Privacy Policy

Revision Date: Aug 25, 2022

Privacy is core to our DNA, our culture, and our values. We are committed to making our policies clear and focused on empowering users to be masters of their identities–and their data.

We are committed to respecting everyone's privacy and design our services with this goal in mind in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”) and applicable data protection laws. In order to satisfy our customers’ expectations and to ensure the respect of data subjects’ rights, we regularly improve internal processes. This Privacy Policy describes what data we collect and how we process it. Should you have any questions, please reach out, we'll be glad to contact. Where does Tomba collect data? This Privacy applies to all services offered by Tomba including:

  • The Domain Search
  • The Email Finder
  • The Author Finder
  • The Linkedin Finder
  • The Email Enrichment
  • The Email Verifier
  • The Bulks
  • The Leads
  • CRM Integrations
  • Extensions and Addon-on

What information does Tomba collect?

When you are on our website

When you're using our website, we track your usage which includes statistics such as which pages you visit and how long you look at them. This information may include but is not limited to IP address, geolocation information, browser type and information about the use of our website, including a history of the pages you view.

If you create an account, we ask information such including but not limited to: your email, your name or what company you work for. All this information is used to personalize your experience or send you onboarding emails and invoices. In cases of high-risk of fraud, we might ask for a phone number for verification purposes (we never use it for marketing purposes). If you become a paying customer, we will collect your payment card information.

When you use our services

Whether it is through the API, the website, the Google Sheets add-on, or the browser extensions we provide; we monitor your usage, and log requests that you make. Those logs can include IP address, geolocation information, browser type, etc. We destroy those logs at the latest after 4 months.

When using our services, you might send us some data or data files (for the Email Finder and the Email Verifier for example).

When you contact our support

If you reach out via email or chat, we keep conversations and other data you might send during those exchanges. When you delete your account, those conversations are removed after a period of up to 6 months.

When we parse public web data

We use servers to look at publicly available online pages and process business data on them. Only public pages are looked at and only publicly available online data that can be found by a search engine are indexed by our servers. If a website, via a robots.txt file, asks crawlers not to look at the content, we respect this indication. Our robots view systematically the robots.txt file before exploring and indexing the public data available on the website. We are not responsible for the privacy policies and practices of other websites.

On those public pages, we look for business data such as names, professional emails, social networks URLs, etc. If we come across private consumer data (for example a Gmail or Hotmail address), we do not process it.

How do we use your data?

To provide our services

When creating an account, you agree to our Terms of Service which allows us to process your data to give you access to Tomba . This way, you can have an account on our website, save and process leads, invite other team members, etc.

To improve the User Experience

We're looking at usage patterns and various statistics to understand what to improve on Tomba . This includes, for example, doing A/B testing on new features.

We’re also using the data that goes through our services to improve the services themselves. We only use this information to validate data we already have or that is being supplied by a user, not to enrich our databases.

To inform businesses regarding content that is publicly displayed online

To provide the service, we also give you access to the publicly accessible business data we have indexed. It is important for our users' (and the businesses they work for) to have access to the business data already shared on the web. This helps them discover relevant contacts within companies they want to reach out to.

To offer customer support

We provide customer support via email or chat, to help you take full advantage of our service or fix any problem you encounter.

To fight fraud

There are always bad actors on the web: We actively fight credit card fraud and misuse of our services.

To market new services

Regularly, we launch new services. We’ll let users know about those releases if they have asked us to keep them up to date.

Your Rights, Controls and Choices

Your rights

You have the following rights in relation to the personal data that we hold about you:

  • To access your personal data, and some related information as described in the section below “know if we have information concerning you and what that information is”;
  • To require any inaccurate personal data to be rectified, completed including by means of providing a supplementary statement;
  • To require us to delete the personal data in certain circumstances;
  • To require us to restrict or block the processing of your personal data in certain circumstances (when processing is restricted, we can still store your personal data, but may not use it further);
  • To obtain from us your personal data, in a structured, commonly used and machine-readable format in certain circumstances. Further, you may have the right to require us to transmit your personal data directly to another person where it is technically feasible to do so; and
  • To object to our use of your personal data for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal data (and require them to be deleted) in some other circumstances;
  • Where we are processing your personal data based on your consent to such processing, to withdraw your consent at any time.

Update, correct and delete your information

If you're a direct user of our service, you can log in to your account and update your information directly there.

If your business data was found online, you can use our Claim feature to update or delete it.

Know if we have information concerning you and what that information is

In particular, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

  • If you're in our database
  • Exactly what data we hold
  • The purposes of the processing
  • How long the data will be kept
  • Where exactly on the web that information has been found
  • All other information as mentioned in article 15 of the GDPR

To get started, reach out at support@tomba.io or visit our Claim page.

Disable the processing and permanently remove all of your data

If you’re a user of our service, you can log in to permanently destroy your account.

If your data was found online, use our claim feature to get full control over it. You can delete all your data directly online without having to send a request via email.

If you have any concerns, please reach out first so we can have a chance to help: support@tomba.io. If you feel we’re not doing enough, you have the right to contact your local supervisory authority.

Services helping us manage your data

To provide our services, we rely on other companies that can partially manage your data. We carefully select our providers to ensure the privacy and security of your data. Our biggest providers are:

  • To secure connections with our users and speed up our services: Cloudflare WAF
  • Hosting: Cloudflare workers, digital ocean
  • For internal collaboration and emails: google workspace, slack ,Github ,trello , sendgrid , google analytics , microsoft clarity .

SPAM protection

This type of services analyzes the traffic of this Application, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

  • Google reCAPTCHA (Google Inc.) Google reCAPTCHA is a SPAM protection service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from. The use of reCAPTCHA is subject to the Google privacy policy and terms of use. Personal Data processed: Cookies; Usage Data. Place of processing: US – Privacy Policy. Privacy Shield participant.

Duration of the processing

For users of our service, we process your data as long as your account stays active and after 3 years of inactivity. Once your account is deleted or after 3 years of inactivity, we remove almost everything within a few days and all remaining artifacts within 3 months. If you’ve paid for Tomba , we might keep some information regarding your company for longer to comply with our legal obligations.

If your data was found online, we process it as long as it stays online. We make sure to regularly come back where we found it, if it isn't there anymore or if we believe that your personal data that we hold is inaccurate, we remove it from our databases and stop all processing.

Securing your data

We take the security of the data we manage very seriously and always try to keep our methods up-to-date. We've written a detailed document describing our Security Policy.

The servers we use to store and process personal data are exclusively in the European Union.

Additional notices for certain jurisdictions

California

We have prepared additional disclosures and notices consistent with the California Consumer Privacy Act (CCPA). Our Privacy Notice for California Residents, the terms of which are incorporated by reference into this Privacy Policy, can be found here.

Nevada

If you would like to request that we refrain from selling your Covered Information (as defined under Nevada law), please contact us at contact.

The company behind Tomba, Tomba technology web service LLC., is incorporated in the United States. You can reach us via email: support@tomba.io or snail-mail (only USPS): Tomba technology web service LLC, 2803 Philadelphia Pike Suite B #1228 Claymont, Delaware 19703 United States USA.