Privacy Policy

Carousel Labs, Inc. (operator of the Channl platform: "Channl," "we," "us," or "our")

Effective Date: May 19, 2026 Last Updated: May 19, 2026 Classification: Public. Published at https://channl.ai/privacy

Reading guide. This Privacy Policy describes how we collect and process personal information. It is one part of a layered set of customer-facing documents. Defined commercial terms, warranty disclaimers, liability limits, indemnities, and dispute-resolution provisions are set out in the Terms of Service available at https://channl.ai/terms and, for customers, in a Data Processing Addendum ("DPA") available at https://channl.ai/dpa. This Privacy Policy is not a contract and does not modify the Terms of Service.

Pre-General-Availability note. This Policy describes how the Channl Service will operate at General Availability. Today, channl.ai operates the marketing website, the prospect-facing forms set out in §2.1, and the limited automatic collection set out in §2.2. Customer Data flows (Customer content, customer-authorized integrations, AI-assisted features) apply once a customer is onboarded.

1. Introduction

Carousel Labs, Inc., a Delaware corporation, operates the Channl platform at https://channl.ai (the "Service"), a business-to-business commercial-intelligence platform that uses AI to surface signals and map relationships across the systems revenue teams already run.

This Policy applies to information we collect through:

the Channl websites and applications
Channl APIs, integrations, and supporting services
communications between Channl and customers, prospects, partners, and visitors

By using the Service or providing personal information to us, you acknowledge that you have read and understood this Policy. If you do not agree, you must not use the Service.

2. Information We Collect

2.1 Information you provide

Identity and account data: name, work email address, employer, job title, profile photo (if shared by your identity provider).
Authentication artifacts: session identifiers and tokens issued by your identity provider. We do not collect or store user passwords for the Service.
Billing and commercial data: subscription tier, billing contact, and limited payment metadata (card brand, last four digits, expiration, and tokens issued by our payment processor). Full payment-card numbers are collected and held by our payment processor, not by Channl.
Customer content: business records, files, documents, and configuration you submit to the Service, including company, partner, contact, deal, and campaign data.
Customer-provided third-party credentials: API keys, OAuth tokens, session cookies, and similar credentials that you choose to connect to the Service under a "Bring Your Own API" or "Connect an Account" feature.
Communications: messages, support tickets, sales-call notes, feedback, and survey responses.

2.2 Information collected automatically

When you interact with the Service we and our service providers collect:

usage and feature-interaction telemetry
device and connection signals (such as IP address, user agent, operating system, language, time zone, and referring URL)
application and access logs
cookies and similar storage technologies (see §10.2)

2.3 Information from third parties

Identity providers: when you sign in via a federated identity provider, we receive the profile attributes you have authorized that provider to share.
Payment processor: transaction status, dispute and refund events, and fraud signals.
Business-data sources: firmographic, news, event, and public-profile information that we obtain from third-party data providers and publicly available sources to support partner-research features that you instruct us to perform.
Customer organizations: when an organization administrator invites you, we receive your name, email, role, and any context they choose to provide.

We do not purchase consumer marketing lists.

2.4 Information we do not collect

We do not knowingly collect special categories of personal data (such as race, ethnicity, religion, political opinions, trade-union membership, health, biometric, genetic, or sex-life data) and we ask that you not submit such data to the Service.

3. How We Use Your Information

We use personal information to:

Provide and operate the Service

authenticate users and maintain sessions
process the inputs you submit and return outputs, including AI-assisted outputs
run the partner-research, outreach, scoring, and reporting workflows you configure
provide customer support

Secure, monitor, and improve the Service

detect, investigate, and prevent fraud, abuse, security incidents, and policy violations
monitor performance, reliability, and error rates
develop new features and improve existing functionality, using aggregated or de-identified data wherever practical

Operate the business

process subscriptions and payments
send transactional and administrative messages (security alerts, billing notices, service announcements)
send marketing communications with your consent or where permitted by law

Comply and protect

comply with applicable law, regulation, subpoena, court order, and other legal process
enforce the Terms of Service, including investigating violations
establish, exercise, or defend legal claims
protect the rights, property, and safety of Channl, our customers, our personnel, and the public

3.1 Legal bases (GDPR / UK GDPR)

Where European or UK data-protection law applies, we rely on the following legal bases:

Purpose	Legal basis
Providing the Service under a contract	Performance of a contract (Art. 6(1)(b))
Security, fraud prevention, abuse detection, product improvement, business operations	Legitimate interests (Art. 6(1)(f))
Prospect marketing where no contract exists	Consent (Art. 6(1)(a))
Tax, accounting, legal hold, regulatory response	Legal obligation (Art. 6(1)(c))

You may object to processing based on legitimate interests as described in §7. We will assess such objections and, where required by law, cease the processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.

3.2 Automated processing and human review

We use automated processing to score, rank, sort, summarize, and prioritize records for our customers based on the criteria they configure; to detect anomalous account behavior, payment fraud, and abuse; and to enforce API rate limits and quotas. These systems do not, by themselves, make decisions that produce legal or similarly significant effects on natural persons.

If an automated decision restricts your account, payments, or access to the Service, you may request human review by emailing legal@channl.ai with the subject line "Automated Decision Appeal." We respond within thirty (30) days.

3.3 De-identified and aggregated data

We may derive de-identified, aggregated, or anonymized data from information collected through the Service and use that data for any lawful business purpose, including analytics, benchmarking, security research, and product development. We maintain de-identified data in a form that cannot reasonably be linked back to an individual, do not attempt to re-identify it, and contractually prohibit recipients from doing so.

4. How We Share Your Information

We do not sell your personal information. We do not engage in cross-context behavioral advertising. We share personal information only as follows.

4.1 Service providers (sub-processors)

We use a curated set of third-party service providers to operate the Service. These providers process personal data only on our documented instructions and are bound by written contracts requiring them to (a) limit use to the services they provide to us, (b) maintain confidentiality, (c) implement appropriate technical and organizational security measures, and (d) assist us with data-subject rights and incident response.

The categories of sub-processors we use, including purpose and data processed, are published at https://channl.ai/security/subprocessors and reviewed at least annually. Current categories include:

application hosting and edge network
managed databases (relational, document, vector, graph)
caching, rate limiting, and job queueing
error and exception monitoring
product and performance analytics
third-party generative-AI and embedding services
payment processing
transactional email delivery
newsletter delivery
customer-authorized email integrations
public-data collection infrastructure used to research publicly available information

The current named list of specific vendors within each category, including processing location, contract dates, and links to each vendor's DPA, is made available to customers and prospective customers under non-disclosure agreement. When we engage a new sub-processor that processes customer personal data, we update the published categories list and provide customers with prior notice through the channel set out in the DPA, with an opportunity to object on legitimate data-protection grounds.

4.2 Partner-collaboration features

When you use Channl's partner-collaboration features, data you designate is shared with the business partners you select. You are responsible for ensuring you have all necessary rights, consents, and lawful bases to share that data, and for complying with applicable laws and your own privacy commitments to data subjects.

4.3 Legal process and safety

We may disclose information when we believe, in good faith, that disclosure is necessary to (a) comply with law, subpoena, court order, or lawful government request, (b) cooperate with regulators or law enforcement, (c) establish, exercise, or defend legal claims, (d) detect, prevent, or address fraud, security, or technical issues, or (e) protect the rights, property, or safety of Channl, our customers, or others. Where lawful, we will provide affected customers with prior notice.

4.4 Corporate transactions

If Channl or Carousel Labs, Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring or successor entity, subject to the protections of this Policy or a subsequent notice.

4.5 At your direction or with consent

We share information with other parties when you direct us to or otherwise consent.

5. Data Retention

We retain personal information only for as long as needed to fulfill the purposes described in this Policy, to comply with our legal, accounting, or reporting obligations, to resolve disputes, and to enforce our agreements.

We determine retention periods based on (a) the nature, sensitivity, and volume of the data, (b) the purposes for which we process it, (c) applicable legal-retention requirements (including tax, anti-fraud, and anti-money-laundering rules), and (d) whether we can achieve those purposes by other means. Indicative periods are set out in our DPA. Customer content is deleted or returned within a commercially reasonable period following confirmed account termination, subject to legal-hold and security-investigation exceptions.

Backups are retained on rotating schedules and overwritten in the ordinary course. Personal data persisting only in backups is isolated from active processing and deleted on rotation.

We may retain de-identified or aggregated data indefinitely.

6. Data Security

6.1 Technical measures

All connections to Channl websites and applications are protected by Transport Layer Security (TLS 1.2 or higher) with HSTS.
Customer data is stored on infrastructure that encrypts data at rest using AES-256 or an equivalent industry-standard cipher.
Production systems enforce role-based access control with least-privilege defaults, and access is logged.
Sub-processors provide network controls including DDoS protection, web application firewall, and isolated network boundaries.
We follow a secure software-development lifecycle including code review, automated security tests, dependency scanning, and CI gates.

6.2 Authentication

Channl does not collect or store user passwords for the Service. Sign-in is performed through a federated identity provider or through a short-lived single-use link issued to the email address you provide. Tokens for customer-authorized third-party integrations are stored encrypted at rest.

6.3 Organizational measures

Confidentiality and acceptable-use obligations in all personnel and contractor agreements
Background-check requirement for personnel with production access, subject to applicable law
Mandatory annual security and privacy training
Documented incident-response procedures with defined escalation, customer-notification, and post-incident-review steps

6.4 Compliance program

Channl maintains a documented information security program and is currently undergoing an independent SOC 2 audit. Reports will be made available to customers and prospective customers under non-disclosure agreement when issued. Current trust-program status is published at https://channl.ai/security. We make our security overview, DPA, and other diligence materials available to customers and prospective customers under non-disclosure agreement through https://channl.ai/dpa.

6.5 Limits

No system, product, or transmission can be guaranteed perfectly secure. You are responsible for safeguarding your own credentials, identity-provider account, and devices used to access the Service. Notify us promptly at security@channl.ai if you suspect unauthorized access. Channl's security commitments and remedies in the event of a security incident are set out in the Terms of Service and DPA.

7. Your Privacy Rights

7.1 Rights overview

Depending on where you live, you may have rights to: access; correct; delete; receive a portable copy of; restrict or object to certain processing of; appeal a decision concerning; or withdraw consent to processing of your personal information. Where applicable, you also have the right to opt out of "sale" or "sharing," to limit the use of sensitive personal information, and to lodge a complaint with your supervisory authority.

We do not engage in conduct that requires a "sale" or "cross-context behavioral advertising" opt-out under U.S. state laws, but we honor opt-out signals (including Global Privacy Control) we receive from California browsers as opt-outs of any conduct that could be considered "sharing" under CPRA.

7.2 Submitting a request

Email legal@channl.ai with the subject line "Privacy Rights Request" and provide enough information for us to verify your identity and locate your data. For customers, requests may also be initiated through your account administrator. Where you submit a request through an authorized agent, we will require proof of authorization (such as a signed permission or power of attorney) and verification of your identity.

We respond:

within thirty (30) days for GDPR / UK GDPR requests, extendable by sixty (60) days for complex or numerous requests with notice
within forty-five (45) days for U.S. state-law requests, extendable as permitted by each statute
within reasonable time frames where no statutory deadline applies

7.3 Verification and limits

Before fulfilling a request we may require additional information to confirm your identity and your right to make the request. We may decline or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive (GDPR Art. 12(5); similar provisions exist under U.S. state law). We may also retain personal information where retention is required or permitted by law (including for tax, fraud-prevention, security, dispute-resolution, legal-hold, or contract-performance purposes).

7.4 Rights of customer end-users

If you are an employee or representative of a Channl customer and your personal information is processed in connection with that customer's use of the Service, the customer is the controller of your personal information. Direct rights requests to your organization in the first instance. Channl will assist that customer in responding to your request as required by the DPA.

7.5 California disclosures

In the prior twelve (12) months we have collected the following categories of personal information from California residents from the sources described in §2: identifiers; commercial information; internet or other electronic network activity; professional or employment-related information; geolocation (general, IP-derived); and inferences drawn from the foregoing to enable the partner-research features our customers configure. We use this information for the purposes set out in §3 and disclose it for those purposes to the categories of recipients described in §4.

We do not sell personal information. To the extent any sharing with our analytics service provider could be construed as "sharing" under CPRA, you may opt out by emailing legal@channl.ai with "CCPA Opt-Out" in the subject line or by rejecting non-essential cookies in our cookie banner. Sensitive personal information is used only for the purposes permitted by CPRA § 7027(m).

7.6 EU/EEA, UK, and Swiss residents

You may lodge a complaint with your local supervisory authority. We will respond constructively to inquiries before any escalation.

8. International Data Transfers

Channl is established in the United States and our service providers are primarily located in the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States and other jurisdictions in which our service providers operate. These jurisdictions may have data-protection laws that differ from the laws of your country.

Where we transfer personal data subject to GDPR, UK GDPR, or the Swiss FADP to a third country that has not received an adequacy determination, we rely on appropriate transfer mechanisms, including:

the European Commission's Standard Contractual Clauses (Module 2 or Module 3, as applicable)
the UK Information Commissioner's Office International Data Transfer Addendum or International Data Transfer Agreement
the Swiss FDPIC-approved version of the Standard Contractual Clauses
supplementary technical and organizational measures, including encryption, access controls, and pseudonymization where appropriate

To request a copy of the transfer mechanism we rely on for a specific data flow, contact legal@channl.ai.

9. Children's Privacy

The Service is intended exclusively for business use and is not directed to anyone under eighteen (18) years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact legal@channl.ai and we will take appropriate steps to delete it.

10. Marketing and Cookies

10.1 Marketing communications

We may send marketing communications about product news, features, events, and offers. You can opt out at any time by following the unsubscribe instructions in any marketing email or by emailing legal@channl.ai with "Unsubscribe" in the subject line. Opting out of marketing does not affect transactional and administrative communications (such as billing and security notices), which are sent in connection with our agreement with you.

10.2 Cookies and similar technologies

We use cookies and similar storage technologies in the following categories:

Category	Purpose
Strictly necessary	Authentication, session integrity, and security
Functional	Preference and locale storage
Performance and analytics	Aggregated usage and performance measurement
Error tracking	Detection and diagnosis of application errors

We do not load advertising pixels and we do not use cookies for cross-context behavioral advertising. Where required by law (including the EU, EEA, UK, and Switzerland), we present a cookie consent banner on first visit that lets you accept or reject non-essential cookies. You can also control cookies through your browser settings. Disabling cookies may limit functionality.

11. AI and Automated Processing: Notice and Limits

11.1 Use of AI in the Service

The Service uses generative-AI and machine-learning techniques to assist customers with research, drafting, scoring, summarization, classification, and search. AI features are delivered using a combination of established third-party model providers under contractual data-processing agreements and proprietary application logic. The specific identity, version, and configuration of any model or vendor may change over time. Channl reserves the right to substitute, add, or remove AI providers and models without notice provided the substitution does not materially diminish the privacy or security protections described in this Policy or in the DPA.

The current list of AI sub-processors is included in the sub-processor annex available on request as described in §4.1.

11.2 Customer data and model training

Channl does not train, fine-tune, or develop foundation models. Channl does not use customer content to train, fine-tune, or improve any AI model, in any tier, ever. Inputs and outputs are processed only to deliver the requested features. We require each AI sub-processor to contractually agree not to use Channl customer inputs or outputs to train that vendor's general-purpose models.

We may use de-identified or aggregated usage metadata (for example, anonymous counts of feature invocations and latency measurements) to monitor and improve the Service.

11.3 AI output disclaimer (notice)

Outputs generated by AI features may be inaccurate, incomplete, biased, or out-of-date. Outputs are not unique to any user; multiple users may receive similar outputs for similar prompts. You are responsible for reviewing, verifying, and exercising independent judgment about any AI-generated output before relying on or acting on it. Channl does not warrant the accuracy of AI outputs, and the warranty, liability, and indemnity provisions of the Terms of Service govern any claims related to AI outputs.

11.4 No solely-automated significant decisions

The Service does not make decisions about natural persons based solely on automated processing that produce legal or similarly significant effects without offering a meaningful human-review path. See §3.2.

12. Links and Integrations

The Service may include links to or integrations with third-party websites and services. Channl is not responsible for the privacy practices, content, security, or accuracy of any third-party service. Your use of a third-party service is governed by that service's own terms and privacy policy.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes we will (a) update the "Last Updated" date, (b) notify customer-account administrators by email or in-product notice, and (c) post a prominent notice in the Service. We will provide at least thirty (30) days' notice for material changes unless a shorter period is required by law.

Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the updated Policy. If you do not agree, you may terminate your account in accordance with the Terms of Service. Continued use following lawful notice is your acknowledgment that you have had the opportunity to review and either accept or decline the updated Policy.

14. Reservation of Rights; Survival; Severability

Nothing in this Policy waives, limits, or modifies any of Channl's rights, defenses, or remedies under law or under any agreement with you. Provisions of this Policy that by their nature should survive termination of your relationship with Channl (including §§ 3, 4, 5, 6, 7, 8, 11.2, 11.3, 13, 14, and 15) will survive. If any provision of this Policy is held invalid or unenforceable, that provision will be severed and the remaining provisions will continue in full force and effect.

This Policy is provided in the English language. Where a translation is offered for convenience and a conflict arises, the English version controls. This Policy is governed by, and will be construed under, the laws of the State of Delaware and the United States of America, without regard to conflict-of-law principles, except where mandatory local privacy law requires otherwise.

15. Contact

Privacy inquiries and rights requests: legal@channl.ai Security incident reports: security@channl.ai General questions: hello@channl.ai

Mailing address

Carousel Labs, Inc. Attn: Privacy / Legal 251 Little Falls Drive Wilmington, New Castle County, DE 19808 United States

EU/UK matters. An EU Article 27 representative will be appointed prior to material processing of EU resident personal data outside of a controller-relationship. Until then, EU, EEA, UK, and Swiss residents may contact us at legal@channl.ai; we respond to all rights requests within the statutory deadlines.

← Back to home