Privacy Policy

Last Updated: October 9, 2025

Introduction

OUTERVIEW ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform ("Service").

By using OUTERVIEW, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please discontinue use of the Service immediately.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), and other applicable data protection laws as of October 2025.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using OUTERVIEW:

  • Account Information: Phone number or email address for authentication
  • User-Generated Content: Reviews, rejections, vents, discussions, comments, and votes
  • Profile Data: Automatically generated username and user statistics
  • Rejection Tracking: Email forwarding data (company name, rejection date, email metadata)

1.2 Automatically Collected Information

When you access OUTERVIEW, we automatically collect:

  • Device Information: Device type, operating system, browser type
  • Usage Data: Pages viewed, features used, time spent, interaction patterns
  • Technical Data: Hashed IP address, anonymized device fingerprints, session data, timestamps
  • Analytics: Aggregated usage statistics and platform performance metrics

1.3 Information from Third Parties

We may receive information from:

  • Email Service Providers: When you forward rejection emails to our platform
  • AI Services: Content analysis for rejection classification and buzzword extraction
  • Analytics Providers: Aggregated platform usage statistics

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: Create accounts, authenticate users, display content
  • Platform Features: Enable vents, reviews, rejections, discussions, and voting
  • User Experience: Personalize content, generate statistics, track rejections
  • Security: Prevent fraud, abuse, spam, and unauthorized access
  • Content Moderation: Detect and filter personally identifiable information (PII) to protect user anonymity
  • Communication: Send verification codes, important updates, and platform notifications
  • Analytics: Understand usage patterns, improve features, optimize performance
  • Legal Compliance: Enforce Terms of Service, respond to legal requests
  • AI Processing: Classify rejections, extract insights, improve content relevance

3. Anonymity and Data Protection

OUTERVIEW is designed with privacy and anonymity as core principles:

  • Anonymous Usernames: Randomly generated usernames protect your identity
  • No Public PII: Phone numbers and emails are never displayed publicly
  • Content Separation: User content is not linked to contact information in public views
  • Secure Storage: Contact information is encrypted and stored separately from public data
  • Minimal Collection: We only collect data necessary for platform functionality
  • PII Detection: Automated filters detect and block personal information from being posted

🔐 3.5 Technical Anonymization Measures

We implement the following technical measures to protect your identity:

  • Identity Vault: Contact information (email/phone) is encrypted with AES-256 encryption and stored in a separate, secured database vault isolated from public-facing data
  • Pseudonymous Identifiers: User accounts are linked to content via one-way hashed pseudonymous IDs that cannot be reverse-engineered to reveal identity
  • IP Address Hashing: IP addresses are hashed using SHA-256 with a secret salt within 24 hours of collection and original IPs are permanently deleted
  • Device Fingerprint Anonymization: Device identifiers are anonymized after 30 days to prevent long-term tracking
  • Session Token Rotation: Authentication tokens automatically rotate every 24 hours to minimize exposure risk
  • Metadata Auto-Deletion: Request metadata (hashed IP, device fingerprints, timestamps) is automatically deleted after 90 days
  • Field-Level Encryption: Sensitive data fields are encrypted at rest using industry-standard cryptographic algorithms
  • Anti-Doxxing Filters: Automated pattern detection prevents posting of emails, phone numbers, addresses, social media handles, and other PII

Note: While we enable anonymity, you remain responsible for not disclosing your own identity in submitted content. We cannot guarantee complete anonymity if you choose to include identifying information in your posts.

3.6 Identity Vault Architecture

To maximize privacy protection, OUTERVIEW employs a separated "Identity Vault" architecture:

  • Separation of Concerns: Your contact information (email/phone) is stored in a separate encrypted database, physically and logically isolated from your public posts and activity
  • Access Restriction: The Identity Vault is accessible only for authentication and account recovery purposes, never for content display or analytics
  • Audit Logging: All access to the Identity Vault is logged with timestamps for security monitoring
  • Encrypted at Rest: All data in the Identity Vault is encrypted using AES-256-GCM encryption with secure key management
  • One-Way Linkage: Your public account is linked to the Identity Vault via a cryptographic hash that cannot be reversed without access to the secure vault

This architecture ensures that even in the unlikely event of a data breach affecting public content, your contact information remains protected in the isolated Identity Vault.

3.7 Automated Metadata Deletion

To minimize long-term tracking risks, we automatically delete identifying metadata:

  • IP Address Lifecycle: Original IP addresses are hashed within 24 hours and the hash is deleted after 90 days
  • Device Fingerprints: Device identifiers are anonymized after 30 days
  • Session Tokens: Expired authentication tokens are automatically purged every 6 hours
  • Request Metadata: Logs containing hashed IP and device info are deleted after 90 days
  • Verification Codes: Phone/email verification codes expire and are deleted within 10 minutes

These automated processes run continuously in the background, ensuring that identifying metadata does not accumulate indefinitely on our servers.

4. How We Share Your Information

We do not sell your personal information. We may share data in the following circumstances:

  • Public Content: Reviews, vents, rejections, and discussions are publicly visible with your anonymous username
  • Service Providers: Third-party vendors who assist with hosting, analytics, email processing, and AI services (under strict confidentiality agreements)
  • Legal Requirements: Law enforcement, courts, or regulatory agencies when required by law or valid legal subpoena
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (users will be notified)
  • Consent: When you explicitly authorize us to share information
  • Aggregated Data: Anonymized, aggregated statistics that cannot identify individuals

Important: We do not provide contact information from the Identity Vault to third parties except as required by valid legal process. Companies mentioned in reviews cannot request or access user identity information through the platform.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and platform functionality
  • Performance Cookies: Monitor platform performance and identify technical issues
  • Analytics Cookies: Understand how users interact with OUTERVIEW (with anonymized identifiers)
  • Local Storage: Store user preferences and session data on your device

You can control cookies through your browser settings. However, disabling essential cookies may limit platform functionality.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted over secure HTTPS/TLS connections
  • Encryption at Rest: Sensitive data encrypted using AES-256-GCM at the database level
  • Access Controls: Restricted access to personal information on a need-to-know basis with role-based permissions
  • Secure Key Management: Encryption keys stored separately from encrypted data with rotation policies
  • Monitoring: Continuous security monitoring, intrusion detection, and threat analysis
  • Regular Audits: Periodic security assessments, penetration testing, and vulnerability scanning
  • Incident Response: Documented procedures for detecting and responding to security breaches

However, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • User Content: Retained indefinitely to maintain platform integrity and community value
  • Contact Information (Identity Vault): Encrypted and retained while account is active; deleted within 30 days of account closure (unless required for legal purposes)
  • Hashed IP Addresses: Automatically deleted after 90 days
  • Device Fingerprints: Anonymized after 30 days, deleted after 90 days
  • Session Tokens: Automatically expire and are deleted after 24 hours
  • Request Metadata: Automatically deleted after 90 days
  • Analytics Data: Aggregated data retained indefinitely; individual identifiers deleted after 24 months

If you delete your account, your encrypted contact information in the Identity Vault will be permanently removed, but anonymized content may remain on the platform to preserve community discussions and company profiles.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights (All Users)

  • Access: Request a copy of personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and contact information from Identity Vault
  • Portability: Receive your data in a structured, machine-readable format

8.2 GDPR Rights (European Users)

  • Right to Object: Object to processing of personal data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent for data processing at any time
  • Lodge Complaint: File a complaint with your local data protection authority

8.3 CPRA Rights (California Users)

  • Know: Know what personal information is collected and how it's used
  • Delete: Request deletion of personal information
  • Correct: Correct inaccurate personal information
  • Opt-Out: Opt-out of sale or sharing (we don't sell data)
  • Limit Use: Limit use of sensitive personal information
  • Non-Discrimination: Not receive discriminatory treatment for exercising rights

To exercise these rights, contact us at privacy@outerview.app. We will respond within 30 days (GDPR) or 45 days (CPRA) of receiving your request.

9. Children's Privacy

OUTERVIEW is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided personal information, we will promptly delete it. If you believe a child has provided information to us, please contact privacy@outerview.app.

10. International Data Transfers

OUTERVIEW is operated in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries.

We implement appropriate safeguards for international transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Encryption and security measures during transfer and storage

11. Third-Party Services and Links

OUTERVIEW may contain links to third-party websites or integrate third-party services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. OUTERVIEW does not currently respond to DNT signals, but we minimize tracking and respect user privacy by design through automated metadata deletion and anonymization.

13. California "Shine the Light" Law

California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy regularly. Continued use of OUTERVIEW after changes constitutes acceptance of the updated Privacy Policy.

15. Data Processing Legal Basis (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Consent: When you agree to our Terms and Privacy Policy
  • Contract Performance: To provide the services you requested
  • Legitimate Interests: Platform security, fraud prevention, and service improvement
  • Legal Obligation: Compliance with applicable laws and regulations

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy Team
Email: privacy@outerview.app
Data Protection Inquiries: dpo@outerview.app
Platform: https://outerview.app

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@outerview.app.

🔒 Your Privacy Matters

OUTERVIEW is built with privacy-by-design principles. We employ Identity Vault encryption, automated metadata deletion, IP address hashing, and anti-doxxing filters to protect your anonymity. We minimize data collection, give you control over your information, and never sell your data to third parties. By using our platform, you acknowledge that you have read and understood this Privacy Policy.

← Back to Home