Last Updated: July 12, 2026

This Privacy Policy describes how Excelvance ("we," "us," or "our") collects, uses, stores, and protects information when you visit our website, use our platform, or interact with our services (collectively, the "Service"). We are committed to protecting your privacy and processing data in compliance with the European General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are

Excelvance AI is a B2B lead-orchestration and data enrichment platform. We act as a data processor on behalf of our business clients (data controllers) when handling lead data, CRM records, and enrichment workflows through our platform.

For questions about this Privacy Policy or your data rights, contact us at:

Excelvance AI Email: privacy@excelvance.com

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, business email address, company name, job title, and phone number when you create an account or contact us

  • Communication data: Messages, inquiries, and correspondence when you reach out via email, forms, or other channels

  • Billing information: Company billing details and payment information as required for service agreements

  • Client configuration data: API keys (stored as references only), CRM connection credentials, enrichment provider preferences, and workflow settings

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, timestamps, session duration, and interaction patterns

  • Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution

  • Cookies and similar technologies: See Section 8

2.3 Information Processed on Behalf of Clients (Processor Role)

When our business clients use the Excelvance platform, we process data on their behalf. This may include:

  • Lead and prospect data: Names, email addresses, phone numbers, job titles, company names, and other contact information submitted through inbound forms or CRM integrations

  • Enrichment data: Firmographic data, technographic profiles, corporate registry information, and beneficial ownership records sourced from third-party providers and public registries

  • CRM and workflow data: Lead scores, routing assignments, enrichment status, and pipeline metadata

We process this data strictly as instructed by our clients and in accordance with applicable data processing agreements.

3. How We Use Information

3.1 As a Data Controller (Our Website and Direct Interactions)

We use information we collect directly to:

  • Provide, maintain, and improve the Service

  • Respond to inquiries and support requests

  • Send service-related communications (account updates, security alerts, maintenance notices)

  • Process billing and manage accounts

  • Analyze usage patterns to improve the platform

  • Comply with legal obligations

Legal bases (GDPR Article 6):

  • Contract performance: Processing necessary to provide the Service you requested

  • Legitimate interest: Analytics, security, and service improvement, balanced against your privacy rights

  • Legal obligation: Compliance with applicable laws

  • Consent: Where required, such as for marketing communications

3.2 As a Data Processor (Client Data)

When processing data on behalf of our clients, we act solely under their instructions. We do not use client data for our own purposes, do not sell client data, and do not use client data to train AI models.

4. Data Security Architecture

Security is foundational to the Excelvance platform. We implement the following technical and organizational measures:

4.1 Zero Data Retention (ZDR)

All AI prompts, contexts, and outputs are processed strictly in memory. Once a request completes, memory is flushed and all prompt data is discarded. We log metadata (who requested, when, success/failure) but never log request or response content. This is our "forget by design" principle.

4.2 Encryption

  • In transit: All data is transmitted over HTTPS with TLS 1.2 or higher (TLS 1.3 preferred)

  • At rest: Data at rest is encrypted using industry-standard encryption

  • BYOK (Bring Your Own Key): Enterprise clients on Tier 2 and Tier 3 can use their own encryption keys stored in their own cloud KMS or HSM. Excelvance accesses only key references via envelope encryption. Raw key material never leaves the client's boundary

4.3 PII Masking Gateway (Tier 3)

For clients requiring the highest level of data protection, Tier 3 deploys a local, stateless redaction gateway directly inside the client's network (VPC or on-premises DMZ). Before any data reaches external AI models, it passes through a multi-stage redaction pipeline:

  • Stage 1: Deterministic regex masks high-structure PII (credit card numbers, social security numbers) in 5-10ms

  • Stage 2: Contextual heuristics identify additional sensitive patterns

  • Stage 3: Named Entity Recognition (NER) models identify sensitive names, addresses, and entities in under 30ms

Sensitive data is replaced with deterministic tokens (e.g., a name becomes [PERSON_1]). The same input always produces the same token, preserving logical consistency for AI processing without exposing real identities.

4.4 Tenant Isolation

Each client's data is isolated through authenticated JWT claims with tenant identifiers enforced at the payload level. Cross-tenant data access is architecturally impossible.

4.5 Serverless Edge Runtimes

Processing occurs in isolated V8-based edge runtimes with strict resource limits (128MB RAM, 50-200ms CPU time), no writable filesystem, and cold-start times under 5ms. Data cannot persist on the compute layer.

5. Data Sharing and Third Parties

We do not sell your personal information. We may share data with:

  • Enrichment and verification providers: To perform firmographic lookups, corporate registry (KYB) verification, and beneficial ownership (UBO) mapping as part of the Service. When BYOK is enabled, data sent to these providers is encrypted with the client's own keys

  • CRM and integration partners: To sync processed data to your designated systems (Salesforce, HubSpot, Dynamics, ServiceNow, and others) as configured by you

  • Infrastructure providers: Cloud hosting and infrastructure partners who process data under strict data processing agreements

  • Legal and regulatory authorities: When required by law, regulation, legal process, or enforceable governmental request

  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance

6. International Data Transfers

If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

  • Binding Corporate Rules where applicable

  • Client-managed encryption (BYOK) ensuring data remains protected regardless of processing location

7. Data Retention

  • Website visitor data: Retained for up to 12 months from your last interaction, then anonymized or deleted

  • Account data: Retained for the duration of your account and for up to 24 months after termination for legal and audit purposes

  • Client-processed data (Processor role): Retained and deleted in accordance with the client's instructions and our data processing agreement. Under ZDR architecture, AI-processed content is never retained

  • Billing and financial records: Retained as required by applicable tax and commercial law (typically 10 years under German law)

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We categorize them as:

  • Strictly necessary cookies: Required for the website to function. Cannot be disabled

  • Analytics cookies: Help us understand how visitors interact with our website. Deployed only with your consent

  • Functional cookies: Remember your preferences and settings. Deployed only with your consent

We do not use advertising or tracking cookies. You can manage your cookie preferences through the cookie banner displayed on your first visit, or through your browser settings.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Access: Request a copy of the personal data we hold about you

  • Rectification: Request correction of inaccurate or incomplete data

  • Erasure: Request deletion of your personal data, subject to legal retention obligations

  • Restriction: Request that we limit how we process your data

  • Portability: Receive your data in a structured, machine-readable format

  • Objection: Object to processing based on legitimate interest

  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

  • Lodge a complaint: File a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@excelvance.com. We will respond within 30 days.

If your data is processed by us on behalf of a business client (i.e., we are the processor), please direct your request to the client (the controller) in the first instance, as they determine the purposes and means of processing.

10. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Automated Decision-Making

The Excelvance platform uses automated processes to score, enrich, and route leads. These processes may include:

  • Lead scoring based on firmographic and intent signals (Hot, Warm, Cold classification)

  • Automated enrichment and verification against corporate registries

  • Routing assignments based on configurable rules

These automated processes are applied to business contact data on behalf of our clients. They do not produce legal or similarly significant effects on individuals. Clients maintain human-in-the-loop controls and can review, override, or disable any automated decision.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent revision.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

Excelvance AI Email: privacy@excelvance.com General: hello@excelvance.com