Matchlogic.io ("Matchlogic," "we," "us," or "our") is committed to protecting the privacy and security of personal data processed through our enterprise data matching and deduplication platform. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website, use our SaaS platform, or engage with our services.
This policy is designed for B2B enterprise clients and complies with applicable data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy frameworks.
Data Controller:
Matchlogic.io
matchlogic mdm, Inc.
Suite 81465 1111B S Governors Ave Dover, DE, 19904 US
Data Protection Contact:
Email: info@matchlogic.io
Response Time: Within 30 days for data subject requests
This Privacy Policy applies to:
• Visitors to the Matchlogic.io website
• Registered enterprise users of the Matchlogic platform
• Authorized administrators and end-users within client organizations
• Prospective clients who submit inquiries or request demonstrations
Note: Matchlogic processes data primarily as a data processor on behalf of our enterprise clients, who act as data controllers for their own data sets. This policy covers Matchlogic's role as both controller (for our own website/platform data) and processor (for client data).
• Business contact information (name, business email, phone number, job title)
• Company name, industry, and size
• Billing and payment information
• Account credentials and authentication data
• Log-in timestamps and session duration
• Feature usage and interaction patterns
• Configuration settings and workflow preferences
• API call logs and integration metadata
• IP addresses (anonymized where possible for analytics)
• Browser type, device information, and operating system
• Cookie identifiers and tracking pixels (with consent where required)
• Error logs and diagnostic information
Matchlogic's core service involves processing client-owned data sets for matching, deduplication, and data quality enhancement. This may include:
• Customer databases provided by clients for processing
• Third-party data sets integrated via API or file upload
• Output data generated from matching algorithms
Important: Matchlogic does not claim ownership of client data. Processing is strictly limited to the purposes defined in our Data Processing Agreements (DPAs).
B2B Legitimate Interest Notice: For initial business outreach to relevant professional contacts, we rely on legitimate interest under GDPR Article 6(1)(f), provided the communication is strictly related to the recipient's professional role. We provide immediate opt-out mechanisms and honor unsubscribe requests within two business days.
When clients upload data to the Matchlogic platform for matching and deduplication services, Matchlogic acts as a data processor. We process client data solely according to documented instructions and maintain strict purpose limitation.
We engage the following categories of subprocessors to deliver our services:
All subprocessors are bound by Data Processing Agreements (DPAs) that meet or exceed GDPR Article 28 requirements. We maintain an up-to-date subprocessor list available upon request and notify clients of any changes with 30 days' advance notice.
Matchlogic implements enterprise-grade security controls aligned with SOC 2 Type II and ISO 27001 standards:
• Encryption at rest: AES-256 encryption for all stored data
• Encryption in transit: TLS 1.3 for all data transmission
• Access controls: Role-based access control (RBAC) with multi-factor authentication (MFA)
• Network security: VPC isolation, DDoS protection, Web Application Firewall (WAF)
• Key management: Hardware Security Module (HSM) backed key rotation every 6 months
• Annual security awareness training for all personnel
• Background checks for employees with data access
• Incident response plan with 24/7 monitoring and automated alerting
• Regular penetration testing and vulnerability assessments
• Business continuity and disaster recovery procedures
• Data minimization: Client data is processed only for the specific matching workflow requested
• Temporary processing: Where possible, data is processed ephemerally and not retained beyond the output delivery window
• Output isolation: Matched results are returned only to the authorized client account
• Audit trails: Complete logs of all data access and processing operations for compliance verification
Client Data Deletion: Upon contract termination or client request, all client data is deleted within 30 days using NIST 800-88 compliant sanitization methods. Clients may request immediate deletion via privacy@matchlogic.io.
Under applicable privacy laws, individuals have the following rights regarding their personal data:
• Right to Access: Request a copy of personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restriction: Request limitation of processing in specific circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (Matchlogic does not sell personal data)
• Right to Non-Discrimination: No discriminatory treatment for exercising privacy rights
Submit requests via:
• Email: privacy@matchlogic.io
• Portal: [Insert Data Subject Request Portal URL]
• Mail: [Insert Physical Address]
Verification: We verify identity before processing requests to prevent unauthorized access. Enterprise users will be verified through their organization's designated administrator.
Response Time: We respond to all verified requests within 30 days as required by GDPR and other applicable regulations.
Matchlogic operates globally and may transfer data across borders. We ensure all international transfers comply with applicable data protection laws:
• EU-US Data Transfers: We utilize Standard Contractual Clauses (SCCs) with additional technical safeguards for transfers from the European Economic Area (EEA) to the United States
• UK Transfers: UK Addendum to EU SCCs for transfers from the United Kingdom
• Other Jurisdictions: Adequacy decisions, SCCs, or other approved transfer mechanisms as required by local law
Data Residency: Enterprise clients may request data residency in specific geographic regions (EU, US, Asia-Pacific) to meet regulatory requirements.
Our website uses cookies and similar technologies for:
• Strictly Necessary: Authentication, security, fraud prevention
• Functional: Language preferences, session management
• Analytics: Anonymous usage statistics (with consent where required)
• Marketing: Conversion tracking and campaign measurement (with explicit consent)
For B2B visitors, we implement a consent management platform that:
• Displays granular cookie choices before non-essential cookies are set
• Provides clear explanations of each cookie category
• Honors "Do Not Track" signals where legally required
• Maintains audit logs of consent decisions for compliance verification
Analytics Approach: We prioritize privacy-friendly, cookieless analytics where possible and anonymize IP addresses for standard analytics processing.
Matchlogic's services are intended for business use only and are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.
In the event of a personal data breach, Matchlogic will:
• Notify affected clients without undue delay and within 72 hours of becoming aware of the breach (per GDPR requirements)
• Provide details of the breach, likely consequences, and measures taken
• Cooperate with clients to notify data subjects where required by law
• Maintain incident documentation for regulatory review
We review this Privacy Policy regularly and update it to reflect changes in our practices, technology, or legal requirements:
• Material changes: We notify clients via email and platform notifications at least 30 days before changes take effect
• Version control: All policy versions are archived with effective dates
• Current version: Always available at matchlogic.io/privacy
For privacy-related inquiries, data subject requests, or compliance questions:
Privacy Team:
Email: info@matchlogic.io
Address: Suite 81465 1111B S Governors Ave Dover, DE, 19904 US
This Privacy Policy is governed by the laws of [Insert Jurisdiction]. Any disputes arising from this policy shall be resolved in the courts of [Insert Jurisdiction], without prejudice to data subjects' rights to bring complaints before their local data protection authority.
By using the Matchlogic platform or website, you acknowledge that you have read and understood this Privacy Policy.
.svg)
