Effective date: June 23, 2026
This Privacy Policy explains how SPEEDER.AI, operated by Reflective Investments L.L.C-FZ, a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates (License No. 2418796.01) ("Speeder", "we", "us"), collects, uses, stores, and shares personal information. For the purposes of applicable data protection law (including the EU General Data Protection Regulation, "GDPR", and the UK GDPR), we are the data controller for the personal data described below.
Speeder is a lead-generation tool for domain investors: for the domains a seller lists, we identify companies likely to want them and send cold outreach on the seller's behalf. So this policy covers two groups: (A) our users (domain sellers and their team members) and (B) potential buyers — the business contacts we identify from public sources and email on a seller's behalf. Section 5 is addressed specifically to group B.
Account information: email, name, profile fields, timezone, and authentication metadata (via Supabase Auth).
Usage information: product actions, outreach and campaign settings, activity logs, diagnostic events, pages visited, searches, and feature interactions.
Listing information: the domains you list, asking prices, and listing copy.
Communication data: support messages, replies routed to you, and related metadata.
Billing data: saved payment-method identifiers (stored by Stripe; we do not store full card numbers), credit and subscription transaction records, and balance status.
Device/network data: IP address, user agent, browser and OS, referral URLs, and session/cookie identifiers.
To find buyers for a seller's domains, we collect limited business-contact information about companies and the people who represent them, drawn from public and publicly available sources, including:
SEC filings (such as Form D), trademark filings (such as USPTO records), domain registration (WHOIS) records, company websites, and web/news search results.
The data we collect is typically a company name and website, a business email address or contact, a role or title, and the public signal that suggested the company might want a particular domain (for example a recent funding filing or a trademark application). We do not seek out special-category data.
Provide and secure the Service, including authentication, account management, and billing.
Identify and prioritize potential buyers for your listed domains and surface demand signals.
Draft outreach and listing copy using AI, and send cold outreach email (with rate-limited follow-ups) on a seller's behalf until a recipient replies or unsubscribes.
Route replies and qualified leads to the relevant seller.
Maintain suppression/unsubscribe lists so opted-out recipients are not contacted again.
Monitor quality, prevent abuse and spam, investigate incidents, protect deliverability, and improve reliability.
Send service notices and product communications to users.
Contract: to provide the Service to our users (Group A) and process their billing.
Legitimate interests: to identify and contact potential buyers (Group B) for relevant domains by business-to-business email — a limited, targeted, B2B prospecting interest balanced against recipients' rights — and to keep the Service secure and improve it. You can object at any time (see Sections 5 and 9).
Consent: for non-essential cookies and analytics/marketing trackers (see Section 7 and our Cookie Policy).
Legal obligation: where we must process data to comply with the law.
If you received a cold outreach email through Speeder, here is how your data is handled. We obtained your business-contact details from the public sources listed in Section 2. We process them on the basis of our and the seller's legitimate interest in offering you a domain name that a public signal suggested may be relevant to your business. The seller on whose behalf you were contacted is identified in the email; once you reply, the seller (not Speeder) handles the conversation as an independent controller.
You have the right to object to this processing and to be removed at any time — every email contains a one-click unsubscribe, which stops all further contact and adds you to our suppression list. You may also access, correct, or request erasure of your data, or object, by emailing privacy@speeder.ai, and you may complain to a supervisory authority. We retain only what is needed to honor your opt-out and to avoid re-contacting you.
We share data with the service providers that help us run Speeder. We do not sell personal data. We may also disclose data where required by law, to enforce our Terms, or to protect rights and safety. Our current sub-processors are:
Supabase — database and authentication. Our database is hosted in the EU (eu-west-1).
Railway — application hosting and infrastructure.
Stripe — payment processing for credits and subscriptions. We do not store card numbers.
Resend — delivery of transactional email and (for some accounts) outreach email.
Smartlead — delivery of cold-outreach email via our sender fleet.
Anthropic — AI model provider used to draft outreach/listing copy and score buyer signals (via the Claude API).
Brave Search / Serper — web search used to research potential buyers.
APIFlash — generates preview screenshots of listings.
Google Analytics (GA4), Meta Pixel, and TikTok Pixel — website analytics and marketing measurement, loaded only with your consent (see Section 7).
A current sub-processor list and a Data Processing Agreement are available to business customers on request at privacy@speeder.ai.
Essential cookies: Supabase Auth session cookies required for sign-in and account security. These are always on.
Analytics and marketing: we use Google Analytics (GA4), the Meta Pixel, and the TikTok Pixel to measure site usage and the effectiveness of our marketing. These set non-essential cookies and are loaded only after you consent where consent is required (for example for EU/UK/EEA visitors). You can change your choice at any time. See our Cookie Policy for the full list and how to manage it.
We keep user account and operational records for as long as needed to provide the Service. If you delete your account, we apply a soft-delete period of up to 30 days before permanent deletion, unless longer retention is required by law or for legitimate security/accounting needs.
For potential-buyer data (Group B): we retain a contacted record and the information needed to honor opt-outs and avoid re-contacting; if you unsubscribe, we keep only the minimum needed to keep you suppressed. We may retain de-identified or aggregated data that does not identify anyone.
Users can access and update profile information in settings, request account deletion, disconnect integrations, turn outreach off at any time, and unsubscribe from non-essential emails. To make a privacy request, contact privacy@speeder.ai.
EU/UK/EEA (GDPR): you have the rights of access, rectification, erasure, restriction, data portability, objection (including to direct marketing and to legitimate-interests processing), and withdrawal of consent, and the right to lodge a complaint with a supervisory authority (a list is at edpb.europa.eu). We respond within 30 days (or the period required by law) and may verify your identity first.
We use AI and automated scoring to prioritize which potential buyers to contact and to draft outreach. This does not produce legal or similarly significant effects on individuals, and outreach is reviewable and can be turned off by the user. If you believe an automated process has significantly affected you, you may request human review at privacy@speeder.ai.
We do not use your personal data or content to train or fine-tune AI foundation models. Prompts and outputs processed through third-party AI providers (such as Anthropic) are subject to those providers' data-processing terms, and we select providers whose API terms prohibit training on customer data. We may use de-identified, aggregated usage data to improve the platform; this does not identify you.
If you are a resident of a US state with applicable privacy legislation (including California under the CCPA/CPRA, plus Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and others), you may have the right to know, access, correct, and delete your personal information, to opt out of any sale or sharing, and to non-discrimination. We do not sell personal information. The analytics/marketing trackers in Section 7 are consent-gated and used only to measure our own marketing. To exercise your rights, contact privacy@speeder.ai; we respond within the timeframes required by law (typically 45 days under CCPA/CPRA).
Speeder is operated from the United Arab Emirates, our database is hosted in the EU, and our service providers (Section 6) may process data in the EU, the United States, and other jurisdictions. For transfers of personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses and contractual commitments from our providers.
In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware (GDPR Art. 33), and affected individuals without undue delay where the risk is high (Art. 34). If you believe your data has been compromised, contact privacy@speeder.ai immediately.
Speeder is not intended for individuals under 18, and we do not knowingly collect data from children. If we learn that a child under 18 has provided us with personal data, we will delete it promptly.
We may update this Privacy Policy. The effective date above indicates the current version. We will notify users of material changes by email or a prominent notice on the Service at least 14 days before they take effect.
Reflective Investments L.L.C-FZ
Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
Privacy inquiries: privacy@speeder.ai
General support: support@speeder.ai
Policy version: 2026-06-23