What we collect, why, and your right to delete it.
This document explains what Outlum collects, why, how we store it, and what control you have over it. We've kept it short and direct on purpose — privacy policies tend to be long and unreadable, which works against the trust we're trying to build.
What we collect
Outlum is a Chrome extension that reads your sent email in Gmail to help you understand what's working in your outbound outreach. When you install and connect the extension, we collect:
- Outbound emails you send from Gmail — full message content, recipient address, subject, timestamp, thread ID.
- Reply outcomes — whether your sent email got a reply, the sentiment of that reply (interested, not interested, neutral, auto-reply), time to reply, and whether a meeting was scheduled.
- Your contact email — to send you weekly intelligence reports if you opt in.
We do not read your inbox. We do not collect your contacts list. We do not collect emails sent to you that you didn't reply to.
Why we collect it
We aggregate sent-email patterns across all Outlum users to produce the Outlum Index — a public research report on what's actually working in B2B outbound outreach (subject line patterns, timing, vendor tooling, response rates). Your individual data is the raw material; the published Index is the synthesis.
We also use your specific outreach history to give you personalized intelligence in your weekly report and, if you've subscribed to Outlum.AI, AI-generated pitch suggestions in Gmail compose.
How we store it
Your data lives in PostgreSQL on infrastructure managed by Outlum (hosted on Supabase). It is encrypted in transit and at rest. We do not share individual user data with any third party.
Your API key — the credential the extension uses to talk to our backend — is stored only as a one-way SHA-256 hash. If our database were ever exposed, your raw key could not be recovered from it.
What we publish
The Outlum Index publishes aggregate statistics drawn from the whole user base. To prevent any individual user from being re-identified through aggregate data, we apply a strict minimum bucket size: no statistic is published unless the underlying group contains at least 50 users. Smaller groups are dropped from the public report.
What we never publish: Anything traceable to a single sender, recipient, or company.
Deleting your data
You can permanently delete everything Outlum holds about you at any time, directly from the extension.
When you confirm "Delete all my data", we immediately and irreversibly remove your account key along with every email and outcome record tied to it.
This is a true deletion, not a soft "mark as hidden." Because we do not keep backups or snapshots of your data, there is no second copy to age out — once the deletion runs, your records are permanently removed within seconds and cannot be recovered by you or by us.
After you delete, your access key stops working. There's nothing to "log back into" — if you choose to use Outlum again later, you'll start fresh with a brand-new key and no prior history.
For our own product metrics we keep a single anonymous tally that a deletion occurred (a count and a timestamp, with no identifier of any kind). This lets us report aggregate numbers like "deletions this month" without retaining anything that could be traced back to you.
Children and updates
Outlum is a B2B tool intended for users 18 and over; we do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will remove it.
If we make material changes to this policy, we will update the date at the top and, for changes that affect how your data is used, notify users by email before the change takes effect.
Contact
For privacy questions, requests, or concerns: [email protected]
We respond to all privacy inquiries within 5 business days.