Privacy Policy
Last updated 8 June 2026
Who we are
Liid is a lead-generation and email-outreach product operated by Täp OÜ (Estonian registry code 12125250), registered in Tallinn, Estonia ("Liid", "we", "us"). Täp OÜ is the data controller for the personal data described in this policy.
For any privacy question, request, or complaint, contact us at liid@krister.ee.
1What this policy covers
This policy explains what personal data Liid processes, why, on what legal basis, who we share it with, and the rights you have. It covers two distinct categories of people:
- Our users — the people who sign up for Liid, connect their mailboxes, and run outreach campaigns.
- Prospects — the business contacts our users research and email through the service. We process their data as a processor on our users' behalf; the user is the controller for that outreach.
2Data we collect
Account data
Your name and email address when you register, and authentication metadata. We never see or store passwords for third-party providers.
Connected mailbox data
When you connect a Gmail, Microsoft 365, or IMAP mailbox, the OAuth tokens that authorise access are held by our email-infrastructure provider, Nylas (EU/UK region) — Liid never receives or stores your mailbox password or OAuth tokens. We store only an opaque connection identifier, the mailbox address, and its display name. Through that connection we:
- send the outbound emails and follow-ups you approve;
- read inbound replies to those threads so we can show the conversation and stop sequences when someone responds;
- detect bounce and delivery notifications to protect sender reputation.
Campaign & message content
Email drafts, subjects and bodies (AI-generated and your edits), sent messages, inbound replies, and notes — stored so we can display threads and improve the drafts we generate for you.
Prospect data
Company and business-contact information (company name, industry, size, public business email addresses, job titles) gathered during enrichment to build your target lists.
Billing data
Subscription and payment processing is handled by Stripe. We do not store full card numbers; we keep a customer reference and your plan status.
Technical data
Standard server logs (IP address, browser, timestamps) and a session cookie required to keep you signed in.
3Google user data & Limited Use
Where you connect a Google (Gmail / Google Workspace) account, Liid's access to and use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Gmail data only to provide and improve the user-facing features described above — sending your approved messages, threading replies, classifying replies, and detecting bounces.
- We do not transfer Gmail data to others except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition with appropriate notice.
- We do not use Gmail data for advertising, and we do not sell it.
- We do not allow humans to read your Gmail data, except: with your explicit consent (e.g. when you ask for support); where necessary for security purposes such as investigating abuse; to comply with applicable law; or where the data has been aggregated and anonymised.
Reply classification and draft generation are performed by an automated AI service (see §4). Email content sent to that service is used solely to deliver these user-facing features and is not used to train third-party models.
4Who we share data with (sub-processors)
We share data only with the service providers needed to run Liid. Each acts as our processor under data-processing terms consistent with the GDPR.
- Nylas — email connectivity and mailbox sync (EU/UK data region). Holds the mailbox OAuth grant and relays send/read operations.
- Anthropic, accessed via OpenRouter — generates email drafts and classifies inbound replies. Receives the message content needed for that task; does not use it to train models.
- Stripe — subscription billing and payment processing.
- Our cloud hosting and database provider — stores application data on infrastructure located in the EU.
We do not sell personal data or share it for advertising.
5Legal bases (GDPR)
- Contract — to provide the service you signed up for.
- Legitimate interests — to operate, secure and improve Liid, and to enable B2B outreach to business contacts.
- Consent — where you explicitly connect a mailbox or grant a specific permission.
- Legal obligation — to meet accounting, tax and legal requirements.
6International transfers
We host application data in the EU. Our email provider Nylas operates in its EU/UK region, which may store data in the United Kingdom — a transfer covered by the UK adequacy decision. Where any provider processes data outside the EU/EEA, that transfer is covered by an adequacy decision or by Standard Contractual Clauses with appropriate safeguards.
7Retention
We keep account and campaign data for as long as your account is active. When you disconnect a mailbox we revoke the connection and delete the stored connection identifier. When you close your account we delete or anonymise your personal data within 90 days, except where we must retain records to meet legal obligations.
8Your rights
Under the GDPR you may request access to, correction of, deletion of, or a portable copy of your personal data, and you may object to or restrict certain processing. To exercise any right, email liid@krister.ee. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.
If you are a prospect contacted through Liid and wish to be removed, you may reply to the email asking to opt out, or contact us directly and we will route your request to the relevant user.
9Security
We apply industry-standard safeguards: encryption in transit, restricted access on a need-to-know basis, and storage of mailbox credentials with a specialised provider rather than in our own systems.
10Changes to this policy
We may update this policy as the product evolves. Material changes will be reflected by the "last updated" date above and, where appropriate, notified to you.