Privacy Policy

Last updated: May 27, 2026

1. Who We Are

Dotless is operated by Saem Group s. r. o., Púpavová ulica 4139/37, 900 25 Chorvátsky Grob, Slovakia, IČO: 57 600 171 ("Dotless", "we", "us", or "our"). This Privacy Policy explains how we collect, use, share, and protect personal data when you use dotless.co, the Dotless application, the waitlist, and related services worldwide. It applies to individuals, consumers, freelancers, agencies, companies, and other organizations that use Dotless.

You can contact us at .

2. Personal Data We Collect

We collect the following categories of data, depending on how you use Dotless:

  • Account data, including name, email address, phone number, authentication provider information, password when applicable, Google profile details when you connect Google, and support messages you send us.
  • Business profile data, including business name, sender name, footer or postal address, default country, phone parsing country, preferences, and account settings.
  • Waitlist and referral data, including name, email address, referral code, referrer, waitlist position, discount eligibility, and signup timestamps.
  • Billing data, including Stripe customer IDs, subscription status, invoices, payment status, plan details, billing email, and tax or accounting records. We do not store full card numbers.
  • Connected inbox data, including connected email address, provider, Gmail OAuth tokens, SMTP host, port, username, encryption setting, and secure secret references for SMTP passwords.
  • Lead and prospect data, including public business names, categories, addresses, city, state, country, phone numbers, ratings, review counts, place IDs, websites, social links, email addresses, language, region, and search source.
  • Outreach data, including templates, generated drafts, sent message subjects and bodies, sequence steps, send times, message IDs, thread IDs, replies, bounces, unsubscribes, and conversation messages.
  • Search and usage data, including searched cities, countries, categories, map polygons, requested lead counts, app events, page views, device data, IP address, browser data, logs, analytics, and performance data.
  • Cookie and local storage data used for authentication, security, OAuth flows, password recovery, theme preference, sidebar state, recent searches, launch popups, analytics, and basic site functionality.

3. How We Use Personal Data

We use personal data to:

  • Provide, maintain, secure, and improve Dotless.
  • Create accounts, authenticate users, and manage app sessions.
  • Operate the waitlist, referral codes, positions, and discount eligibility.
  • Process subscriptions, billing, accounting, tax, and fraud prevention through Stripe.
  • Run local business searches, enrich leads, identify contact details, and organize prospecting workflows.
  • Generate, translate, validate, personalize, send, and manage outreach drafts and sequences.
  • Detect replies, bounces, unsubscribes, and conversation status so your outreach records stay accurate.
  • Maintain suppression lists and opt-out logs so recipients who unsubscribe are not contacted again through Dotless.
  • Provide customer support, troubleshoot issues, monitor uptime, analyze usage, and improve performance.
  • Protect against abuse, spam, unauthorized access, and violations of our Terms of Service.
  • Comply with legal, regulatory, accounting, and security obligations.

4. Legal Bases

Where the GDPR or similar laws apply, we process personal data based on contract performance, legitimate interests, consent, and legal obligations. Legitimate interests include providing a prospecting and outreach tool, securing the service, preventing abuse, improving product performance, and communicating with users and recipients. You can withdraw consent where processing depends on consent, but this will not affect earlier lawful processing.

5. Gmail and Google API Data

If you connect Gmail, Dotless requests permission to send email and read limited mailbox data needed for product features. We use Gmail data to send messages you initiate, record message IDs and thread IDs, detect replies, show relevant conversation history, and update lead or sequence status. We do not use Gmail data for advertising, sell Gmail data, or use Gmail data to train generalized AI models.

You can revoke Google access in your Google account settings or disconnect Gmail in Dotless. Our use and transfer of Google user data follows the Google API Services User Data Policy, including its Limited Use requirements.

6. SMTP and Connected Email Providers

If you connect SMTP, we test the connection and store the connection settings needed to send messages from your account. SMTP passwords are stored through a secure secret mechanism instead of being displayed back to you in the app. Your email provider may separately process messages, logs, and delivery events under its own terms and privacy policy.

7. AI, Search, and Enrichment Providers

Dotless may use third-party search, scraping, enrichment, validation, translation, and AI providers to provide the service. Data sent to these providers can include public business details, candidate contact details, email templates, draft content, search settings, and account preferences needed to complete your request. You should not submit sensitive personal data or special category data to Dotless.

8. When We Share Personal Data

We share personal data with:

  • Infrastructure and database providers, including Supabase and Vercel.
  • Billing providers, including Stripe.
  • Email and authentication providers, including Google and your SMTP provider.
  • Search, enrichment, analytics, performance, and AI providers used to operate Dotless.
  • Professional advisers, auditors, insurers, or authorities when needed for legal, tax, security, or compliance reasons.
  • A buyer, successor, or affiliate if we are involved in a merger, acquisition, financing, restructuring, or sale of assets.

We do not sell your connected inbox data or Gmail data.

9. International Transfers

We are based in Slovakia, and our service providers may process data in the European Economic Area, the United States, and other countries. Where required, we use appropriate safeguards such as contractual protections, data processing terms, and transfer mechanisms recognized by applicable law.

10. Retention

We keep personal data for as long as needed to provide Dotless, comply with legal obligations, resolve disputes, enforce agreements, and protect the service. We generally keep account, lead, template, sequence, and connected email data while your account is active. We may retain billing and accounting records for the period required by law. We may retain minimal suppression list and opt-out records so we can honor unsubscribe requests. Backups and logs may persist for a limited period before deletion.

When you request account deletion, we schedule your account for permanent deletion after 30 days. During this 30-day recovery period, we retain your account record and verified phone number to allow account recovery, prevent duplicate-account abuse, and protect the Service. You may recover the account during this period by logging in with the same email address. During the recovery period, you cannot create a fresh account with the same verified phone number. After the recovery period, your account data is permanently removed unless we are required to retain limited information for legal, security, fraud-prevention, or compliance reasons.

11. Security

We use technical and organizational measures designed to protect personal data, including access controls, encrypted connections, provider security features, row-level database controls where applicable, and secret storage for sensitive connection details. No online service can guarantee absolute security, so you should use strong passwords, protect connected email accounts, and notify us if you suspect unauthorized access.

12. Your Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data. You may also have the right to withdraw consent and lodge a complaint with your local data protection authority. In Slovakia, the supervisory authority is the Office for Personal Data Protection of the Slovak Republic. To exercise rights, contact .

13. Business Recipients and Unsubscribes

If you receive outreach sent through Dotless, you can unsubscribe using the link in the message or contact the sender. Dotless maintains suppression records so unsubscribed addresses are not contacted again through the same Dotless account. You may also contact us if you believe your business contact data should be corrected or removed from our systems.

14. Children

Dotless is not intended for children under 18. We do not knowingly collect personal data from children under 18.

15. Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as by email, in-app notice, or a notice on the website. The updated version applies from the date shown above unless stated otherwise.

16. Contact

For privacy questions or requests, contact .