Current Privacy Policy

Archived version (March 30, 2026): This Privacy Policy is provided for reference only. An even older version is available here.

Privacy Policy

Last Updated: 2026-03-30 (Previous versions)

1. General Information

This Privacy Policy applies to the website www.cyranosales.com ("Website"), the application app.cyranosales.com, and our Chrome Extension (collectively, the "Service"), operated by Histack, Inc. ("we," "us," "our").

Responsible Controller: Histack, Inc. 1111B S Governors Ave STE 21755, Dover, DE 19904, USA Email: info@histack.io

2. Data Collection on our Website (Marketing)

When you visit www.cyranosales.com, we process the following data:

  • Server Logs: Your IP address, browser type, and timestamp are processed technically to ensure site stability and security.
  • Privacy-First Analytics: We use Plausible Analytics (via rpcld.com) for web analytics. This tool is configured to be "cookieless" and does not store personal data profiles.
  • Booking Strategy Sessions (Cal.com): If you book a meeting via our embedded calendar, your name, email, and appointment details are processed by Cal.com, Inc. (USA) to schedule the call.
  • Cookies and Marketing Communications: We use tracking technologies (including Essential, Analytics, and Marketing cookies) on our main website to ensure seamless authentication and to analyze traffic. You may manage your cookie preferences through your browser settings. You may opt-out of marketing communications at any time via the "unsubscribe" link in our emails, but you will continue to receive essential transactional emails regarding your account.

3. Data Collection in our Application & Extension

The extension is offered in line with the Chrome Web Store User Data Policy, including Limited Use. If we use Google Workspace APIs, we follow the Google API Services User Data Policy. We collect only what we need for core outreach functionality and do not sell your personal data. Specifically, data obtained via Google Workspace APIs will not be used for marketing, advertising, or developing generalized AI models.

When you register for or use app.cyranosales.com or install our Chrome Extension, we process data to provide our SaaS product:

  • Account Data: We collect your name, email address, password (hashed), and login method (e.g., Google/Microsoft SSO) to create and manage your account.
  • Contextual Data (LinkedIn) & Data Ownership: When you use the Chrome Extension Sidekick features to extract data from LinkedIn or other third-party platforms to formulate messages, you are the Data Controller of that target data, and Cyranosales acts solely as your Data Processor. It is your sole responsibility to ensure you have a lawful basis (e.g., under GDPR or CCPA) to process the target's data. This data is processed to generate suggestions.
  • User Content: To provide our AI sales training service, we process the texts, instructions, and other content you explicitly upload or generate.
  • Authentication & Security: We use strictly necessary cookies and local storage tokens solely to keep you logged in and ensure the security of your session.
  • Payment Data: We do not store full credit card details. Payments are processed by our PCI-compliant provider, Stripe, Inc.
  • Usage Telemetry: We analyze general app usage patterns to improve our product and occasionally provide relevant feature recommendations or upgrade offers (Legitimate Interest, Art. 6(1)(f) GDPR).
  • AI Observability & Tracing: We use Langfuse (hosted in the EU) to monitor the performance and accuracy of our AI features. This processes user interactions and technical logs to identify errors, hallucinations, and improve model quality.

Purpose & Legal Basis

  • Purpose: To provide the Service, deliver context-aware AI suggestions (Sidekick), and, if included in your subscription plan, to train AI models specific to your account.
  • AI Model Training Opt-Outs: We respect your proprietary data. Cyranosales does not use your personal data or your targeted lead data to train or fine-tune our foundational AI models without your explicit consent. Depending on the third-party models we use (e.g., OpenAI API), your data is generally exempted from their model training by default, but we will notify you of any changes to this architecture.
  • Legal Basis: Performance of Contract (Art. 6(1)(b) GDPR).

4. Hosting & International Data Transfer

  • Database Location: Supabase (Frankfurt, Germany). Your core user data resides in the European Union.
  • AI Tracing Location: Langfuse (Ireland). Your AI interaction logs and performance data reside in the European Union.
  • Hosting Provider: Vercel Inc. (USA/Global). The frontend is delivered via a global CDN (Content Delivery Network).

Note on International Transfers: While your core database is located in Germany, our company (Histack, Inc.) and some of our sub-processors (e.g., Vercel, Stripe, Resend, OpenRouter) are based in the USA. Therefore, data may be accessed from or transferred to the USA. We ensure appropriate safeguards by relying on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (DPF) where applicable.

5. Third-Party Sub-processors

To provide our service, we use the following third-party service providers who may process your data:

  • Stripe, Inc. (USA) - Payment Processing
  • Cal.com, Inc. (USA) - Meeting Scheduling
  • Resend, Inc. (USA) - Transactional Emails
  • OpenRouter (USA) - AI Model Gateway
  • Langfuse (EU Cloud) - AI Observability & Error Tracing

Data Processing Addendum (DPA): For B2B customers requiring a DPA under GDPR Art. 28, please contact us at info@histack.io. B2B customers may request our standard DPA and a comprehensive list of our sub-processors.

6. Your Rights & Data Retention

Data Retention: We retain your account data for as long as your account is active, and delete or anonymize it within 30 days of account deletion, excepting data required for tax or legal compliance.

CCPA, GDPR & Data Subject Access Requests (DSARs): Whether you are covered by the GDPR, CCPA, or other state privacy laws, you (and the individuals you contact) have the right to request access, correction, deletion, or portability of personal data by contacting us at info@histack.io. We do not knowingly collect data from children under 18.

7. Data Security

We implement industry-standard encryption in transit and at rest to protect your data. We rely on compliant, enterprise-grade third-party processors (such as Stripe for PCI-DSS compliant payment processing) to ensure your sensitive information remains secure.