Privacy Policy

LamparaLab
Last updated: June 2026

1. Introduction

This Privacy Policy explains how LamparaLab collects, uses, and protects personal data when you visit our website, communicate with us regarding our services, or are contacted by LamparaLab (or by a LamparaLab client) as part of outbound prospecting.

LamparaLab provides go-to-market (GTM) systems — including revenue analytics and signal-based outbound — for businesses using marketing, CRM, product, and operational data sources.

This policy applies to personal data collected through the LamparaLab website, through direct communication with LamparaLab, and through our outbound prospecting and outreach activities.

2. Data Controller

LamparaLab is operated by an independent professional based in Spain.

Data Controller:
Anna Orestova
Malaga, Spain
Contact: hello@lamparalab.com

3. Personal Data We Collect

Information you provide

When contacting LamparaLab or requesting a demo we may collect:

• first name
• last name
• email address
• company website
• message content (if provided)

Automatically collected information

When visiting the website we may collect limited technical information such as:

• IP address
• browser type
• device information
• referring pages
• interactions with the website
• cookies and analytics data

This information helps us understand how visitors use the website and improve the service.

LamparaLab does not intentionally collect sensitive personal data.

4. Personal Data We Process for Outbound Prospecting

As part of our GTM and outbound services, LamparaLab identifies and contacts potential business customers ("prospects"). For this purpose we process limited business-context personal data about individuals acting in their professional capacity:

• full name and job title
• business email address
• public professional profile (e.g., LinkedIn URL)
• employer name, company website, and firmographic data (size, industry, funding stage)

This data is obtained from the individual's employer website and from third-party and public sources, including professional networks (accessed via Apify), email-verification providers (Hunter.io), public regulatory filings (SEC EDGAR), and publicly available web pages. We do not knowingly process special-category (sensitive) personal data for this purpose.

Legal basis. Prospect data is processed under the legitimate interest (Art. 6(1)(f) GDPR) of LamparaLab or its client in B2B business development, balanced against the rights of the individuals concerned. Where LamparaLab runs outreach on behalf of a client, the client is responsible for ensuring a valid legal basis to contact the prospects.

Source disclosure (Art. 14 GDPR). Because this data is not collected directly from the individual, we disclose the categories of sources above. It is used only to assess business fit and to send relevant business communications.

Your choices. Every outreach email includes a one-click unsubscribe link. You may also object to processing or request deletion at any time at hello@lamparalab.com; on unsubscribe or objection, the address is suppressed from further outreach.

5. How We Use Personal Data

Personal data may be used to:

• respond to demo requests or inquiries
• communicate with potential clients
• operate and improve the LamparaLab website
• maintain service security and prevent abuse
• analyze website usage and performance
• identify, qualify, and contact prospective business customers
• operate outbound email outreach (including suppression of opt-outs, replies, and bounces)

LamparaLab does not sell or rent personal data to third parties.

6. Legal Basis for Processing (GDPR)

Personal data is processed under the following legal bases:

Consent
When you voluntarily submit information through forms or accept cookies.

Legitimate Interest
To operate, secure, and improve the website, communicate with potential B2B clients, and conduct B2B outbound prospecting as described in Section 4.

Individuals whose personal data is processed based on legitimate interests may object to such processing at any time by contacting hello@lamparalab.com. Where personal data is processed for direct outreach, such objection is honoured without exception, and the address is suppressed from further contact.

Contract Performance (Art. 6(1)(b) GDPR)
Where processing is necessary for the performance of a contract with a client or in order to take steps at the request of a client prior to entering into a contract.

7. Role of LamparaLab

LamparaLab may act as either a Data Controller or Data Processor depending on the context.

Data Controller
For personal data collected through:

• the website
• demo requests
• communications with LamparaLab
• prospect data used for LamparaLab's own outbound prospecting.

Data Processor
When LamparaLab processes business data provided by clients as part of analytics or outbound services (including running outreach on a client's behalf).

In those cases:

• the client remains the Data Controller
• LamparaLab acts as a Data Processor
• data processing occurs solely to deliver the agreed services and in accordance with client instructions.

Processing of client data through the LamparaLab analytical platform, including data submitted via the chat interface, is governed by separate client agreements.

8. Use of Artificial Intelligence

LamparaLab may use artificial intelligence systems to assist with data analysis and interpretation.

AI systems are used strictly as analytical tools to support business insights.

LamparaLab may rely on third-party AI providers to process analytical queries and generate responses. Such providers operate under contractual data protection obligations, including Data Processing Addendums and Standard Contractual Clauses where applicable.

Client data processed through AI systems:

• is used solely for the purpose of delivering the LamparaLab service
• is not used by LamparaLab to train public AI models
• is processed under confidentiality and appropriate technical safeguards

Key sub-processors used by LamparaLab include:

• Amazon Web Services (AWS) — cloud infrastructure and data storage (EU region: eu-north-1)
• Anthropic — AI-powered data analysis, interpretation, and outbound qualification
• HubSpot — CRM and form submission processing (HubSpot Inc., USA)
• Neon — managed Postgres database for the outbound prospect pipeline (EU region: eu-central-1)
• Apify — collection of public professional and company data (USA)
• Hunter.io — business email lookup and verification
• Google — email delivery via Gmail API for outreach, and GA4/BigQuery data access for analytics
• MailReach — sending-domain warmup

A complete and up-to-date list of sub-processors is available upon request at hello@lamparalab.com.

AI-generated outputs are intended to support analysis and should not replace independent business judgment.

LamparaLab's use of third-party AI providers is subject to those providers' terms and policies, which may change. LamparaLab will notify clients of any material changes to sub-processor arrangements that may affect data processing.

9. Third-Party Service Providers

LamparaLab may rely on trusted third-party providers to operate the service, including providers of:

• cloud infrastructure
• artificial intelligence systems
• analytics platforms
• CRM and contact management
• communication or email services
• data enrichment and email verification.

These providers process data only as necessary to support the operation of the service and are subject to contractual confidentiality and data protection obligations.

Where client analytics data is processed, LamparaLab primarily relies on infrastructure located within the European Union. Some outbound enrichment and delivery providers (such as Apify, Hunter.io, and Google) are located in the United States; see Section 13.

10. Cookies

The LamparaLab website uses cookies and similar technologies.

Cookies help to:

• analyze website traffic
• understand user interactions
• improve website functionality.

Non-essential cookies (such as analytics cookies from Google Analytics and HubSpot) are used only after user consent through a cookie banner.

Form submissions (such as demo requests) are sent to HubSpot CRM for the purpose of responding to your inquiry. This occurs independently of cookie consent, based on legitimate interest, as it processes only data you voluntarily provide.

Users may disable cookies through browser settings, although some website features may not function properly without them.

Outreach emails sent by LamparaLab do not use tracking pixels. Links in those emails are wrapped with a signed click-tracking redirect (link.lamparalab.co) so we can tell whether a recipient engaged; this does not set any cookies on your device.

11. Data Retention

Personal data collected through the website is retained only for as long as necessary to:

• respond to inquiries
• provide services
• comply with legal obligations
• resolve disputes and enforce agreements.

Business data processed for clients is retained only for the duration required to provide the agreed services or as specified in contractual agreements with the client.

Indicative retention periods:

• Demo requests and contact form submissions: deleted within 12 months if no further engagement occurs
• Server logs: retained for up to 90 days
• Client data: retained for the duration of the service agreement plus 30 days, after which it is deleted unless otherwise agreed or required by law
• Prospect data (outbound): retained while a prospect remains a relevant business opportunity; on unsubscribe or objection, only the minimum needed to honor that request is kept (a suppression record). Deduplication keys are retained for up to 90 days; raw source extracts are kept only as an operational cache.

12. Data Security

LamparaLab applies reasonable technical and organizational safeguards to protect personal data, including:

• restricted access controls
• secure infrastructure
• monitoring and logging
• encryption where appropriate.

While reasonable precautions are taken, no system can guarantee absolute security.

13. International Data Transfers

Some service providers used by LamparaLab may process data outside the European Economic Area. This includes certain outbound enrichment, verification, and email-delivery providers located in the United States.

Where such transfers occur, LamparaLab ensures appropriate safeguards are applied consistent with GDPR requirements, including contractual data protection measures.

14. Your Rights

Under applicable data protection laws you may have the right to:

• access your personal data
• correct inaccurate information
• request deletion
• restrict processing
• request data portability
• object to processing.

Requests may be submitted to: hello@lamparalab.com

15. Changes to This Policy

LamparaLab may update this Privacy Policy periodically.

Updated versions will be published on this page.

16. Contact

For privacy-related questions contact: hello@lamparalab.com