When you sign up, we collect: your email address, the IP and user-agent of your signup request, and any optional referral code. When you use the API, we log each request: endpoint called, input parameters, response shape, credits charged, and latency.
To provision your account, enforce rate limits, bill you for credits used, prevent abuse, and improve our services. Aggregate, anonymized usage statistics may be used to publish public stats (e.g. "X enrichments processed today").
AgentEnrich is a business-to-business API. The data we return concerns individuals only in their professional capacity (work email, work phone, current job title, employer, public LinkedIn profile). We do not process or return special category data, consumer financial data, health data, or personal-life details. Our processing relies on legitimate interest under GDPR Article 6(1)(f) for B2B professional contact data and on the CCPA business-contact exemption (Cal. Civ. Code §1798.145(n)) in the United States.
Our enrichment endpoints return data sourced from public web sources (LinkedIn profiles, company websites, press releases, job postings) via licensed upstream providers operating under their own consent and compliance frameworks. We do not scrape or access data without authorization. We do not sell raw lists of people. We do not provide CSV bulk-export of contact lists. The product surface is a programmatic API: developers integrate it into their own applications, where they are responsible for their downstream use under applicable law (GDPR, CAN-SPAM, TCPA, etc.).
We are not a lead-generation service. We do not send messages on behalf of customers. We do not maintain or sell ranked lists of "best leads." We do not perform automated outreach, bulk email, or SMS. Our API returns structured data on individual queries; the developer's own application decides what, if anything, to do with that data, subject to their own legal obligations.
If a person does not want their professional contact information returned by our API, they may email [email protected] with their LinkedIn URL, work email, or full name + employer. We add them to our suppression list within 7 days and forward the request to upstream providers. Future API calls referencing that person return a "suppressed" response with no data. Subject Access Requests, correction, export, and deletion requests are also accepted at the same address; we respond within 30 days.
We cache resolved person records for up to 90 days and company records for up to 180 days. Phone numbers are cached up to 365 days. Records are automatically invalidated when we detect a job-change signal for the same person.
You can request access, export, correction, or deletion of any data we hold about you (or about a person whose data appears in our cache) by emailing [email protected]. We respond within 30 days. EU residents have additional rights under GDPR.
We use minimal first-party cookies only for signup flow and rate-limiting. No third-party tracking pixels. No advertising cookies.
Data is stored on infrastructure in the United States and the European Union. Request logs are retained for 90 days. Account records are retained for the lifetime of your account plus 1 year for tax/audit purposes.
Data Protection Officer: [email protected]. For all other inquiries: [email protected].