Skip to main content
Disclaimer: This overview is provided for information purposes only and does not constitute legal advice. Customers are responsible for configuring First Touch to comply with applicable laws.

Roles & Scope

First Touch is purpose-built for B2B sales and go-to-market teams. We define our data relationship with you in two ways:
  • Customer as Controller: You control the data related to your prospects, customers, and users (“Customer Data”). We act as the Data Processor.
  • First Touch as Controller: For our own account management, billing, and marketing data, we act as the independent Data Controller.

Data We Collect

We aggregate data from four primary sources to power your workspace.

Directly Provided

Account & Contact Data
  • Name, role, team membership
  • Workspace settings & templates
  • Billing details (via PCI processor)
  • Support tickets & screenshots

Integrations

From CRM & Email Tools
  • CRM records (Salesforce, HubSpot)
  • Outreach sequences & templates
  • Email content & activity metrics
  • You retain ownership of this data

Product Usage

Telemetry & Logs
  • IP address & approximate region
  • Browser/Device type
  • Feature usage & UI interactions
  • Error logs & timestamps

Enrichment

Public Business Data
  • Public social profiles (LinkedIn etc.)
  • Company websites & tech stacks
  • Funding, hiring, & news data
  • Vendor-provided firmographics
We do not knowingly collect or infer “special category” data (health, religion, political opinions) or target minors.

AI Architecture & Privacy

First Touch utilizes AI to power research, summarization, and content generation. We prioritize data privacy in our AI implementation.

What We Process

  • Inputs: Prompts you type, context you highlight, and prospect attributes attached to the prompt.
  • Outputs: The AI-generated text (emails, scripts) and quality signals (edits, ratings).
No Public Training: By default, we do not authorize third-party model providers to use your Customer Data for training their general models. We send only the minimum necessary data (prompt + context) to generate the requested output.

Security & Compliance

To deliver a secure and reliable service, we utilize best-in-class third-party vendors.
CategoryExamples
Cloud InfrastructureAWS, Google Cloud (Hosting & Storage)
AnalyticsPostHog (Logging & Performance)
CommunicationsSendGrid (Email & Support)
IntelligenceOpenAI, Anthropic, Gemini (AI Models)
A detailed sub-processor list is available upon request.
We implement technical and organizational measures aligned with modern SaaS standards:
  • Access Control: Network and application-level restrictions; least-privilege access for production.
  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) where appropriate.
  • Monitoring: Continuous logging of critical systems and defined incident response procedures.
We retain data only as long as necessary:
  • Account Data: Life of account + reasonable period for tax/audit.
  • Product/AI Data: While workspace is active + limited period for support.
  • Logs: Short retention (e.g., 30–365 days).
  • Backups: Limited rolling window.
Upon termination or valid request, we delete or de-identify Customer Data in accordance with our DPA.
Legal Bases (GDPR): Performance of Contract, Legitimate Interests, and Consent.Your Rights: Depending on your jurisdiction, you have the right to Access, Correct, Delete, Restrict, or Port your data. We also support Opt-out mechanisms for marketing or “selling/sharing” as defined by CCPA.

Contact Us

For security reviews, DPA requests, or privacy inquiries, please reach out to our team.