Last Updated: March 26, 2026 · Effective Date: March 26, 2026
ESTEL ("we", "us", "our") is committed to protecting your privacy. This policy reflects our role as a Sales Workflow Orchestrator.
Estel as Data Controller: We are the Controller for your account information, billing, and platform usage data.
Estel as Data Processor: We act as a Processor for any "Buyer Data" (professional contact details) you retrieve from third-party integrations (e.g., Apollo.io). In these instances, you are the Data Controller.
User Account Information: Name, email, company, and billing details.
Integration Credentials: We store encrypted OAuth tokens or API keys that you provide to connect Estel to third-party services. These are encrypted at rest using Fernet (AES-128).
Communication Data: Support requests and chat interactions.
Standard usage logs, IP addresses, and device data to ensure security and platform performance.
Unlike traditional data brokers, Estel does not maintain a global database of leads. We process:
Enrichment Data: Names, professional emails, and phone numbers retrieved from your connected accounts.
Transient Storage: This data is stored only within your private chat history to provide service continuity.
Contractual Necessity: To provide the orchestration platform you subscribed to.
Legitimate Interest (Estel): For "Blurred Discovery" (previewing job titles without PII) and platform security.
Legitimate Interest (User): You, as the Controller, are responsible for the legal basis used to identify and contact buyers.
We engage the following sub-processors to facilitate the service:
While we prioritize EU/EEA storage (AWS), some sub-processors operate in the USA. We utilize Standard Contractual Clauses (SCCs) and ensure all US-based partners participate in the Data Privacy Framework (DPF) where applicable.
| Data Category | Retention Period |
|---|---|
| Account & Billing | Active use + 7 years (Legal requirement) |
| OAuth Tokens | Until integration is disconnected by User |
| Buyer PII (Leads) | Retained in chat history; User may opt-in to 30-day auto-delete |
| De-identified Data | One-way HMAC-SHA256 hashes are retained indefinitely |
| Usage Logs | 12–24 months |
Under GDPR, you have the right to access, correct, or delete your data. Because we act as a Processor for your leads, requests to delete specific buyer data should be managed through your Estel "Clear History" settings or directed to the original data source (e.g., Apollo.io).
Encryption: We use TLS 1.2+ for data in transit and AES-256 for data at rest.
Credential Safety: Your third-party tokens are never stored in plain text; they are encrypted using a per-user master key.
Isolation: Your processed lead data is logically isolated and never shared with other users.
Our Services are strictly B2B and not intended for individuals under 18.
Info: info@estel.tech
Address: ESTEL, Sofia, Bulgaria
We use essential cookies for authentication and functional cookies (via Matomo/Hotjar) for platform optimization. See our Cookie Policy for details.
We may update this policy to reflect changes in our orchestration features or regulatory requirements. Updates are effective immediately upon posting.
By using ESTEL's Services, you acknowledge that you have read and understood this Privacy Policy.
Version: 1.0 · Effective as of: March 26, 2026