GDPR

Outpost is built so that you can run B2B outbound in Europe without a compliance hangover. This page explains how.

Lawful basis

Outbound contact data in Outpost is processed on the basis of legitimate interests for B2B prospecting. Every lead carries the context of why we believe it is lawful to contact them, and you can suppress anyone at any time.

Suppression lists

Unsubscribes and suppression apply globally. Once a contact is suppressed, Outpost will not re-surface them in discovery, enrichment, or flows, even if another account on your team encounters them.

Data subject requests

If a prospect exercises their right to access, correction, or erasure, email privacy@outpost.app. We help you fulfil the request and keep an audit trail.

Where data is processed

EU customer data is processed in EU regions. You can request a full list of sub-processors and their locations at any time.

Data processor agreement

We sign a DPA with any customer that needs one. Request it from privacy@outpost.app.

Data retention

We keep your data while your account is active. When you close your account, we delete identifiable data within 30 days, except where we are legally required to retain it (for example, tax records).

What Outpost will not do

• Source contact data where there is no lawful basis for outbound.
• Target consumers.
• Ignore a suppression request.