Legal

Privacy Policy

Last updated: May 4, 2026

  1. Application

    This Privacy Policy ("Policy") applies to the use of and/or access to the website and services (the "Services") operated by UltraAPIs, a METE PRIM SRL brand ("Company").

    By accessing or using the Services, the Customer agrees to this Policy. If the Customer does not agree, they should stop using the Services immediately.

    This Policy may be updated from time to time. The Company will post changes on the Site with a new effective date. Continued use of the Services after any update constitutes acceptance of the revised Policy.

  2. Processing of Information

    The Company collects and processes certain information in order to provide, operate, and improve the Services, which may include the following categories of data:

    Information provided directly by the Customer:

    1. Name, job title, and company name
    2. Work email address and phone number
    3. Billing details, handled by a PCI-certified payment processor. The Company does not store raw card data.
    4. Messages and support requests

    Information collected automatically when the Customer uses the Services:

    1. IP address, browser type, and device information
    2. Pages visited, features used, and time spent on the Site
    3. API request logs and usage statistics
    4. Cookie and session data. See Section 6 — Cookies.

    Publicly available business and professional data:

    The Company's core service involves collecting publicly available professional and business information from lawfully accessible public sources, including corporate websites, public registries, professional profiles, and news publications. This includes names, job titles, company names, professional email addresses, and publicly listed phone numbers.

    This data is processed on the basis of legitimate interests — specifically, enabling businesses to identify relevant commercial contacts and maintain accurate records. The Company does not collect private communications, data from password-protected sources, or data relating to children.

    Data the Company does not collect:

    1. Health, genetic, or biometric data
    2. Racial or ethnic origin, religion, or political opinions
    3. Personal bank account or full payment card numbers
    4. Information relating to children under 16

  3. Usage of Information

    The Company uses the information collected to respond to your inquiries, provide customer support, process and fulfill your requests, send you updates and administrative messages, share information about its Services, monitor and improve usage and performance, detect and prevent fraud or misuse, and comply with legal obligations.

    The Company uses the information collected for the following purposes:

    Purpose Legal Basis Retention Period
    Account registration and management Contract performance Duration of account + 5 years
    Billing and payment processing Contract performance / Legal obligation 7 years, for tax and accounting obligations
    Customer support and communications Contract performance / Legitimate interest 3 years from last contact
    Security and fraud prevention Legitimate interest 3 years from end of relationship
    Service improvement and analytics Legitimate interest 3 years, then anonymized
    Marketing to existing customers Legitimate interest / Consent where required Until opt-out or 3 years inactive
    Compliance with legal obligations Legal obligation As required by applicable law

    Customer account data and billing records are retained as set out in the table above. When data is no longer required, it is securely deleted or anonymized.

  4. Third-Party Data

    When using our services, including professional network data access via our API or contact data enrichment, The Company provides access to publicly available information along with any enrichment obtained through our services.

    This data is not stored on our servers, except for temporary storage of enriched files for up to 3 months to allow delivery to clients. The Company therefore cannot remove such data from third-party sources, but maintains an opt-out list to ensure that excluded individuals cannot be queried through the Services in the future.

    The Company does not sell, share, or rent your data to third parties and uses it only to:

    1. Comply with legal obligations
    2. Provide customer support
    3. Generate internal summaries

    As the creator of the enriched data, you are the data controller under GDPR, and The Company is the data processor. The processing of publicly available or enriched data is performed on the basis of legitimate interests, solely to provide the Services. You, as the data controller, remain responsible for:

    1. Complying with data protection laws, including GDPR and CCPA
    2. Ensuring a lawful basis for processing personal data
    3. Providing privacy notices and handling data subject requests
    4. Using data only for authorized purposes and not for spam or unlawful use

    For more information, see our Data Processing Agreement.

  5. International Data Transfers

    Customer information may be processed in countries other than the Customer's country of residence. Where this involves transfers from the EEA or UK, the Company relies on EU Standard Contractual Clauses (SCCs) or other appropriate safeguards approved by the relevant authorities.

  6. Cookies

    The Company uses cookies and similar technologies to maintain login sessions, remember preferences, analyze Site usage, and protect against bots. Where required by law, the Company will request the Customer's consent before placing non-essential cookies. Disabling non-essential cookies will not affect core functionality.

  7. Data Security

    The Company implements appropriate technical and organizational measures to protect personal data, including:

    1. TLS encryption for all data in transit
    2. Encryption of data at rest
    3. Role-based access controls
    4. Regular security audits and vulnerability management
    5. Incident response procedures in line with GDPR breach-notification requirements

    No method of electronic transmission or storage is completely secure. In the event of a breach likely to affect a Customer's rights, the Company will notify the affected party and the relevant authorities as required by law.

  8. Your Privacy Rights

    Depending on their location, Customers and data subjects may have the right to access, correct, or delete their personal data, restrict or object to its processing, receive it in a portable format, withdraw consent at any time, and lodge a complaint with their local data protection authority.

  9. Limitation of Liability

    This Policy is provided for informational purposes. Any claims arising from or related to this Policy shall be subject to the liability limitations set forth in our Terms of Service, including any caps and exclusions of indirect, incidental, or consequential damages.

    In particular, the Company's total liability for claims related to this Policy shall not exceed the lower of (i) €5,000 or (ii) the Customer’s invoice of last 3 months total, to the maximum extent permitted by applicable law.

    For the avoidance of doubt, these limitations apply to all claims, whether arising under contract, tort, or otherwise, and nothing in this section limits any liability that cannot be excluded under applicable law.

  10. Privacy Policy Changes

    This Policy may be updated from time to time. Material changes will be communicated by email and/or a prominent notice on the Site at least 30 days before they take effect. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

  11. Contact

    For any privacy-related questions or requests, contact us at:

    1. Email: [email protected]
    2. Address: [Postal Address]