Privacy Policy

persist.chat is an AI sales agent for business-to-business outreach. This policy explains what personal information we process, why, who we share it with, and the choices you have — whether you’re a customer using persist or a person whose business contact information appears in our directory.

1. Who we are

persist.chat (“persist”, “we”, “us”) provides a chat-based AI sales agent that helps businesses (“Customers”, “you”) find the right people to contact, write personalized messages, send them from the Customer’s own mailbox, and follow up until there’s a reply. To do this we maintain a directory of business contact information sourced from data providers and public sources.

This policy covers our website, the persist app at app.persist.chat, and the data we hold in our directory. persist.chat is operated from the San Francisco Bay Area, California.

2. Information we process

Information Customers give us

• Account & identity — name, work email, and password are handled by our authentication provider (Clerk); we receive your name, email, and user ID.
• Billing — plan, subscription status, and payment metadata via our billing provider. We do not store full card numbers.
• Workspace content — campaigns, target criteria (“who to reach”), prospect lists you build, message drafts, notes, and the contacts you import or enroll.

Connected mailbox data

When you connect a sending mailbox (for example Gmail, via our email connector), you authorize persist to send messages on your behalf and to read replies so we can match them to a conversation and stop following up once someone responds. We request the narrowest scopes needed to do this.

Business contact data in our directory

Our directory holds business contact information about professionals — typically name, work email, job title, employer, location, and public professional profile links (e.g. LinkedIn). We collect this from third-party data providers and from public sources. We require our data providers to represent that they collected this information lawfully. The directory does not include consumer financial, health, or other sensitive categories of data, and persist does not reveal personal phone numbers as part of the standard service.

Information we collect automatically

• Usage & device data — pages viewed, features used, approximate location from IP, browser and device type, and log data, collected through cookies and similar technologies.
• Product analytics — we use PostHog (and may use Google Analytics) to understand how the product is used and improve it. See Cookies & analytics.

3. The contacts directory

The directory is the data that lets persist suggest and verify the right people to contact. A few principles govern it:

• Business data only. We hold professional contact information for business-to-business outreach, not consumer profiles.
• We do not pool your private lists into the shared directory. Contacts you upload, import from your CRM, or add to your own workspace stay in your workspace. Provider-sourced and public business data is what powers the shared directory.
• Reveals are metered and verified. When persist reveals or verifies a contact’s email, that draws on your plan’s allowance and may be checked for deliverability. We record verification status to protect sender reputation.

4. How we use information

• Provide, operate, secure, and improve the service.
• Find matching prospects, verify deliverability, and enrich and de-duplicate records.
• Draft, personalize, classify, and schedule outreach on your behalf (see AI processing).
• Authenticate you, manage your account and subscription, and process payments.
• Send you product, security, and account communications.
• Detect, prevent, and respond to fraud, abuse, and security incidents, and enforce our Terms.
• Comply with legal obligations and respond to lawful requests.

5. AI processing

persist uses AI to draft and personalize messages, classify replies, and assist with research. To do this we send relevant context (for example, a prospect’s public business details and your campaign instructions) to our AI model provider. We route this inference through providers under terms that do not permit them to train their foundation models on your content, and persist does not use your workspace content to train generalized models. You remain responsible for reviewing AI-drafted messages before they’re sent; persist’s drafting and sending controls are designed to let you do so.

6. Outreach & your mailbox

When you run a campaign, persist sends messages from your connected mailbox to recipients you choose. For those campaigns, you are the controller of the outreach and persist acts on your behalf as a processor. If you received a message sent through persist and want it to stop, reply to opt out or contact the sender; persist also maintains suppression so opted-out and bounced addresses are skipped going forward. We honor unsubscribe and do-not-contact signals, and you are responsible for using the service in compliance with applicable marketing laws (such as CAN-SPAM, CASL, GDPR, and the TCPA).

7. How we share information

We share information with service providers who help us run persist, under contracts that limit their use of it. These include, by function:

• Authentication & billing — Clerk.
• Email sending & connectors — our email connector provider (Composio) and the mailbox provider you connect (e.g. Google).
• AI inference — our model provider (Anthropic).
• Data providers — for sourcing and verifying business contact data (e.g. Apollo, Hunter).
• Infrastructure — database, hosting, and edge providers (e.g. Neon, Vercel, Cloudflare).
• Analytics — PostHog and, where enabled, Google Analytics.

We may also share information: to comply with law or lawful requests; to investigate or prevent fraud, abuse, or security and safety threats; in connection with a merger, acquisition, financing, or sale of assets; and in aggregated or de-identified form that no longer identifies you.

We do not sell your account data or your workspace content. Some U.S. state privacy laws define “sale” or “sharing” broadly enough to include directory data made available to customers; where they do, you can opt out as described below.

8. Cookies & analytics

We use cookies and similar technologies to keep you signed in, remember preferences, and measure product usage. Our analytics (PostHog) may capture page views, feature interactions, and — where enabled — session replay to help us fix issues and improve the product. You can control non-essential cookies through your browser settings or the controls we provide, and you can opt out of analytics by contacting [email protected].

9. Your rights & choices

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to opt out of “sale” or “sharing” and targeted advertising.

• People in our directory. Email [email protected] to access or delete your business contact information. We suppress deleted records so they aren’t re-added. Note that removing your data from persist does not remove it from other parties (such as our data providers or our customers) who may already hold it.
• Customers & users. Manage your account information in the app, or contact us to exercise your rights.
• EEA / UK / Switzerland. Our legal basis for processing business contact data in the directory is our legitimate interest in providing a B2B sales tool; we balance that against your rights, and you may object at any time. Where we rely on consent, you may withdraw it. You may also lodge a complaint with your data protection authority.
• California & other U.S. states. You have the right to know, access, correct, delete, and opt out of the sale/sharing of your personal information. Submit a request to [email protected]. We will not discriminate against you for exercising these rights.

10. Security

We protect information with encryption in transit, access controls, encrypted secret storage for credentials, and least-privilege access for the mailbox scopes you grant. No method of transmission or storage is perfectly secure; please use a strong, unique password, keep your credentials confidential, and tell us promptly at [email protected] if you suspect unauthorized access.

11. Retention

We keep account and workspace data for as long as your account is active and as needed to provide the service, then delete or de-identify it within a reasonable period unless we must retain it to meet legal obligations or resolve disputes. Directory data is retained while it remains useful and accurate; we retain the minimum necessary to keep a suppression record so deleted contacts aren’t re-added.

12. International transfers

persist is operated from, and hosts data in, the United States. If you access the service from outside the U.S., you understand your information may be transferred to and processed in the United States and other countries whose data protection laws may differ from yours. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

13. Children

persist is a business tool not intended for minors. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us information, contact [email protected] and we will delete it.

14. Changes to this policy

We may update this policy as our practices and the law evolve. We’ll post the updated version here with a new “Last updated” date and, for material changes, provide additional notice.

15. Contact