Privacy and Cookies Policy

Last updated: 13 June 2026 · prospectai (prospectai.algarit.pt)

This Policy describes how algarit.pt ("we") collects, uses and protects personal data within the prospectai platform, in compliance with Regulation (EU) 2016/679 (GDPR) and the applicable Portuguese legislation (Law no. 58/2019 and Law no. 41/2004).

To be confirmed by the owner: the full legal identification of the controller (corporate name, tax number/NIF, registered office address) and, where applicable, the contact for the Data Protection Officer (DPO). Replace the fields marked with [•].

1. Data controller

algarit.pt [• corporate name], NIF [•], with registered office at [•], Algarve, Portugal.
Contact for privacy matters: info@algarit.pt.

2. What data we collect

Account data: name, e-mail address and password (stored in encrypted/hashed form).
Subscription data: contracted plan, subscription status and payment reference (billing and payment are managed at algarit.pt).
Platform usage data: companies/segments/markets you define, leads generated, e-mails prepared and technical records (logs) needed for operation and security.
Business contact data (leads): information on target companies collected from public sources (corporate websites) for the purpose of B2B sales prospecting on behalf of the client.
Sign in with Google (optional): if you choose to sign in with a Google account, we only receive your name and e-mail to validate access. We do not access any further data from your Google account.

3. Purposes and legal bases

Purpose	Legal basis (GDPR)
Creating and managing the account and providing the service	Performance of the contract (art. 6(1)(b))
Billing and compliance with legal/tax obligations	Legal obligation (art. 6(1)(c))
B2B sales prospecting on behalf of the client	Legitimate interest (art. 6(1)(f))
Security, fraud prevention and service improvement	Legitimate interest (art. 6(1)(f))
Non-essential cookies/analytics and marketing communications	Consent (art. 6(1)(a))

When we act in the processing of leads on behalf of the client, the client is the data controller and algarit.pt acts as a processor under article 28 of the GDPR.

4. Artificial Intelligence and API keys

The platform uses AI models (Google Gemini by default) to qualify companies and draft e-mails. The API keys are stored encrypted in the database (authenticated AES-256-GCM / libsodium encryption). The text submitted to the models is limited to what is necessary for the task. We recommend not entering sensitive personal data in the context fields.

5. Data sharing (processors)

AI providers (e.g. Google Gemini, Groq) — processing of analysis/drafting requests.
Hosting provider — service infrastructure (EU).
Billing/payment platform (algarit.pt / gateways) — management of subscriptions and payments.
E-mail service (SMTP) — sending of messages authorised by the user.

We do not sell personal data. Transfers outside the EEA, where they occur (e.g. some AI providers), are protected by appropriate mechanisms (European Commission Standard Contractual Clauses).

6. Retention periods

We retain data for as long as the account is active and for the period necessary to comply with legal obligations (e.g. billing). After the end of the relationship, data is deleted or anonymised, unless there is a legal obligation to retain it.

7. Your rights

You have the right to access, rectify, erase, restrict or object to processing, to data portability and to withdraw consent at any time. To exercise these rights, contact info@algarit.pt. You also have the right to lodge a complaint with the supervisory authority: CNPD (Portuguese Data Protection Authority — www.cnpd.pt).

8. Cookies

We use a minimal number of cookies. Essential cookies do not require consent; the others are only activated if you accept them in the banner.

Cookie	Type	Purpose	Duration
PHPSESSID	Essential	Keep the session signed in	Session
prospectai_cookie_consent	Essential	Store your choice about cookies	Persistent (local)
(Analytics)	Non-essential	Usage statistics — only with consent	According to provider

You can change your decision by clearing the site data in your browser. Cookie management can also be done in your browser settings.

9. Security

We apply appropriate technical and organisational measures: encrypted connections (HTTPS/HSTS), security headers, encryption of secrets at rest, role-based access control, protection against brute-force attempts and data minimisation.

10. Changes

This Policy may be updated. The date at the top indicates the version in force.