GDPR Compliance
Last Updated: December 30, 2025
Summary: We are committed to protecting the privacy rights of users in the European Union and EEA. We follow GDPR principles through data minimization, transparency, purpose limitation, storage limitation, and respect for user rights.
We operate two services:
- Found Opportunity ("FO"): scans spam/junk folders to identify misfiled business opportunities.
- OWL ("On-call Watch List"): checks newly received Inbox messages against your VIP rules and sends alerts for matches.
FO and OWL are referred to collectively as the "Services." Where a clause applies to only one Service, we label it FO only or OWL only.
1. Our Role Under GDPR
For the Services, we generally act as a Data Processor when handling email data on behalf of users (who are Data Controllers). We process personal data only as instructed by you and only to provide the Services.
2. Legal Basis for Processing
We process personal data under the following lawful bases (as applicable):
- Contract Performance (Article 6(1)(b)): processing is necessary to deliver the Services you requested.
- Consent (Article 6(1)(a)): you explicitly authorize email access via OAuth.
- Legitimate Interest (Article 6(1)(f)): ensuring reliable service operation, security, and abuse prevention.
Service-specific context:
- FO only Legitimate interest includes scanning spam/junk folders to surface misfiled opportunities.
- OWL only Legitimate interest includes reliable alert delivery, deduplication, and security controls.
3. GDPR Principles We Follow
3.1 Data Minimization
We collect and process only the minimum data needed:
- FO only Spam/junk emails only (subject, sender, ~300-character preview, timestamps, technical identifiers). We do not store full email bodies or attachments.
- OWL only Newly received Inbox emails only (sender/recipients as needed, subject, timestamps, thread identifiers, technical identifiers, and limited body content needed for rule evaluation and Alert Details for matches up to 10,000 characters). We do not store attachments.
3.2 Purpose Limitation
Data is used exclusively to provide the Services:
- FO only Identify and present misfiled opportunities from spam/junk folders.
- OWL only Evaluate VIP rules on newly received Inbox messages and deliver alerts for matches.
We do not sell your data or use it for advertising.
3.3 Storage Limitation
- FO only Opportunity records auto-delete after 7 days.
- OWL only Alert records (including Alert Details content for matches) auto-delete after 7 days.
- Both Account and configuration data (e.g., connected-account identifiers, FO settings, OWL rules) are retained while your account is active and are deleted when you delete your account, subject to backup rotation.
3.4 Accuracy
You can review, correct, and update settings and rules at any time. If you believe a record is inaccurate, you can request correction or deletion.
3.5 Integrity and Confidentiality
We maintain safeguards designed to protect data, including encryption in transit, access controls, and security monitoring.
4. Your Rights Under GDPR
As an EU/EEA data subject, you have rights including:
- access
- rectification
- erasure
- restriction
- portability
- objection
- withdrawal of consent (where applicable)
How to Exercise Your Rights
Email privacy@foundopportunity.com with:
- your account email
- the right you wish to exercise
- details to help us fulfill the request
We will respond within the timeframe required by GDPR.
5. Data Transfers Outside the EU
We are based in the United States. When you use the Services, your data may be transferred to and processed in the US. We use appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) where required.
6. Data Breach Notification
In the unlikely event of a breach affecting your personal data, we will notify you without undue delay and, where applicable, within 72 hours of discovery and provide available details and remediation steps.
7. Automated Decision-Making
- FO only FO uses AI-assisted analysis to help identify potential opportunities in spam/junk folders. No automated decision is made that legally or significantly affects you without human review; you control whether to act.
- OWL only OWL performs rule-based matching based on rules you configure. You control rule definitions and whether to act on alerts.
8. Children's Privacy
The Services are not intended for individuals under 16 in the EU/EEA. We do not knowingly collect data from children.
9. Supervisory Authority
If you are located in the EU/EEA and believe we are not complying with GDPR, you have the right to lodge a complaint with your local supervisory authority.
10. Contact
Email: privacy@foundopportunity.com
Address: Found Opportunity, PO Box 727, Wainscott, NY 11975
Questions about our GDPR compliance? Email us at privacy@foundopportunity.com and we'll respond within 2 business days.