Privacy Policy

Effective: 22 April 2026

1. Who We Are

Outro ("Outro", "we", "us") operates a voice exit-interview platform for SaaS cancellations available at outro.so (the "Service"). This Privacy Policy explains what personal data we collect, how we use it, and the choices you have. For questions about this policy, contact us at [email protected].

When you use the Service to collect feedback from your own end users, you are the data controller of that feedback and we act as a data processor on your behalf. When you use our website as a visitor or create an account, we are the controller of your own account and usage data.

2. Data We Collect

Account data

  • Email address and password hash (handled by Supabase Auth)
  • Optional profile details you provide (name, account name, account slug)
  • Team membership and invitation records

Billing data

  • Subscription status, plan, and Lemon Squeezy subscription identifiers
  • Invoice metadata (amount, date, status) returned by Lemon Squeezy
  • We do not store card numbers, CVC, or bank details - these are handled directly by Lemon Squeezy

Feedback content (collected by you, processed by us)

  • Voice recordings submitted to your cancellation pages
  • Transcripts and translations generated from those recordings
  • Text responses submitted through your cancellation pages
  • Sentiment, themes, and AI-generated summaries derived from the above
  • Optional metadata you choose to capture (page URL, browser, coarse location)

Usage & technical data

  • Audio minutes and AI report usage counts (for plan limits)
  • Server logs: IP address, user agent, request paths, timestamps
  • Error and performance diagnostics

3. How We Use Data

  • Operate the Service, including authentication, cancellation-page delivery, and dashboard access
  • Transcribe, translate, and analyse feedback using our AI sub-processors
  • Enforce plan limits (audio minutes, AI reports, team seats, cancellation pages)
  • Process subscriptions, renewals, and refunds via Lemon Squeezy
  • Respond to support requests you send us
  • Detect abuse, fraud, or violations of our Terms of Service
  • Comply with legal obligations (tax, audit, valid legal requests)

We do not sell your personal data. We do not use your feedback content or AI outputs to train third-party foundation models; our AI sub-processors (see Section 5) operate under API terms that prohibit such training.

4. Legal Bases (EEA / UK)

  • Contract - to deliver the Service you signed up for (account, billing, core feature delivery)
  • Legitimate interest - service security, abuse prevention, product improvement using aggregated usage data
  • Consent - optional analytics/marketing cookies (see Cookie Policy), email marketing where required by law
  • Legal obligation - tax records, responses to valid legal process

5. Sub-processors

We share personal data with the following sub-processors to run the Service. Each is bound by a data-processing agreement:

  • Supabase Inc. - managed Postgres database, authentication, object storage (audio files). Region: EU (Frankfurt).
  • ElevenLabs, Inc. - voice-to-text transcription of recorded answers.
  • OpenAI, L.L.C. - translation and text analysis of transcripts. OpenAI API data is not used to train their models.
  • Lemon Squeezy LLC - subscription billing and payments; Merchant of Record for EU VAT / sales tax.
  • Cloudflare, Inc. - hosting, CDN, and DDoS protection for the application.
  • Email delivery - transactional email for invitations, password resets, and receipts (via Supabase SMTP).

We will provide the current list of sub-processors on request to business customers. Material additions are announced at least 30 days in advance where practical.

6. International Data Transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where available, the EU-US Data Privacy Framework.

7. Retention

  • Account data - retained while your account is active and for up to 30 days after deletion, then removed from production systems. Backups expire within 30 additional days.
  • Feedback content (audio, transcripts, responses) - retained for the duration of your subscription; you can delete individual responses from the dashboard at any time.
  • Billing records - retained for 7 years (or the period required by applicable tax law), including after account deletion.
  • Server & security logs - retained up to 90 days.
  • Aggregate and anonymised data - retained indefinitely for product analytics.

8. Security

We use TLS 1.2+ for data in transit and encryption at rest for stored data. Database access is gated by Supabase Row-Level Security policies. Service-role credentials are kept server-side and never exposed to the browser. We enforce least-privilege access for team members, log administrative actions, and review security regularly.

No system is 100% secure. If we discover a breach affecting your personal data, we will notify you without undue delay in line with applicable law (typically within 72 hours for GDPR-covered incidents).

9. Your Rights

Depending on where you live, you may have rights to:

  • Access a copy of your personal data
  • Rectify inaccurate data
  • Delete your data (right to erasure) - you can delete your account at any time from Account Settings
  • Export your data in a machine-readable format (Pro plan offers a CSV export of responses)
  • Restrict or object to processing based on legitimate interest
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. End Users of Your Cancellation Pages

When feedback is collected through cancellation pages linked or embedded from your product, you are responsible for informing your end users about the collection and obtaining any consent required by law (GDPR, CCPA, etc.). We process that data only on your documented instructions as part of the Service. Our Data Processing Addendum is available to paying customers on request.

11. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, contact [email protected] and we will delete it.

12. Changes

We may update this Privacy Policy as the Service and our practices evolve. Material changes will be announced in the dashboard or by email at least 14 days before they take effect. The "Effective" date above reflects the latest revision.

13. Contact

Privacy questions, data subject requests, or DPA requests: [email protected].