Privacy Policy
Last Updated: February 15, 2026
1. INTRODUCTION
This Privacy Policy describes how Manuel Kollus, operating as Outseeker ("Outseeker", "we", "us", "our"), collects, uses, processes, and protects your personal information when you use our platform available at https://outseeker.net and https://dashboard.outseeker.net (collectively, the "Platform").
Our Commitment: We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Polish data protection laws.
Contact Information:
- Data Controller: Manuel Kollus
- Address: Marcina Kasprzaka 31/119, 01-234 Warsaw, Poland
- Email: manuel@kollus.io
- Telegram: @outseekersupport
By using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.
2. SCOPE AND APPLICABILITY
2.1 Who This Policy Applies To
This Privacy Policy applies to:
- Users who visit our website (outseeker.net)
- Registered users and customers who create accounts
- Team members added to Agency Plan accounts
- Anyone who interacts with our Platform
2.2 Third-Party Services
This Privacy Policy does not cover:
- Third-party websites or services linked from our Platform
- Data processing practices of our payment processor (LemonSqueezy)
- OnlyFans platform policies and practices
2.3 Age Restriction
Our Platform is intended for users aged 18 and over. We do not knowingly collect personal information from individuals under 18 years of age. If we discover that a user is under 18, we will immediately delete their account and all associated personal data.
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
Account Registration Information:
- Full name
- Email address
- Mobile phone number
- Telegram username (optional)
- Agency name
- Agency size/number of employees
- Password (stored as encrypted hash using bcrypt)
Billing Information:
- Customer ID from LemonSqueezy (our payment processor)
- Billing address (stored by LemonSqueezy, not by us)
- Payment method information (stored by LemonSqueezy, not by us)
Note: Credit card and payment details are processed and stored exclusively by LemonSqueezy. We never have access to your full payment card information.
Team Member Information (Agency Plan):
- Team member names
- Team member email addresses
Communications:
- Messages sent to our support team via email or Telegram
- Feedback, inquiries, and support requests
- Chat conversations with creators through the Platform
Outreach Account Activity Monitoring:
We monitor and track the activity of Outreach Accounts provided to you for operational and quality assurance purposes:
- Number of messages sent (outgoing)
- Number of messages received (incoming)
- Response rates and engagement metrics
- Account health and delivery status
- Technical performance indicators
Important: While we monitor account activity metrics, we do NOT read the actual content of your chat conversations with creators. We only track quantitative data (message counts, timestamps, response rates) to ensure the Outreach Accounts are functioning properly.
3.2 Information Collected Automatically
Usage and Analytics Data (Dashboard Only - PostHog):
When you use the Platform dashboard, we automatically collect:
- Feature usage data (which features you use, how often)
- Page views within the dashboard
- Click events and interactions
- Session duration and frequency
- User interface interactions
Website Analytics (Landing Page Only - Vercel Analytics):
When you visit our website (outseeker.net), we collect (with your consent):
- Pages visited and time spent on pages
- Referring website/source
- Browser type and version
- Device type and operating system
- General geographic location (city/country level)
- IP address (anonymized)
Marketing Data (Landing Page):
We do not currently use marketing cookies or pixels on the landing page. If we add them in the future, they will require your consent.
Technical and Security Data:
- IP address (for security and fraud prevention)
- Browser type and version
- Device identifiers
- Operating system
- Referral URLs
- Login timestamps
- Session information
Trial Abuse Detection Data:
We specifically collect and analyze the following data to detect and prevent trial abuse:
- IP addresses
- Device fingerprints
- Email patterns and domains
- Registration patterns and timestamps
- Account behavior patterns
This data is retained for 1 year for security and fraud prevention purposes.
3.3 Data We Do NOT Collect
- Social Security Numbers or government ID numbers
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic or biometric data (beyond password hashing)
- Health information
- Sexual orientation data
4. HOW WE USE YOUR INFORMATION
4.1 Legal Bases for Processing
We process your personal data based on the following legal grounds under GDPR:
- Contract Performance (GDPR Article 6(1)(b)): Providing access to the Platform, processing payments, delivering customer support, managing team member access
- Legitimate Interests (GDPR Article 6(1)(f)): Analyzing usage, detecting fraud, conducting analytics, troubleshooting
- Consent (GDPR Article 6(1)(a)): Marketing communications, non-essential cookies
- Legal Obligations (GDPR Article 6(1)(c)): Retaining financial records (7 years), responding to law enforcement
4.2 Specific Purposes
Service Delivery: Creating accounts, authentication, Platform features, real-time updates via Pusher, payments via LemonSqueezy, team management.
Customer Support: Responding to inquiries, troubleshooting, onboarding, proactive notifications about Outreach Account activity and performance.
Analytics and Improvement: Understanding usage, improving UI/UX, developing new features.
Security and Fraud Prevention: Detecting trial abuse, identifying suspicious activity, preventing unauthorized access.
Marketing and Communications: Transactional emails, service announcements, proactive Outreach Account notifications, marketing (with opt-out).
Cross-Company Marketing: As detailed in our Terms of Service Section 16, your contact information may be shared with other Manuel Kollus entities in the creator economy. You can opt-out anytime via "Unsubscribe" or by emailing manuel@kollus.io with subject "Opt-Out Cross-Company Marketing".
Legal Compliance: Financial records (7 years), legal requests, enforcing Terms of Service.
5. COOKIES AND TRACKING TECHNOLOGIES
5.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and analyze how you use the site.
5.2 Cookie Categories
5.2.1 Landing Page Cookies (outseeker.net)
We use a custom cookie consent solution. Users must actively accept cookies before non-essential cookies are set.
Strictly Necessary Cookies (Always Active):
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| cookie_consent | Stores cookie consent preferences | 1 year | Outseeker |
| outseeker_referral | Referral attribution for affiliate links | 30 days | Outseeker |
| session_temp | Temporary session for form submissions | Session | Outseeker |
| wistia_* | Video playback and session data | Session/varies | Wistia |
| csrf_token | Security token (CSRF protection) | Session | Outseeker |
Analytics Cookies (Requires Consent): Vercel Analytics (privacy-preserving, no cookies). Loaded only with consent.
Functional Cookies (Always Active): Wistia loads for video playback. May collect session/cookie data for embedded videos. Required for video content to function.
Marketing Cookies (Requires Consent): Currently none active. Marketing cookies require consent.
5.2.2 Dashboard Cookies (dashboard.outseeker.net)
No cookie banner—all cookies are strictly necessary or legitimate interest (GDPR Art. 6(1)(f)).
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| session_id | Login session | 30 days | Outseeker |
| auth_token | API authentication | 30 days | Outseeker |
| csrf_token | CSRF protection | Session | Outseeker |
| ph_* | PostHog product analytics | 1 year | PostHog |
| posthog_session | PostHog session tracking | Session | PostHog |
PostHog: No session replay. Linked to User ID. 7-year retention. Legal basis: Legitimate interest.
5.3 Managing Your Cookie Preferences
Landing Page: Adjust via cookie settings link in footer. Withdraw consent for analytics/marketing anytime. Strictly necessary cannot be disabled.
Dashboard: Essential cookies required for login. Object to PostHog: contact manuel@kollus.io.
Browser: Chrome (Settings > Privacy), Firefox (Options > Privacy), Safari (Preferences > Privacy), Edge (Settings > Privacy). Disabling essential cookies prevents Platform use.
5.4 Do Not Track (DNT)
Our website does not currently respond to Do Not Track browser signals. You can manage cookies through the methods described above.
6. HOW WE SHARE YOUR INFORMATION
6.1 Third-Party Service Providers (Subprocessors)
We share data with: LemonSqueezy (payments, USA), OVHcloud (hosting, USA), Hetzner (hosting, EU), Cloudflare (CDN, global), Vercel (frontend and analytics, global), Google Cloud (backups, EU), PostHog (analytics, EU), Wistia (video hosting, USA, loads for video playback), BetterStack (monitoring, EU), Sentry (errors, USA), Pusher (real-time, USA/EU), Cal.com (scheduling, USA). All bound by data processing agreements and GDPR safeguards.
6.2 Other Data Sharing
Cross-Company Marketing: Contact info may be shared with other Manuel Kollus entities. Opt-out: Unsubscribe link or email manuel@kollus.io with "Opt-Out Cross-Company Marketing".
Business Transfers: Data may be transferred in mergers/acquisitions; you will be notified.
Legal Requirements: We may disclose if required by law, court order, or to protect rights.
6.3 Data We Do NOT Share
We do not sell your data, share with data brokers, provide to competitors, or share sensitive information.
7. INTERNATIONAL DATA TRANSFERS
Your data may be transferred outside the EEA (e.g., USA). We use EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), and adequacy decisions. Primary hosting: OVHcloud (USA), Hetzner (EU). Your GDPR rights remain protected. We use TLS encryption, access controls, and data minimization.
8. CHAT CONTENT AND COMMUNICATIONS PRIVACY
We Do NOT Read Your Conversations. We do not read, review, or analyze message content. We do not use chat content for AI training. We monitor quantitative metrics only: message counts, response rates, timestamps, account health. We may proactively contact you about performance. We may access chat content only: at your explicit request for support, valid legal order, or automated ToS violation flag (manual review). You can export chat histories and request deletion via manuel@kollus.io.
9. DATA RETENTION
| Data Category | Retention | Legal Basis |
|---|---|---|
| Account information | Active subscription | Contract |
| PostHog analytics | 7 years | Legitimate interest |
| Vercel Analytics | Per provider policy | Consent |
| Wistia (video) | Per provider policy | Legitimate interest |
| IP/security logs | 1 year | Fraud prevention |
| Chat conversations | Active subscription | Contract |
| Error logs | 90 days | Legitimate interest |
| Database backups | 90 days | Legitimate interest |
After Cancellation: 30-day grace period to export data. After 30 days: permanent deletion of account, team, outreach, leads, chats. We retain: financial records 7 years (tax), aggregated anonymized analytics, security logs 1 year.
Automated deletion: email reminder 7 days before deadline; deletion within 48 hours of day 30. Manual deletion request: manuel@kollus.io, processed within 3 business days.
10. DATA SECURITY
Technical: TLS 1.3 in transit, AES-256 at rest, bcrypt for passwords. DDoS protection, WAF, intrusion detection. Role-based access, MFA for admins, audit logging.
Organizational: Only Manuel Kollus has direct database access. We do NOT read chat content, passwords, or payment info. Incident response plan, vendor vetting.
Your Role: Use strong password, don't share credentials, log out on shared devices. Report suspicious activity to manuel@kollus.io. 2FA not yet available.
Data Breach: We will notify you within 72 hours via email and report to Polish DPA as required by GDPR Article 33.
Limitations: No system is 100% secure. You are responsible for protecting your credentials.
11. YOUR RIGHTS UNDER GDPR
- Access (Art. 15): Email manuel@kollus.io "Data Access Request" — JSON within 3 business days
- Rectification (Art. 16): Email corrections — verified and updated within 3 business days
- Erasure (Art. 17): Email "Data Deletion Request" — 30-day grace period, then permanent deletion (except legal requirements)
- Restriction (Art. 18): Email "Restrict Processing Request"
- Portability (Art. 20): Export via dashboard or email "Data Portability Request" — JSON within 3 days
- Object (Art. 21): Unsubscribe for marketing; email for PostHog/analytics opt-out
- Withdraw Consent: Cookie preferences, Unsubscribe link, or email
- Complaint: Polish DPA (UODO): uodo.gov.pl, kancelaria@uodo.gov.pl, +48 22 531 03 00
No fee for exercising rights. We may verify identity before fulfilling requests. Unfounded/excessive requests may incur administrative fee.
12. CHILDREN'S PRIVACY
Platform is for users 18+. We do not knowingly collect from under-18. If discovered: immediate suspension, data deleted within 24 hours, no refund, permanent ban. Parents: contact manuel@kollus.io. LemonSqueezy credit card verification serves as age check.
13. CHANGES TO THIS PRIVACY POLICY
We may update at any time. "Last Updated" date reflects changes. Material changes: we do NOT send proactive email notifications—please check the date periodically. Continued use = acceptance. Disagree: cancel subscription or request deletion. No refunds for policy changes.
14. CONTACT US
Data Controller: Manuel Kollus
Email: manuel@kollus.io | Telegram: @outseekersupport
Address: Marcina Kasprzaka 31/119, 01-234 Warsaw, Poland
Response times: General 3 days, GDPR requests 3 days (legal max 30), Breach 72 hours.
Supervisory authority: UODO — uodo.gov.pl, kancelaria@uodo.gov.pl
14. ADDITIONAL INFORMATION
California (CCPA): We do NOT sell personal information. CCPA requests: manuel@kollus.io "CCPA Request".
Third-Party Links: This policy does not apply to external sites. Review their privacy policies.
Language: English version prevails over translations.
15. ACCEPTANCE
By registering, accessing, or using the Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy.
If you do not agree, you must not use the Platform.
— END OF PRIVACY POLICY —
APPENDIX: SUBPROCESSOR LIST
Complete list of third-party subprocessors with access to your personal data:
| Service | Purpose | Location | GDPR Safeguards |
|---|---|---|---|
| LemonSqueezy | Payment processing | USA | EU-US DPF, SCCs |
| OVHcloud | Server hosting | USA | GDPR, SCCs, encryption |
| Hetzner | Server hosting | Germany/Finland | GDPR, ISO 27001 |
| Cloudflare | CDN, security | Global | GDPR, SCCs |
| Vercel | Frontend hosting, analytics | Global | GDPR |
| Google Cloud | Backup storage | EU | GDPR, encryption |
| Pusher | Real-time updates | USA/EU | GDPR, encryption |
| Cal.com | Call scheduling | USA | GDPR, SOC 2 |
| PostHog | Product analytics | EU | GDPR |
| Wistia | Video hosting, analytics | USA | EU-US DPF, SCCs |
| BetterStack | Monitoring, logs | EU | GDPR |
| Sentry | Error tracking | USA | EU-US DPF, SCCs |
Last Updated: February 15, 2026. This list may be updated; major changes reflected in policy updates.
Questions? Contact manuel@kollus.io