Contactout is compliant with GDPR, CCPA and USA privacy laws

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European Union law on data privacy. It took effect on May 25, 2018, creating new obligations for businesses and new rights for individuals in the EU.

What is our legal basis for processing data?

The data we process has been made 'manifestly public' (GDPR Article 9.2(e)) by the data subject. We only crawl and index publicly available email addresses and phone numbers, such as those that are accessible from websites and social media. ContactOut has a 'legitimate interest' (GDPR Article 6.1(f)) in empowering professionals to connect with relevant individuals.

Your rights


You may request access to a copy of your personal information including: purposes of processing; categories of data processed; recipient(s) of data; length of time data is stored; and information on data transfers.


Since we only deal with public data, information that is removed from a website will also be removed from our database. You may at any time request the removal of your personal information from our database.


The GDPR gives users the right to download data that they have provided to a service.


You may request that we change, update or complete any of your personal information.


Data protection in the cloud

Our services run on Amazon Web Services (AWS), a provider with the highest levels of security. The physical safety of datacenters is guaranteed by 24/7 surveillance teams while state-of-the-art software security techniques protect your data from unwanted access. AWS infrastructure is highly resilient, constantly available and thoroughly monitored. It satisfies many global security standards including ISO27001, SOC, PCI and FedRAMP.

Data Encryption

ContactOut systematically uses HTTPS on and any of our subdomains. Any connection in HTTP gets redirected to its HTTPS counterpart. We also use the Key Management Service (KMS) through AWS, which employs industry best practices to ensure the safety of the keys used to encrypt your data. The bottom line is that you can be sure of your information's safety.

Credit Card Information

ContactOut does not store any card information that can compromise your security. Stripe -the provider who handles all your card details- is PCI Service Provider Level 1 Certified, the highest security standard available in the payments industry.


We have implemented a Web Application Firewall to prevent unwanted intrusions from incoming requests. We also have a server firewall to prevent access from non-approved IPs.

Password Hashing

We don't store passwords - we don't even see them. We store a cryptographic hash.

Privacy policy

Contactout's privacy policy can be found here
Please direct all other enquiries to [email protected]