Privacy Policy

Last updated: June 10, 2026

⚑ DRAFT: pending attorney review. Do not treat as final legal language.

This Privacy Policy explains how Stormlight Studio LLC ("we," "us," "our") collects, uses, and protects information in connection with the outbound.md service ("Service").

1. Information we collect

• Client information. Name, email, business details, and ideal-customer-profile information you share with us during kickoff and throughout the engagement.
• Payment information. Payments are processed by Stripe. We do not store your full card details; Stripe's handling of your payment data is governed by Stripe's privacy policy.
• Prospect data. To build lead lists, we collect publicly available professional profile information (e.g., name, title, company, industry, location, public activity) from LinkedIn profiles. This data is scored and filtered by automated systems against your ideal customer profile.
• Campaign data. Sending volumes, accept rates, reply rates, and message content sent and received through the outreach platform connected to your LinkedIn account.
• Website data. Basic analytics about visits to this website (pages viewed, referrer, approximate location). We do not use cookie walls, popups, or chat widgets.

2. How we use information

• To provide the Service: building and maintaining lead lists, writing and managing campaigns, and reporting performance to you.
• To bill you and communicate about your subscription.
• To improve our methods, using aggregated and anonymized data only.
• We do not sell personal information, and we do not use one client's prospect lists for another client.

3. Third-party services

We rely on a small set of processors to operate the Service: Stripe (payments), an outreach platform (currently HeyReach) that connects to your LinkedIn account, and standard business tooling (email, document storage, analytics). Each processes data only as needed to provide its function. The outreach platform's handling of your LinkedIn session and message data is also governed by its own privacy policy.

4. Data retention

We retain client and campaign data for the duration of the engagement and for a reasonable period afterward for record-keeping. Deliverables (lists, copy, configurations) are yours and remain with you after cancellation. You may request deletion of data we hold about you or your campaigns at any time (see Contact below), subject to legal record-keeping obligations.

5. Prospect rights

If you are a prospect whose publicly available professional information appears in a list we built, you may contact us to have your information removed from our systems. We honor such requests promptly.

6. Security

We use reasonable administrative and technical safeguards to protect the data we hold, including access controls and reputable third-party infrastructure. No system is perfectly secure; we will notify affected clients of any breach as required by law.

7. Children

The Service is for businesses and is not directed to anyone under 18. We do not knowingly collect information from children.

8. Changes

We may update this policy prospectively. Material changes will be communicated by email to active clients and reflected in the "Last updated" date above.

Contact

Privacy questions or deletion requests: me@dylanbaker.ai