30ms
Sensitive data is replaced with deterministic tokens (e.g., a name becomes [PERSON_1]). The same input always produces the same token, preserving logical consistency for AI processing without exposing real identities.
4.4 Tenant Isolation
Each client's data is isolated through authenticated JWT claims with tenant identifiers enforced at the payload level. Cross-tenant data access is architecturally impossible.
4.5 Serverless Edge Runtimes
Processing occurs in isolated V8-based edge runtimes with strict resource limits (128MB RAM, 50-200ms CPU time), no writable filesystem, and cold-start times under 5ms. Data cannot persist on the compute layer.
5. Data Sharing and Third Parties
We do not sell your personal information. We may share data with:
Enrichment and verification providers: To perform firmographic lookups, corporate registry (KYB) verification, and beneficial ownership (UBO) mapping as part of the Service. When BYOK is enabled, data sent to these providers is encrypted with the client's own keys
CRM and integration partners: To sync processed data to your designated systems (Salesforce, HubSpot, Dynamics, ServiceNow, and others) as configured by you
Infrastructure providers: Cloud hosting and infrastructure partners who process data under strict data processing agreements
Legal and regulatory authorities: When required by law, regulation, legal process, or enforceable governmental request
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance
6. International Data Transfers
If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
EU Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Binding Corporate Rules where applicable
Client-managed encryption (BYOK) ensuring data remains protected regardless of processing location
7. Data Retention
Website visitor data: Retained for up to 12 months from your last interaction, then anonymized or deleted
Account data: Retained for the duration of your account and for up to 24 months after termination for legal and audit purposes
Client-processed data (Processor role): Retained and deleted in accordance with the client's instructions and our data processing agreement. Under ZDR architecture, AI-processed content is never retained
Billing and financial records: Retained as required by applicable tax and commercial law (typically 10 years under German law)
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. We categorize them as:
Strictly necessary cookies: Required for the website to function. Cannot be disabled
Analytics cookies: Help us understand how visitors interact with our website. Deployed only with your consent
Functional cookies: Remember your preferences and settings. Deployed only with your consent
We do not use advertising or tracking cookies. You can manage your cookie preferences through the cookie banner displayed on your first visit, or through your browser settings.
9. Your Rights
Under the GDPR and applicable data protection laws, you have the following rights:
Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data, subject to legal retention obligations
Restriction: Request that we limit how we process your data
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interest
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
Lodge a complaint: File a complaint with your local data protection authority
To exercise any of these rights, contact us at privacy@excelvance.com. We will respond within 30 days.
If your data is processed by us on behalf of a business client (i.e., we are the processor), please direct your request to the client (the controller) in the first instance, as they determine the purposes and means of processing.
10. Children's Privacy
The Service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
11. Automated Decision-Making
The Excelvance platform uses automated processes to score, enrich, and route leads. These processes may include:
Lead scoring based on firmographic and intent signals (Hot, Warm, Cold classification)
Automated enrichment and verification against corporate registries
Routing assignments based on configurable rules
These automated processes are applied to business contact data on behalf of our clients. They do not produce legal or similarly significant effects on individuals. Clients maintain human-in-the-loop controls and can review, override, or disable any automated decision.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent revision.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:
Excelvance AI Email: privacy@excelvance.com General: hello@excelvance.com
