Lusha

Privacy Policy

Last Updated: October 25, 2021

Lusha allows you to access your personal information, edit or obtain data collected about you. Just click here and fill in your request.

1. What is Lusha and what do we do?

Who we are

Lusha Systems Inc., an incorporated company established in the state of New York with a registered office at 1177 Avenue of the Americas, 5th Floor, New York, NY 10036 (“Lusha”, “we”, “us”).

To contact us, see below.

Lusha processes personal data as a processor on behalf of our Licensees. All processing activities performed on this basis are framed in a lawful and secure way, pursuant to Lusha’s Data Processing Addendum. If you send us any request relating to such personal data, Lusha will promptly redirect the request to our relevant customer or Licensee. We will not respond to such communication directly without their prior authorization unless legally compelled to do so. 

If you pay by using a credit card, our service provider Stripe Inc. processes your payment information, while Lusha does not have direct access to it. We have concluded an agreement with Stripe to ensure that your payment information is processed in a secure and confidential way.

What we do

The top sales teams use Lusha to locate accurate B2B contact and company details, shorten their sales discovery and close more deals.

Our Services are designed to help our business users (e.g. HR professionals, B2B professionals, sales professionals) validate and verify Contact information and to find business details they seek in order to interact with relevant Contacts (as defined below), through access to business profiles retained in Lusha’s B2B database (“Lusha B2B Database”).

Lusha may collect, use or otherwise process personal data relating to you if you are:

  • a contact whose information is used for our B2B Database of business contact details as defined below (“Contact”);
  • an authorized user of a Lusha Licensee pursuant to our Terms of Service (“EndUser”);
  • a visitor of our website and online services (“Visitor”).

This Privacy Policy outlines our practices with respect to processing personal data (“Data”). Please read it carefully so that you understand how we may, as applicable, collect, use, and process your Data, and how you may opt-out or access, rectify, and/or erase your Data. Where personal data is about you is collected and processed by us in the Lusha B2B Database (as defined above), you may opt out here.

This Privacy Policy complements our Terms of Service (the “Terms of Service” or “Agreement”). Terms starting with a capital letter and not defined herein are defined in the Agreement. If you do not agree with this Privacy Policy or any part of it, you should not access this website or use our Services. 

If you have any questions about this Privacy Policy, please feel free to contact our Privacy Team, by filling “other” request.

2. Our commitments

Lusha is committed to providing its innovative service while respecting the privacy of everyone involved and complying with any applicable privacy and data protection laws. 

We are committed to providing our Licensees and End Users with the most useful and accurate Database possible and have implemented internal measures for accuracy and relevancy purposes. In particular, we implement processes to cross-check and verify the accuracy of the data in the Lusha B2B Database and do not store personal and private contact details in the B2B Database to the extent reasonably possible.

Lusha only collects data to the extent necessary and does not collect sensitive data related to health, religious beliefs, political opinions, or ethnicity.

3. Types of information we collect from or about you

We collect and process Data relating to Lusha Contacts, End Users, and Visitors. 

3.1 Information in Lusha B2B Database  (“Contact Data”)

The Data we provide to our Licensees comprises Contact Attributes and Company Information. We provide information limited to what you would find on a business card or in a business email signature block, or limited to what is necessary to contact an individual with a business social network profile or to verify the authenticity of such profile.

To learn more about the Contact Attributes and Company Information that we provide to our Licensees, see the Data we cover.

Our B2B Database relies on Data retrieved or derived from information from the following sources:

  • Our Community Program: Community members share professional business network contact information with us, such as email header and signature blocks from their business email, under the terms of the Lusha Community ProgramLearn more about Lusha’s Community.
  • Google and Microsoft: Where Lusha End Users provide us access to their email account, for the purposes of using our email composing features, we obtain data using Google’s or Microsoft’s APIs. See below for more information.
  • Our affiliates: We receive contact details from affiliates, i.e. subsidiaries, parent companies, joint ventures, and other corporate entities under common ownership.
  • Third parties: We rely on business partners to collect Company Information and maintain a verified list of existing companies. We use this information to ensure that the Data we obtain from the above is only added to the B2B Database if it relates to business details as opposed to personal contact details.
  • Publicly available sources: Our proprietary algorithm scans publicly available sources and retrieves public information with advanced tools. For instance, we use this to understand standard corporate email patterns (e.g. firstname.lastname@company.com) and we use it only after the verification process. 

Learn more about Our Data Sources

All of the data collected from our data sources is added to Lusha’s data lake in which Lusha’s proprietary algorithm organizes, scans the data, and merges certain data attributes into a unique identifiable “Business Contact Card” which are located in a highly secure database (B2B Database”).

To avoid irrelevant Contact Data in the B2B Database, we maintain a list of excluded Contacts outside of our B2B Database (“Opt-out list”). This list includes (i) Contacts to whom we have not been able to send an information notice and (ii) Contacts who are public servants or otherwise public figures, in order to ensure that their Data does not appear in our B2B Database.

For the same purpose, we have several processes to differentiate between business contacts and public figures, celebrities or other persons to ensure their contact details are not added to the B2B Database. The use of Twitter’s API is subject to Twitter’s own privacy policy.

For more information on how long we retain Data in our Opt-out list, please see the section below on Data retention.

3.2 Lusha End Users

Data we collect generally

We collect Data directly from Lusha End Users where they interact with us. For example, this is the case when End Users create an account, using our Services, contact us via our website or support channels. The information provided or derived includes:

  • name 
  • professional email address
  • professional phone number
  • professional mailing address
  • location 
  • user activity 
  • referred friend’s professional email address and name (only if you use our referral service)
  • any other information you provide us voluntarily when you communicate with us.

We do not sell any information shared with us by Licensees, End Users, or customers.

Lusha Integrations

As part of the Services, we allow our Licensees to integrate Lusha with certain business platforms (“Integrations”). In using Lusha’s Integrations, Contact Data from End Users’ or Licensee’s CRM, email, Plug-in or other software may be transmitted to Lusha to match or cleanse a customer’s data against Lusha’s B2B database. In this event, Lusha may use such Contact Data to identify potential contacts to supplement the Service and retrieve such data from other sources, verifying the accuracy of Business Contacts, removing out-of-date Business Contacts from the Services, or otherwise improving Lusha’s research processes and the content provided by its Services.

Data our Payment Partner collects

For paid-for Licensees, Lusha End Users are asked to enter their professional email address and payment information (including a credit card number). For this processing, Lusha does not collect or process your payment information directly; payment processing is done by trusted third-party service providers.

3.3 End Users and Visitors

We automatically collect information sent to us by your computer, mobile phone, or other access devices. This information includes: 

  • Your device information (for example, the type of browser and operating system your device uses, your language preference, your domain name, and the time you accessed the website) 
  • Your mobile network information
  • Your IP address
  • Alerts for troubleshooting errors and bugs

Where you are not logged into your account, this information is unidentified to you and we are not aware of the identity of the user from which this information is collected.

For more information, please read our cookie policy.

4. How and why do we use your Personal Data?

4.1 Lusha Contacts 

Context of processing Purpose of processing Legal basis
Purposes related to the provision of our Services
  • Enabling our End Users and Licensees and service providers to access and use our B2B Database 
  • Enriching, updating, cross-checking and validating the Lusha B2B Database
  • Our legitimate interest in fighting against identity theft and online fraud 
  • Our legitimate interest in providing accurate and up to date Business

Contact information, allowing our End Users and Licensees to engage with other businesses in meaningful and effective online and offline interactions
Purposes related to the analysis and improvement of our Services
  • Responding to your questions, support requests or feedback
  • Your consent
Purposes related to compliance with regulations and the fight against fraud
  • Detecting and preventing fraudulent and illegal activity, or any other type of activity that may jeopardize or negatively affect the integrity of the Services
  • Responding to your requests regarding your personal Data 
  • Investigating violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government authority’s request
  • Our legitimate interest in ensuring the safety and proper functioning of our services
  • Our legitimate interest in ensuring that our Terms of Use and other policies are complied with
  • Our legitimate interest relating to the exercise of our rights or the defense of our legal rights
  • Compliance with our legal obligations

4.2 Lusha End Users

Context of processing Purpose of processing Legal basis
Purposes related to the provision of our Services
  • Enabling our End Users and Licensees and service providers to access and use our B2B Database

 

  • Enable you to compose and process emails if you use our email composing functionality
  • Our legitimate interest in providing accurate and up to date Business

Contact information, allowing our End Users and Licensees to engage with other businesses in meaningful and effective online and offline interactions, pursuant to the Agreement with a Licensee
Purposes related to the use of the Services, the creation and management of your account
  • Registering, maintaining and managing your user account or membership with us
  • Verifying your registration to the Services and approve your email address
  • Communicating with you regarding the Licensee’s purchase, inquiries, support request, feedback, or questions
  • Processing your order, including sending you any necessary emails related to the Licensee’s purchase of any paid Services
  • Sending you important announcements in relation to security, privacy, or the administration of our Services
  • Personalizing our Services to ensure its content is presented in the most effective manner for you and your device
  • Our legitimate interest in providing accurate and up to date Business Contact information, allowing our End Users and Licensees to engage with other businesses in meaningful and effective online and offline interactions, pursuant to the Agreement with a Licensee
  • Compliance with our legal obligations, including those applicable to our Payment Partner as a payment service provider, such as anti-money laundering, anti-corruption, and credit card fraud
  • Where applicable, your consent
Purposes related to the analysis and improvement of our Services
  • Conducting troubleshooting, Data analysis, testing, research, statistical and survey analysis
  • Our legitimate interest in ensuring the safety and proper functioning of our services
Purposes related to the promotion of our Services
  • Signing you up for our newsletters or alerts
  • If you opted in to marketing, communicating with you about our latest updates, upgrades, and services.
  • Building and maintaining our End User and Licensee community
  • Our legitimate interest in promoting our Services
  • Where applicable, your consent
Purposes related to compliance with regulations and the fight against fraud
  • Detecting and preventing fraudulent and illegal activity, or any other type of activity that may jeopardize or negatively affect the integrity of the Services
  • Responding to your requests regarding your personal Data 
  • Investigating violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government authority’s request
  • Our legitimate interest in ensuring the safety and proper functioning of our services
  • Our legitimate interest in ensuring that our Terms of Use and other policies are complied with
  • Our legitimate interest relating to the exercise of our rights or the defense of our legal rights
  • Compliance with our legal obligations, including those applicable to our Payment Partner as a payment service provider, such as anti-money laundering, anti-corruption, and credit card fraud

Additional Restrictions

Notwithstanding anything else in this Privacy Policy, if you provide Lusha access to your email account, for the purpose of using our email composing features, the following types of your Google data or Microsoft data will be subject to these additional restrictions:

Lusha will only use access to read, write, modify, or control email message bodies, metadata, headers, and settings to provide enable End Users to compose and process emails and will not transfer this data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets. We will not use this data for serving advertisements, selling data, or any other purpose except as set hereinabove.

Lusha’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Further, Lusha’s use of the Microsoft API is subject to Microsoft’s privacy policies, you can edit your settings and revoke consents provided to Microsoft at any time by following the instructions in the following links: https://account.live.com/consent/Manage and/or https://myapps.microsoft.com.

4.3 Lusha End Users and Visitors 

Context of processing Purpose of processing Legal basis
Purposes related to the analysis and improvement of our Services
  • Conducting troubleshooting, Data analysis, testing, research, statistical and survey analysis
  • Ensuring our services are working properly
  • Our legitimate interest in ensuring the safety and proper functioning of our services

5. How we share your information

We may share information with third parties in the ways and for the purposes described above.

  • With our End Users and Licensees (Business Contacts only): We share Business Contacts stored in our B2B Database with our End Users and Licensees, for the purpose of providing our Services and allowing access to authentic, current, and up to date business contact information. 
  • Within Lusha or our Payment Partner: We may share your information within Lusha. To the extent permitted by law and taking into account the protection of your rights and freedoms with respect to the processing of your Data, and the consent you have given (if any), your Data will only be accessible by a limited and defined number of recipients within Lusha (such as employees) or our Payment Partner. 

Please be assured that such access to your Data will be strictly on a “need to know” basis and will be subject to our internal privacy policy and an obligation of confidentiality.

  • With our service providers: Your Data will generally not be disclosed to recipients outside Lusha or our Payment Partner. In some cases, however, Lusha uses external service providers acting on its behalf under contracts that will include strict data protection obligations. 

In particular, we will provide your Data to service providers or suppliers as part of our normal business operations. Such service providers include (i) hosting services providers, (ii) data analytics providers, (iii) payment processors, and (iv) security services providers. 

When you are joining the Lusha group or fan page on Facebook, Facebook and We are acting as joint controllers. The same goes when you are visiting our Linkedin Page.

Facebook Inc., headquartered at 1 Hacker Way, Menlo Park, CA 94025, United States of America. The joint controller addendum can be found here

  • LinkedIn Corporation headquartered at 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. The joint controller addendum can be found here.

Please note that when it comes to connecting your CRM, Google, or Microsoft accounts to our Service (via Google connect /Office 365 Login, etc.) Lusha acts as an independent controller.

  • In connection with an asset sale, merger, bankruptcy, or other business transaction: We may share your personal information while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.
  • With other third parties and with public authoritiesIn certain circumstances, we may also share and disclose such your information, if we believe in good faith that such disclosure is necessary or required: (i) to comply with a law, regulation, governmental or securities exchange requirement, court order, judicial proceeding, or legal process, such as a subpoena or a search warrant; (ii) to address a violation of the law; (iii) to investigate fraud or criminal activity, and to protect our rights or those of our affiliates, vendors and users, or as part of legal proceedings affecting or may affect us or our affiliates, vendors or users; and (iv) to allow Lusha to exercise its legal rights or respond to a legal claim.

6. How long do we keep your data?

Lusha has implemented a retention policy, setting retention periods taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

We only keep your Data for the time necessary for the purposes described above.

  • Lusha Contacts: We retain your Data for the duration necessary to provide our Services and, thereafter in archives, to comply with our legal obligations, resolve disputes and enforce our policies.
  • Lusha End Users and other personal data of our Licensees:
  • Lusha End Users: We retain your Data for the duration of your active account on Lusha. We may keep your Data in an intermediate archive for 6 years following the deletion of your account in order to comply with our legal and contractual obligations or to protect ourselves from any potential disputes (as required by laws applicable to record-keeping and to have proof and evidence concerning our relationship, should any legal issues arise following the termination of your account), all in accordance with our Data Retention Policy.
  • Lusha Licensees: We retain the relevant Data for the duration of the Licensee’s active paid Services subscription on Lusha, except where necessary to comply with our legal obligations. In this case, the relevant Data will be kept in an intermediate archive for 6 years and will only be accessed on a need-to basis (for example, in case of a dispute).

We retain this Data strictly on your behalf, in accordance with reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with Licensees or other relevant customers.

Additionally, we retain Contacts Data in our unstructured database for a duration of 3 years, i.e. the duration necessary to verify and collate the relevant information to create a Business Contact in the B2B Database.

Lastly, we retain Data in our Opt-out list for the duration necessary to provide our Services, which includes ensuring that any Contacts who are public figures or who have exercised their right to opt-out remain excluded from our B2B Database.

7. How to opt-out or access, rectify, and/or erase your Data

Lusha allows you to access your personal information, edit or obtain data collected about you by contacting our Privacy Team.

Note that we maintain an Opt-out list which may include personal data, for the sole purpose of ensuring that opt-out requests are respected and that your contact information no longer appears in the Lusha B2B Database in the future if you have opted-out.

For any request relating to your Data, contact our Privacy Team. In particular, you may request:

  • Information and access to a copy of your Data: you may obtain confirmation as to whether or not your Data is processed by Lusha. As applicable you may get more information on the Data we hold and how your Data is processed, and get a copy of your Data. 
  • Rectification of your Data: you may rectify your Data if it is inaccurate or incorrect or out-of-date. You may also have incomplete Data completed. 
  • Erasure of your Data: you may request the erasure of your Data, e.g. if you object to the processing of your Data (see below). However, we may have legal or legitimate reasons for retaining the Data depending on the context. 
  • Limitation of processing: you may request a limitation of your Data, e.g. in case of issue or audit. We will mark your Data to limit their future processing.
  • Data portability: you may receive the Data that you have provided to Lusha, in a structured, commonly used and machine-readable format, and you have the right to transmit this Data to another data controller without hindrance from us. This right only applies where the processing of your Data is based on your consent or is Data you have provided to us for the performance of the Lusha Terms of Service.

You may also object to the processing of your Data for certain purposes.

  • To stop receiving marketing communications from us: you may demand that we stop any direct marketing to you, at any time. You will find a link or instructions to unsubscribe in any such communications from us.
  • For other purposes: you may object to the processing of your Data where such processing is based on legitimate interest as described above. Please describe the reasons relating to your particular situation to justify your request. If applicable, we will stop the processing unless we have compelling legitimate grounds. 

If you have given us your consent, you may withdraw that consent at any time for future processing. This will not affect the lawfulness of the processing prior to the withdrawal of consent.

Minors

The products and services of Lusha are not targeted to or intended for children under the age of 18. In the event that we become aware that a Contact or End User is under the age of 18, we will discard such information. If you have any reasons to believe that a minor has shared any information with us, please contact us at support@lusha.com.

8. How do we safeguard and transfer your Data?

We will take all steps reasonably necessary to ensure your information is treated securely and in accordance with this Privacy Policy. Once we receive your information, we take all appropriate technical and organizational measures, reasonable precautions, and follow industry best practices to safeguard your information against loss, theft, unauthorized use, access, or modification.

We are headquartered in the United States of America and, while our Data is stored on Amazon Web Services in the United States of America, many of our Data processing activities are carried out from other countries including by staff operating outside the European Economic Area who work for us or for one of our service providers or partners. 

Some of our staff is located in Israel, where there is an adequate level of protection of personal data according to the European Commission (2011/61/EU: Commission Decision of 31 January 2011).

Where applicable, e.g. when our customers are subject to the GDPR and export data to us, we have signed contracts based on the Standard Contractual Clauses approved by the European Commission or similar contracts ensuring essentially the same level of protection for further transfers.

Additionally, please note that:

  • Transfers of your Data to Amazon Web Services are safeguarded pursuant to AWS’ Privacy Policy.
  • Transfers of your Data to Google LLC are governed by appropriate safeguards based on the European Commission’s standard contractual clauses. You can view the transfer agreement here.

9. Changes to this policy

Lusha may modify this Privacy Policy from time to time, to reflect eventual changes in the way we process Data. If we make material changes to this policy (such as a change in our processing purposes, a change in the identity of the controller, or even a change regarding the way you can exercise your rights in relation to our processing activities), we will notify you, as appropriate depending on the substance of the change, by email or by means of a notice on our website’s homepage, prior to the changes becoming effective.

10. Contact us

If you have any additional questions about our privacy practices, or if you feel your privacy was not treated in accordance with our Privacy Policy, please feel free to contact our Privacy Team, or contact us at:

Lusha Systems Inc.

1177 Avenue of the Americas, 5th Floor

New York, NY 10036

United State of America