Legal
Privacy Policy
This Privacy Policy describes how Cold Labs EOOD ("Cold Labs," "we," "us," or "our") collects, uses, and protects information when you visit coldlabs.ai (the "Website") or engage with our services. We are committed to protecting your privacy and handling your data transparently.
By using our Website or services, you agree to the practices described in this policy.
1. Who we are
Cold Labs EOOD is a cold email outbound agency operating globally. We help B2B agencies and service businesses build, run, and scale outbound systems.
- Company: Cold Labs EOOD
- VAT: BG208112054
- Registered address: 54 Rila, Kyustendil, 2500, Bulgaria
- Contact: support@coldlabs.ai
2. Information we collect
We collect a limited amount of information, only when you choose to provide it.
2.1 Information you provide directly
When you book a meeting with us through our scheduling form (powered by Go High Level), we collect:
- Your full name
- Email address
- Phone number
We do not collect data from website visitors who do not book a meeting. We do not add visitors to marketing email lists. We do not run cold outreach to people who visit our Website.
2.2 Information shared during service delivery
If you engage Cold Labs as a client, we'll collect additional information necessary to deliver the service, including:
- Company name, website, and relevant business details
- Your ideal customer profile (ICP) and target market
- Information shared during onboarding calls and strategy sessions
2.3 Information collected automatically
When you visit coldlabs.ai, our hosting provider and analytics tools may automatically collect technical information such as:
- IP address
- Browser type
- Device type
- Pages visited
- Referring URL
This data is used solely to operate and improve the Website. It is not used to contact you.
3. How we use your information
We use the information we collect to:
- Schedule and conduct the meeting you booked
- Deliver our services if you become a client
- Respond to your inquiries and provide information about Cold Labs
- Maintain and improve our Website
- Comply with legal obligations
We do not sell your personal information. We do not share it with third parties for their marketing purposes. We do not add Website visitors to email campaigns.
4. Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under one or more of the following legal bases:
- Consent: When you book a meeting or fill out a form, you've actively chosen to share your information with us.
- Contract: When processing is necessary to deliver services you've engaged us for.
- Legitimate interests: When we have a legitimate business interest, such as responding to your inquiry.
- Legal obligation: When we are required to process data to comply with the law.
5. Cookies and tracking
We use a minimal set of cookies and similar technologies to operate the Website and understand traffic. These may include:
- Essential cookies: Required for the Website to function.
- Analytics cookies: Help us understand how visitors use our Website.
You can control cookies through your browser settings. Disabling cookies may affect some functionality of the Website.
6. How we share your information
We do not sell your personal information. We only share data in the following circumstances:
- With service providers: We use trusted third-party tools to operate our business. These providers are bound by confidentiality and data protection obligations.
- For legal reasons: We may disclose information if required by law, regulation, court order, or government request.
- In business transfers: If Cold Labs is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before this happens.
7. Third-party tools we use
To operate our business, we rely on the following types of tools. Each has its own privacy policy you can review:
- Scheduling and CRM: Go High Level, iClosed
- Communication: Slack, Google Meet, Google Workspace
- Analytics: Google Analytics or similar
- Internal infrastructure: Supabase (database), Notion (documentation)
- AI tools: Claude (Anthropic) and similar large language models for internal workflows
We do not use these tools to contact you unless you've explicitly engaged with us first.
8. Cold Labs Desk and Google API Services
Cold Labs Desk (desk.coldlabs.ai) is our internal client operating dashboard. When a client connects their Google Calendar to Cold Labs Desk, we use the Google Calendar API on their behalf.
Scopes we request. We request only the https://www.googleapis.com/auth/calendar.readonly scope (read-only access to calendars and events), plus openid and email to identify the authenticated user. We do not request, store, or write any other Google account data.
What we read. We read calendar event metadata: event ID, title, start and end times, organizer email, attendee emails, status, description, location, and the meeting URL when present. We compare attendee emails against the client's prospect database to detect when a known lead is on a booked meeting.
What we store. We store only the minimum required to operate the integration: the OAuth refresh token (encrypted at rest), the watched calendar ID, the active Google watch-subscription channel ID and its expiration, the sync token for incremental fetches, and a per-event audit log row containing the values listed above. We do not store event content beyond what is listed. We never read data from non-watched calendars or from other users' calendars.
How we use the data. We use Google Calendar data solely to: (a) identify when a prospect already in the client's database has a booked meeting, (b) update that prospect's status inside the client's Cold Labs Desk dashboard and connected MasterInbox workspace, and (c) post a notification to the client's chosen Slack channel. We do not use Google user data for advertising, AI model training, or any purpose unrelated to providing the dashboard feature described here. We do not transfer Google user data to third parties except as required to provide and improve the dashboard, comply with applicable law, or in connection with the merger, acquisition or sale of assets.
Limited Use. Cold Labs Desk's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Retention. We retain Google Calendar data for the same duration as other client data described in the Data Retention section. When a client disconnects the integration or terminates their engagement, we tear down the Google watch subscription, delete the stored refresh token, and remove the related rows from our database.
Revoking access. Clients can revoke Cold Labs Desk's access to their Google account at any time from their Google Account → Security → Third-party apps with account access, or by clicking Disconnect on the Google Calendar integration card inside Cold Labs Desk.
9. Data retention
We retain your personal information only for as long as necessary:
- Booking form data (if you do not become a client): Retained for up to 24 months after last contact, then deleted.
- Client data: Retained for the duration of our engagement and for a reasonable period afterward to handle post-engagement matters and legal obligations.
You can request earlier deletion at any time by contacting us.
10. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that inaccurate or incomplete data be corrected.
- Deletion: Request that we delete your personal data, subject to legal exceptions.
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing based on legitimate interests.
- Portability: Request that we transfer your data to another service provider.
- Withdraw consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at support@coldlabs.ai. We will respond within 30 days.
If you are in the EU/UK and believe we have mishandled your data, you have the right to file a complaint with your local data protection authority. In Bulgaria, that authority is the Commission for Personal Data Protection (CPDP).
11. California residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- The right to know what personal information we collect, use, and share
- The right to delete your personal information
- The right to correct inaccurate personal information
- The right to opt out of the sale or sharing of your personal information (note: we do not sell personal information)
- The right to non-discrimination for exercising your privacy rights
To exercise these rights, contact us at support@coldlabs.ai.
12. Data security
We take reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- Encrypted data transmission (HTTPS)
- Access controls and authentication for internal systems
- Limited employee access on a need-to-know basis
No system is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security.
13. International data transfers
Cold Labs operates globally with a distributed team. Your data may be processed in countries outside your country of residence, including outside the EEA. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
14. Children's privacy
Our services are intended for business use only and are not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.
15. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. For significant changes, we'll notify you through email or a notice on our Website.
16. Contact us
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
Cold Labs EOOD
54 Rila, Kyustendil, 2500, Bulgaria
VAT: BG208112054
Email: support@coldlabs.ai
Website: coldlabs.ai
This Privacy Policy is effective as of the "Last updated" date above and applies to all visitors and users of coldlabs.ai and our services.
← Back to coldlabs.ai