1. Who we are
Viacurrent OÜ (Nafta 6-25, 10120 Tallinn, Estonia; "we") is the controller of the personal data we collect through Jungler's websites, apps and related services ("Services").
2. What we collect & why
Account data
We ask for your email address so we can create your account, sign you in, and support you. If you choose to sign in with a social provider we also receive the name on that profile. Sign-in is via magic link or social provider — we don't store passwords.
Billing data
Stripe collects and processes your payment card details securely so you can pay for the Service. We do not store your card number; we only receive billing metadata (like the last 4 digits and expiry date) to manage your subscription. This is necessary to fulfil our contract with you.
Usage & log data
Information such as IP address, device or browser type, pages visited and cookies helps us keep the service secure and understand how it's used. We use this under our legitimate interest in operating and improving the platform.
AI inputs & outputs
The prompts you send and the results you receive are processed so we can provide AI-powered features via Google Vertex AI (Gemini) and OpenAI. We use provider terms and settings designed to prevent your data being used for model training. The legal bases are performance of contract and our legitimate interest in offering these features.
Optional social-login data
If you choose to sign in with a social account, we receive your public profile and email to make the sign-in process friction-free. We process this data only with your consent.
Legal note: All legal bases refer to GDPR/UK GDPR requirements. Whenever we rely on consent, you may withdraw it at any time.
3. Cookies & analytics
We use a small number of cookies and lightweight analytics. None of them set a persistent identifying cookie until you explicitly act (click an affiliate link, open live chat, or sign in).
- Product analytics — on the marketing website we use a cookieless analytics mode (no persistent identifier, daily-rotating hash, no cross-day linkability). In the signed-in app we use PostHog EU Cloud for product analytics and session replay, and Mixpanel EU for backend event analytics (no cookies). Session replay is disabled on the marketing website and only runs for logged-in app users. We use it mainly to troubleshoot customer issues and debug product behaviour. Input fields, notes, prompts and other free-text entries are masked, but replay can show visible app content such as your account name, workspace screens, search results, and the business contact/profile data shown in lead tables. We process this under legitimate interest in keeping the product reliable and useful. You can object at any time by emailing legal@jungler.ai.
- Live chat — runs in privacy mode; a session cookie is set only when you open the chat.
- Affiliate referrals — if you arrive
through an affiliate link (
?via=...), a first-party cookie is stored on.jungler.aifor up to 60 days so the referring partner is credited if you sign up. Set only on the link click, never on regular visits. - Preference and authentication cookies in the signed-in app — remember UI choices (theme, sidebar, filters) and keep you signed in.
You can block or clear cookies in your browser; some features (chat, login, referral credit, saved UI preferences) may not work as a result. DPA sub-processors that handle Customer Data for business customers are listed at jungler.ai/sub-processors; controller-side analytics vendors are described in this policy.
4. Sharing
We share data only with vetted service providers that help us run the Service (hosting, email, payments, AI providers, analytics and debugging). We do not sell account data or Customer Data. Our B2B contact index is a paid discovery product, described below. Business customers contract with us under our Data Processing Agreement, and the current list of authorised sub-processors is published at jungler.ai/sub-processors.
5. International transfers
Our servers are in the EU. Where a sub-processor is outside the EEA/UK, we have EU Standard Contractual Clauses — plus the UK Addendum for UK personal data — in place with that vendor. Details are in the DPA.
6. If you're in our B2B contact index
Separately from running the Service for our customers, we maintain a B2B contact index — business professionals' name, job title, employer, work email, work phone, public profile URLs, and public professional activity, including public post/comment text, reactions and similar engagement signals visible on public professional platforms — that our customers can search for their own outreach. We compile it from publicly accessible business sources (public web pages, public professional profiles, public company directories, and licensed business-data partners). The index is intended for business-to-business discovery, not consumer profiling. We do not intentionally build searchable special-category fields; because public professional content can sometimes mention sensitive topics, we remove or suppress special-category data when identified.
For this index, we are the controller. Customers are controllers for their own searches, exports, outreach, and connected tools. When we store or process data in a customer's workspace at their instruction, we act as their processor under our DPA.
We rely on legitimate interest (Art. 6(1)(f) GDPR); a plain-English summary is at jungler.ai/legitimate-interest. Records that aren't queried or refreshed for 24 months are deleted or anonymised. If you ask us to remove you, we keep a minimal suppression record so we don't re-add you on a later refresh.
You can object, correct or delete your record using the Remove my data form (about a minute, no account needed) or by emailing legal@jungler.ai. This section is the Article 14 GDPR notice for people whose data we hold without collecting it from them directly. Because contacting every indexed professional directly would involve a disproportionate effort (Art. 14(5)(b)), we provide this public notice and a self-serve removal tool to ensure transparency.
7. Retention
We keep data only as long as we need it, then delete or anonymise it. In practice:
- Account data — kept while your subscription is active, then deleted within 12 months of cancellation (grace/restore window and dispute resolution).
- Free-trial accounts that don't convert — deleted within 6 months of the trial ending.
- Billing and tax records — 7 years, as required by the Estonian Accounting Act and UK HMRC rules.
- Contract records (DPA, terms acceptance) — 6 years after the relationship ends, in line with the statute of limitations for contractual claims.
- Marketing consent and objection records — 3 years from your last interaction or withdrawal, so we can prove we honoured your choice.
- Security and access logs — 12 months, for incident investigation.
- Backups — daily backups roll off a 30-day cycle.
8. Security
We apply industry-standard technical and organisational measures — EU-hosted infrastructure, encryption in transit and at rest, MFA for staff access, and regular backups. A short security summary lives in Annex 2 of our DPA.
9. Your rights
If you are in the EEA/UK/Switzerland/Canada (or many US states), you can:
- Access, correct, delete, or export your data
- Object to or restrict processing
- Withdraw consent
- Lodge a complaint with your local data-protection authority
The easiest way to exercise these rights is the Remove my data form. You can also email legal@jungler.ai. We acknowledge requests within 3 business days and respond within one month.
10. Children
The Service is not for users under 18. We delete any such data on discovery.
11. Changes
We'll post any changes here and update the "Last updated" date. Material changes may be emailed to registered users.
12. Notice for California residents (CCPA/CPRA)
This section supplements our privacy policy with specific disclosures for California residents.
Collection and Use
In the last 12 months, we have collected the following statutory categories of personal information: identifiers, customer records, commercial information, internet activity, professional information, and inferences. We do not knowingly collect "sensitive personal information" or data from children under 16. We collect this data from you, your use of the Service, public professional platforms, and data partners. We use it to operate our Service, build our B2B index, process payments, and ensure security (as detailed in Section 2).
Selling and Sharing
Under California law, making profiles in our B2B contact index searchable by our paying business customers qualifies as a "sale" and "sharing" of personal information. The CCPA requires us to disclose which categories of personal information this covers; for the index, those categories are identifiers, professional information, internet activity, and inferences — all drawn from public professional sources, not from any Customer Data. We do not sell or share Customer Data (the private data you process in your own workspace) or sensitive personal information.
Your Rights and How to Exercise Them
You have the right to know, delete, and correct your personal information, the right to opt out of its sale or sharing, and the right to non-discrimination for exercising these rights. You may also designate an authorised agent to make requests on your behalf.
To exercise any of these rights, including the right to opt out of our B2B index, please use our data requests form or email legal@jungler.ai. We do not require identity verification for opt-outs. For access, deletion, and correction requests we ask you to confirm details we already hold (for example, an email address or profile URL we can match against our records) so we don't disclose information to the wrong person. We acknowledge requests within 10 business days and respond within 45 days.
This document was last updated on May 19th, 2026.