Last updated: Jan 10, 2026
At First Touch Inc. ("First Touch," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy outlines how we collect, use, process, and safeguard personal information in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Who We Are
Company Name: First Touch Inc.
Contact Email: info@firsttouch.com
Data Protection Officer (DPO): ms@firsttouch.com
2. Our Role: Controller vs. Processor
To clarify our responsibilities under GDPR:
We act as a Data Controller for your account data (e.g., your login, billing details, and settings).
We act as a Data Processor for the prospect and CRM data you process using our services. You (the customer) retain ownership of this data, and we process it solely to provide the services defined in our Terms of Service.
3. Data We Collect & Process
We process the following categories of data to provide our services:
Account Information: Name, email address, password (hashed), and payment information.
CRM Data: When you sync your third-party CRM, we process Contact properties such as Names, Job Titles, Emails, and Social URLs to facilitate enrichment and activity logging.
Usage Data: Logs of actions taken within the platform (e.g., "Connection Request Sent"), IP addresses, and browser type for security and debugging.
Social Data: Publicly available business information (e.g., Job Title, Company, Location) fetched at your direction to enrich your CRM records.
4. How We Use Your Data
We use your data for the following purposes:
Service Delivery: To execute the workflows, enrichments, and data syncs you have configured.
Activity Logging: To write engagement history back to your CRM timeline.
Security & Fraud Prevention: To detect unauthorized access and protect your account.
Communication: To send you critical service updates (we do not sell your email to third parties).
5. Lawful Basis for Processing (GDPR)We process data under the following legal bases:
Contractual Necessity: To fulfill our obligations to you under our Terms of Service.
Legitimate Interest: To improve our services and ensure network security.
Consent: Where you have explicitly authorized a third-party integration (e.g., OAuth connection).
6. Data Sharing & Sub-Processors
We do not sell your data. We share data only with the following trusted sub-processors required to run our infrastructure:
AWS (Amazon Web Services): Cloud hosting and secure database storage.
Stripe: Payment processing (we do not store full credit card numbers).
CRM Partners: We send data to your connected CRM platform strictly according to your configuration.
International Transfers:
Our infrastructure is located in the United States. For data transferred from the EU/EEA to the US, we rely on Standard Contractual Clauses (SCCs) and adhere to the principles of the EU-U.S. Data Privacy Framework.
7. Data Retention
Account Data: Retained for the lifetime of your account. Deleted upon request or after 12 months of inactivity.
Activity Logs: Operational logs are retained for 6 months for troubleshooting and reporting, after which they are anonymized or permanently deleted.
8. Your Rights (GDPR & CCPA)
You have the right to:
Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated data ("Right to be Forgotten").
Export your data in a portable format.
Opt-out of data processing (where applicable).
California Residents (CCPA): First Touch Inc. does not "sell" personal information as defined by the CCPA. You have the right to request disclosure of the categories of information we collect and to request deletion. To exercise any of these rights, please contact us at info@firsttouch.com. We respond to all requests within 30 days.
9. Security
We take reasonable and appropriate measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
These measures include:
Technical Safeguards: Utilization of industry-standard encryption protocols for data in transit and at rest.
Access Controls: Limiting access to personal information to those employees, contractors, and agents who have a business need to know.
Organizational Measures: Policies and procedures designed to maintain the confidentiality and integrity of your data.
If you have questions about our privacy practices, please email us at info@firsttouch.com or write to us at:
First Touch Inc.
453 Gilbert Ave.
Dallas, TX 75219
