Privacy Policy
Last updated: June 2026
1. Who we are
Ketchup Contacts (“we”, “us”, or “our”) operates the Ketchup Contacts web application and Telegram bot (collectively, the “Service”). We are a personal CRM product designed to help professionals capture, enrich, and manage contact information from networking events.
If you have questions about this policy, contact us at [email protected].
2. What data we collect
Data you provide directly:
- Account information (name, email address) via Clerk authentication
- Contact data you enter — names, companies, roles, email addresses, phone numbers, LinkedIn URLs, notes, and any other information you choose to record
- Voice messages and text messages sent to the Ketchup Contacts Telegram bot
- Photos you upload to associate with contacts
- Payment information processed by our payment providers (we do not store card numbers)
Data we collect automatically:
- Usage data — pages visited, features used, timestamps
- Telegram chat ID and message metadata (not message content beyond what you send us)
- IP address and browser/device information via standard web logs
- Analytics data via Google Analytics (anonymised, see Section 7)
Data we fetch from third-party sources on your behalf:
- Publicly available LinkedIn profile data (via EnrichLayer)
- Web search results about contacts (via SerpAPI)
- Wikipedia summaries and public biographical information
- Cryptocurrency market data (via CoinGecko) for contacts in the crypto industry
3. How we use your data
- To provide and improve the Service — storing your contacts, enriching profiles, and powering AI-driven search and insights
- To transcribe voice messages using OpenAI Whisper
- To generate AI summaries and conversation starters using Anthropic Claude
- To process payments and manage your subscription
- To send transactional emails (trial reminders, payment receipts) via Resend
- To detect duplicate contacts and maintain data quality
- To generate and store vector embeddings of contact data to power semantic search
- To respond to support requests
- To comply with legal obligations
We do not sell your personal data or contact data to third parties. We do not use your contacts’ data for advertising purposes.
4. Data sharing and sub-processors
We share data with the following service providers solely to operate the Service:
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication | Email, name |
| Anthropic | AI enrichment & intent detection | Contact notes, messages |
| OpenAI | Voice transcription | Audio recordings |
| EnrichLayer | LinkedIn profile enrichment | Name, company |
| SerpAPI | Web search enrichment | Name, company |
| Resend | Transactional email | Email address |
| Lemon Squeezy | Card payments | Email, billing info |
| NOWPayments | Crypto payments | Email, order info |
| DigitalOcean | Hosting & file storage | All app data (encrypted at rest) |
| Google Analytics | Usage analytics | Anonymised usage data |
5. Contact data and third-party individuals
When you add a person to Ketchup Contacts, you are storing information about a third party. You are responsible for ensuring you have a legitimate basis for storing that person’s information (for example, you met them and they gave you their business card or LinkedIn). We process this data on your behalf as a data processor. You are the data controller for your contacts’ personal data.
We enrich contact data with publicly available information. We do not contact the individuals in your CRM directly and we do not share their information with other users or third parties beyond the sub-processors listed above.
6. Data retention
- Your account and contact data is retained for as long as your account is active
- If you delete a contact, it is removed from our database immediately
- If you delete your account, all associated contact data, interactions, and enrichment cache are permanently deleted within 30 days
- Voice transcriptions (audio files) are processed and discarded — we do not retain the raw audio
- Billing records are retained for 7 years as required by law
7. Cookies and analytics
We use Google Analytics to understand how users interact with the Service. Google Analytics collects anonymised data including pages visited, session duration, and general geographic region. We do not use this data to identify individuals. You can opt out by installing the Google Analytics opt-out browser add-on.
We use essential session cookies via Clerk for authentication. These are strictly necessary and cannot be disabled.
8. Your rights
Depending on your location, you may have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data (you can do this directly in the app)
- Erasure — request deletion of your account and all associated data
- Portability — request an export of your contact data in a machine-readable format
- Objection — object to processing of your data for certain purposes
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
9. Security
We store data on DigitalOcean infrastructure in the London (lon1) region. Data is encrypted at rest and in transit (TLS 1.2+). Database credentials and API keys are stored as secrets and are never committed to source code. We use Clerk for authentication, which provides industry-standard security including JWT-based session management.
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to [email protected].
10. Children
The Service is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice in the app. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
