Overview

This Privacy Policy explains what personal data is collected, why it is collected, how it is used, with whom it is shared, how long it is retained, and the rights available to individuals in the United States and India. It also describes how to exercise rights, including opt‑out of sales/sharing (US) and consent/withdrawal (India).

Who we are

DatabaseLuke (“Company”, “we”, “us”) provides B2B and B2C contact databases and related marketing data services. This Policy applies to our website, products, and services that reference it. Contact details for privacy requests are provided in the “How to contact us” section.

Categories of data

Depending on the service, the following categories may be processed in the last 12 months: identifiers (name, email, phone, address), professional information (job title, employer, industry), commercial information (purchases, service usage), internet activity (logs, device, analytics), geolocation (approximate), inference segments (interests), and publicly available data; sensitive data is not intentionally collected unless expressly provided or required by law.

Sources of data

  • Directly from customers and site visitors (forms, checkout, support).
  • Third‑party data suppliers and data brokers with contractual assurances.
  • Public sources such as corporate registries, public websites, and directories.

Purposes and legal bases

  • Provide and improve databases and services, customer support, account management, billing, security, fraud prevention, analytics, and compliance.
  • Marketing communications and audience curation consistent with applicable consent/opt‑out rules.
    Legal bases include consent, contract necessity, legitimate interests, and compliance with law; under India’s DPDP Act, consent must be free, specific, informed, unconditional and unambiguous, with clear notice provided.

Disclosures to third parties

Data may be disclosed to service providers/contractors (hosting, billing, analytics, email), integration partners, authorized resellers, professional advisers, law enforcement when required, and in corporate transactions; contracts require comparable privacy and security safeguards.

Selling/sharing of data (US)

Some activities—such as licensing audience segments or enabling cross‑context behavioral advertising—may be considered a “sale” or “sharing” under California law; individuals can opt out using the “Do Not Sell or Share My Personal Information” link and via global privacy controls where recognized.

Individual rights

  • California and other US state rights: know/access, portability, correction, deletion, opt‑out of sale/sharing, limit use of sensitive personal information, and non‑discrimination for exercising rights.
  • India (DPDP Act): informed consent, access, correction/erasure, grievance redressal, and withdrawal of consent via the mechanisms provided in our notices and consent manager support where applicable. Notices are available in English and supported languages.
    Requests can be submitted through the methods listed in “How to contact us.” Identity verification may be required.

Consent and notice (India)

Before processing personal data based on consent, a clear, specific privacy notice is presented describing categories, purposes, rights, grievance mechanism, and contact details of a responsible person/DPO; consent can be withdrawn at any time. Parental consent is obtained for children per applicable rules.

Retention

Data is retained only as long as necessary and proportionate to the purposes collected, legal obligations, dispute resolution, and security requirements, then securely deleted or anonymized.

Security

Reasonable and appropriate technical and organizational measures are used to protect data, including access controls, encryption in transit where feasible, vendor due diligence, and incident response; however, no method is 100% secure.

International transfers

Data may be processed in or transferred to the US, India, and other jurisdictions. When transferring, appropriate safeguards and contractual commitments are applied consistent with applicable laws.

Children’s data

Services are not directed to children under applicable age thresholds; data relating to children is not knowingly collected, and if discovered, will be deleted unless legally required or with verifiable parental consent as required by law.

Cookies and tracking

We use cookies and similar technologies for essential operations, analytics, and marketing. Depending on jurisdiction, consent or opt‑out mechanisms are provided via banners or settings; browser global privacy controls may be honored where required.

Do Not Track

Industry standards for DNT are not uniform; where law requires recognition of global privacy controls (e.g., GPC), such signals are treated as opt‑out requests.

Data from third parties and public sources

Licensed and publicly available data may be combined with customer‑provided data for verification, enrichment, segmentation, and product improvement, subject to applicable law and opt‑out rights.

Vendor and broker governance

Vendors are assessed for compliance, contractually bound to privacy/security obligations, and monitored; data broker sources are reviewed to ensure lawful collection, accuracy stewardship, and opt‑out pathways.

Your choices

  • Manage email preferences or unsubscribe links in messages.
  • Opt out of sale/sharing via our “Do Not Sell or Share” link and global privacy controls where supported.
  • Withdraw consent (India) using the mechanisms provided in notices and contact channels.

How to exercise rights

Submit a request to access, correct, delete, limit, or opt out through our privacy request form or email; include sufficient information to verify identity and the relationship to our services. Appeals processes are available where required by state law.

Data Protection Officer / Grievance

A Data Protection Officer or designated privacy contact is available to address questions, grievances, and rights requests; details will be included on the published policy page and notices.

Changes to this policy

This Policy may be updated periodically; material changes will be posted with an updated effective date and, where required, provided via notice or renewed consent.

Contact

Questions or requests regarding this Policy can be directed to the privacy contact listed on the DatabaseLuke website; include jurisdiction and request type for faster handling.

Notes for publishing:

  • Add a “Do Not Sell or Share My Personal Information” link in the footer for California.
  • Provide a privacy notice and consent flow for India aligned to DPDP Act requirements and grievance details.
  • Include jurisdiction‑specific disclosures if targeting residents of other US states with privacy laws (e.g., VA, CO, CT, UT).