§ 1. Overview
B2N is the AI go-to-market platform. We collect the personal data we need to operate prospecting and outreach Services for our customers. The short version:
- We do not sell your data.
- We do not train, fine-tune, or otherwise adapt any AI model, whether shared or customer-specific, on your data, our customers’ data, or any prospect’s data.
- Every claim our agents make in a research dossier is sourced and auditable.
- You can request access, correction, or deletion at any time by emailing privacy@b2n.ai.
- Anyone whose data flows through B2N as a prospect can opt out by emailing privacy@b2n.ai.
This Privacy Policy explains how Between Technologies FZ-LLC (“B2N”, “we”, or “us”) processes Personal Data when you visit our website, use our Services, or are processed by our customers as a Prospect. It describes the categories of data we process, the lawful bases on which we rely, the parties with whom we share data, the rights available to data subjects, and how to contact us. Contact details for the data controller and our privacy contact are set out in § 14.
§ 2. Data we collect
We process three categories of data:
- Customer Data. Information you give us when you book a demo, create an account, or use the Services: name, business email, company, role, and any content you compose or approve in the product.
- Prospect Data. Information about the third-party prospects our customers ask us to research: name, business contact information, employer and role, and publicly available business signals.
- Usage Data. How the site and product are used: page views, clicks, agent activity logs, scroll depth, and preference flags such as motion-pause settings.
Categories of Personal Data processed: (a) identifiers, including name, business email address, employer name, and job title; (b) commercial information limited to professional engagement signals; (c) internet or other electronic activity information, including page views, clicks, agent interactions, and event timestamps; and (d) inferences drawn from publicly available business signals associated with Prospects. We do not knowingly collect special categories of personal data within the meaning of GDPR Article 9.
§ 3. How we use your data
We use personal data for clearly defined purposes:
- To deliver the Services you or your employer requested.
- To compose, send, and track outreach that you or your colleague approves.
- To send transactional email about your account or demo request.
- To send marketing email only if you opted in. You can unsubscribe at any time.
- To improve our Services using aggregated, de-identified usage telemetry. We do not use your content to train, fine-tune, or otherwise adapt any AI model.
- To detect, prevent, and respond to fraud, abuse, and security incidents.
Lawful bases under GDPR: (a) performance of a contract with you or with your employer (Article 6(1)(b)); (b) consent for marketing communications and any optional cookies (Article 6(1)(a)); (c) legitimate interests in operating, securing, and improving the Services and in conducting Prospect research (Article 6(1)(f)), balanced against the rights and freedoms of data subjects; and (d) compliance with legal obligations to which we are subject (Article 6(1)(c)).
§ 5. Subprocessors
We engage subprocessors to deliver our Services. We use category-level disclosure here for clarity; named vendors are listed in our customer-facing Data Processing Addendum and are available on request. We notify customers at least 30 days before adding or replacing a subprocessor that processes Customer or Prospect Data.
| Category | Purpose | Region | Safeguard |
|---|---|---|---|
| LLM Provider | Generates research summaries, message drafts, and reply classifications on B2N's behalf | United States | Standard Contractual Clauses; no-training contract terms |
| Messaging Tools | Delivers transactional and customer-approved outbound email and other messaging | Global | Standard Contractual Clauses |
| Databases | Stores Customer Data, Prospect Data, and operational records securely at rest | United States and European Union | Standard Contractual Clauses; encryption at rest and in transit |
| Analytics Providers | Aggregated usage analytics for the marketing site and product. The full list is on the Cookie Policy page | Global | Standard Contractual Clauses; EU-US Data Privacy Framework where applicable |
§ 6. Prospect data
B2N researches third-party prospects from public sources so that our customers can run informed outbound. The lawful basis is legitimate interest. Anyone whose data flows through B2N can opt out by emailing privacy@b2n.ai and we will action removal within 30 days, subject to any legal-hold or pending-claim obligations that require us to keep specific records.
We do not buy data from data brokers, we do not scrape gated content, and every claim in a dossier is traceable to its source URL.
Sources we draw from include:
- company websites and product documentation
- public news, press releases, and regulatory filings
- publicly visible professional profiles
- publicly visible hiring and product-launch signals
B2N processes Prospect Data on the basis of legitimate interest under GDPR Article 6(1)(f). The legitimate-interest balancing test considers the limited scope (business contact information from public sources), the reasonable expectation of business professionals to be contacted in a B2B context, and the availability of an unconditional opt-out by emailing privacy@b2n.ai. Data subjects may exercise rights under GDPR Article 14 by contacting privacy@b2n.ai. Deletion requests are actioned within 30 days. We do not process Prospect Data for any purpose unrelated to the customer’s outbound program. To the extent direct notification under GDPR Article 14 would require disproportionate effort relative to the limited scope and context of the processing, B2N relies on the exception in Article 14(5)(b) and treats this Policy, together with the public opt-out address privacy@b2n.ai, as the alternative measure to protect the rights and freedoms of data subjects.
§ 7. International transfers
Personal data may be processed in the United States, the European Union, the United Arab Emirates, and other regions where our subprocessors operate. When data leaves the EEA or the UK, we use Standard Contractual Clauses (SCCs) as the primary transfer safeguard. Where available, we also rely on a subprocessor’s participation in the EU-US Data Privacy Framework.
Cross-border transfers of Personal Data from the EEA, UK, or Switzerland to third countries are governed by the European Commission’s Standard Contractual Clauses (Module 2 or Module 3, as applicable), supplemented by additional safeguards where required following a transfer impact assessment. Customers may request a copy of the executed SCCs and our latest transfer impact assessment at privacy@b2n.ai.
§ 8. Your rights
You can ask us to:
- Tell you what data we hold about you.
- Correct anything that is wrong.
- Delete your data, subject to legal retention obligations.
- Restrict or object to specific processing.
- Receive a portable copy of data you provided to us.
- Withdraw consent for marketing email at any time.
Email privacy@b2n.ai. We respond within 30 days.
Data subjects in the EEA, the UK, and Switzerland may exercise rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. Data subjects also have the right to lodge a complaint with the relevant data-protection supervisory authority. California residents may exercise the rights described in the California Consumer Privacy Act, including the right to know, the right to delete, and the right to opt out of the sale or sharing of personal information; B2N does not sell personal information. UAE residents may exercise rights of equivalent scope under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. We will not discriminate against you for exercising any of these rights.
§ 9. Retention
We keep personal data for as long as we need it to provide the Services, meet legal obligations, resolve disputes, and enforce our agreements. Two specific carve-outs:
- Billing records are retained for 7 years to comply with UAE corporate tax and audit obligations.
- Aggregated, de-identified analytics are retained indefinitely because they no longer identify any individual.
When we no longer need personal data, we delete or anonymise it. Customers can negotiate concrete retention periods in their Data Processing Addendum.
Personal Data is retained for as long as is necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. The criteria used to determine retention include (a) the duration of the customer relationship, (b) statutory retention obligations, including UAE corporate tax and IFRS audit requirements, which require billing and tax records to be retained for at least seven years, (c) limitation periods applicable to potential claims, and (d) the legitimate interest in retaining information necessary to defend or pursue legal rights. Aggregated and de-identified data, which does not identify any individual, may be retained indefinitely.
§ 10. Security
We use HTTPS for everything, encryption at rest for stored data, role-based access controls for employees and contractors, and vendor-managed infrastructure with established security certifications. We notify affected customers and authorities within 72 hours of becoming aware of a personal-data breach, as required by GDPR Article 33.
B2N maintains technical and organisational measures appropriate to the risk of processing, including encryption of Personal Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent), principle-of-least-privilege access controls, vendor security review, vulnerability monitoring, and an incident-response process consistent with GDPR Articles 32 and 33. Customers may request a current security overview at privacy@b2n.ai.
§ 11. Automated decision-making and AI
Our AI agents make automated decisions about which accounts to research and which messages to draft. You always review and approve outputs before any message is sent. You can request human review of any decision by emailing privacy@b2n.ai.
We do not use Customer Data, Prospect Data, or message content to train, fine-tune, or otherwise adapt any AI model, whether shared or customer-specific. We use only aggregated, de-identified usage telemetry to improve service-level features.
Where we engage in automated processing within the meaning of GDPR Article 22, the outputs are advisory and are reviewed by a human operator before any external action is taken. Data subjects may request human review, contest a decision, and obtain an explanation of the logic involved by contacting privacy@b2n.ai. B2N contractually prohibits its subprocessors from using Customer Data, Prospect Data, or message content to train, fine-tune, or otherwise adapt any AI model, whether shared, general-purpose, or customer-specific, and limits the use of such data to the specific purposes set out in this Policy and the customer agreement.
§ 12. Children’s privacy
Our Services are intended for use by businesses and the professionals who work in them. They are not directed to anyone under the age of 16 in the EU, under the age of 13 in the United Kingdom and the United States, or the equivalent minimum age set by applicable law elsewhere. We do not knowingly process personal data of children. If you believe we have done so, contact privacy@b2n.ai and we will investigate and delete as appropriate.
§ 13. Changes to this policy
We will give at least 30 days notice before any material change takes effect. We notify everyone with an account or active waitlist signup by email. Cosmetic edits are listed below.
- May 10, 2026
Rewrote for B2N as the AI go-to-market platform. Added subprocessor categories (including an analytics row), a Prospect Data section with explicit GDPR Article 14(5)(b) reliance, automated-decision-making and AI disclosures, purpose-bound retention criteria with a 7-year billing carve-out, a no-fine-tuning commitment covering shared and customer-specific models, supervisory-authority complaint right, and acknowledgement of equivalent rights under UAE Federal Decree-Law No. 45 of 2021.
- Sep 08, 2025
Initial publication.