Terms of Use

Effective date: April 26, 2026

These Terms of Use ("Terms") govern your use of the Outwright platform operated by Outwright ("we," "us," or "our"). By creating an account or using Outwright, you agree to these Terms.

1. Description of Service

Outwright is an AI-powered prospect research and outreach platform designed for finance teams. The platform researches prospects, generates personalized email sequences, monitors market signals, and delivers outreach through email integrations.

2. Account Registration

• You must provide accurate and complete information when creating an account.
• You are responsible for maintaining the security of your account credentials.
• You must be at least 18 years old and authorized to act on behalf of your organization.
• One organization per account. Multi-user access is available on Team and Scale plans.

3. Subscription & Billing

• Free plan: Limited features at no cost, available indefinitely.
• Paid plans: Solo ($99/month), Team ($349/month), Scale ($899/month).
• Free trial: 14-day trial with Solo-tier features and reduced usage limits. No credit card required.
• Billing: Processed by Stripe. All prices in USD.
• Billing intervals: Monthly, Quarterly (10% discount), Annual (20% discount).
• Overages: Paid plans allow usage beyond included limits, billed at published per-unit rates at the end of each billing period.
• Upgrades: Take effect immediately with prorated billing.
• Downgrades: Take effect at the end of your current billing period.
• Cancellation: You retain access through the end of your billing period. No prorated refunds for partial periods.

4. Acceptable Use

You may use Outwright for legitimate business outreach. You agree not to:

• Send unsolicited bulk email (spam) in violation of CAN-SPAM, GDPR, or applicable laws.
• Upload illegal, defamatory, or infringing content.
• Attempt to access other organizations' data or circumvent security measures.
• Reverse-engineer, decompile, or disassemble any part of the platform.
• Use the platform for harassment, fraud, or any unlawful purpose.
• Share account credentials or allow unauthorized access.

We may suspend or terminate accounts that violate these Terms.

5. Intellectual Property

Our platform: Outwright owns the platform, its design, underlying technology, and all related intellectual property.

Your data: You retain ownership of all data you upload (prospect information, documents, writing samples) and all content generated by our AI on your behalf (research profiles, email sequences, outreach drafts).

License to operate: You grant us a limited, non-exclusive license to process your data solely to provide the Outwright service. We do not use your data for any other purpose.

6. AI-Generated Content

• Research profiles and email sequences are generated by AI (Claude by Anthropic) and may contain inaccuracies or omissions.
• You are responsible for reviewing all AI-generated content before sending it to prospects.
• Outwright does not guarantee the accuracy, completeness, or fitness of any AI-generated output.
• You are solely responsible for emails sent from your account to your prospects.

7. BYOK (Bring Your Own Key) Mode

You may provide your own Anthropic and OpenAI API keys on any paid plan. When using BYOK mode:

• You are responsible for your API key usage and any associated costs from Anthropic or OpenAI.
• We encrypt your keys with AES-256-GCM and store them securely.
• We use your keys only to operate the Outwright service on your behalf — never for any other purpose.

8. Data Privacy Commitments

The following commitments apply to all Customer Data, on all plans, in all deployment modes (cloud and Desktop):

• We will never read the contents of your inbox or your deal communications. The Gmail integration uses the compose-only OAuth scope, which is read-incapable by API design. The Outlook integration uses Microsoft Graph and only issues create-draft requests; the application never issues read requests against your mailbox.
• We will never sell, lease, or share Customer Data with third parties for marketing purposes. Customer Data is processed only as necessary to provide the service to you.
• We will never train any model — ours or our subprocessors' — on Customer Data. No fine-tuning, no conditioning, no retention for training purposes.
• We will never use one customer's data to improve another customer's results. The platform's improvement engine, which learns from your team's edits to refine future drafts, is strictly scoped to your organization. Best examples and edit patterns are pulled only from users in your own organization. There is no cross-organization learning, model fine-tuning, or shared training data, anywhere in the platform.
• Multi-tenant isolation is enforced in every database query. Every record is associated with an organization identifier; every query filters by that identifier. One organization cannot see another organization's data, ever.

9. AI Subprocessors

The Service uses the following subprocessors for AI inference and embeddings. By default, these subprocessors are accessed through master API keys held by Outwright. You may optionally provide your own keys (BYOK — see Section 7) for additional control over your subprocessor relationships.

• Anthropic (Claude) — used for research synthesis, sequence generation, signal detection, and AI parsing. Anthropic does not train on API customer data by default. Data Processing Agreement (DPA) available. SOC 2 Type II certified.
• OpenAI — used for embeddings (text-embedding-3-small) and occasional fallback inference. OpenAI does not train on API customer data (default opt-out for the API tier since March 2023). Zero Data Retention available on enterprise tier. SOC 2 Type II certified.
• Google Gemini — used for one-shot CSV/Excel schema detection during file imports. Google does not train on API customer data; submitted content is not used to improve Google products. SOC 2 Type II certified.
• Stripe — used for subscription billing and payment processing. PCI DSS Level 1. Card data never touches Outwright servers. SOC 1 / SOC 2 certified.
• Brave Search — used for outbound web search queries during prospect research, market signal scanning, and AI-assisted enrichment. Search queries are sent without Customer Data identifiers.

The current subprocessor list is also published on our Security & Compliance page. Material changes are communicated to your organization administrator at least 30 days in advance.

10. Support Access Model

The Service does not contain any general-purpose remote access or remote control capability for Outwright support staff. The support model is structured in three tiers, and you control which tier applies to your organization at all times.

10.1 Self-service diagnostics — no access required

You can generate a Diagnostic Report at any time from the Admin → Diagnostics page. The report contains only system configuration, version information, counts, connection status, and usage counters. It explicitly excludes campaign names, prospect data, email content, research content, knowledge base content, API keys, OAuth tokens, and any other sensitive information. You review the full content of the report in your browser before downloading it and choose how to share it with us out-of-band. The Service does not transmit diagnostic reports automatically.

The In-App Troubleshooter on the same page runs eight automated health checks against your system and reports pass / warning / fail status with actionable suggestions. All checks run within your deployment; no data is transmitted externally.

10.2 Configuration & logs viewer — with your explicit, time-limited consent

From Settings → Support Access, your organization administrator can grant Outwright support a 72-hour, read-only view of your organization's configuration, user list, billing summary, AI usage counters, feature flags, error logs, and audit log. This view never includes deal data (campaigns, prospects, research, sequences, email content, knowledge base content), API keys, or OAuth tokens. You can revoke the grant at any time. The grant auto-expires 72 hours after creation. Every access event is logged in your own audit trail and is visible to you in real time on the same page.

10.3 Application data access — only outside MNPI Restricted, only with explicit consent

Application data access ("impersonation") — the ability for Outwright support to log in as one of your users and view your actual application data — is controlled by your organization's Compliance Tier:

• MNPI Restricted (default for every new organization): Application data access is hardcoded blocked at the application layer. Outwright support cannot impersonate your users regardless of any grant or override. This is the safe default for IB / PE / VC / financial advisory firms handling material non-public information.
• Standard: Application data access can be granted for 72 hours at a time from Settings → Support Access. The grant can be revoked at any time. This tier is appropriate for low-regulation customers (marketing, sales, generic B2B) who want hands-on debugging support.

You can change your compliance tier at any time from Settings → Compliance. Tightening (Standard → MNPI Restricted) is instant. Loosening (MNPI Restricted → Standard) requires you to type a 17-word confirmation phrase that explicitly acknowledges the change, and is logged in your audit trail.

10.4 Desktop edition

If you run the Desktop edition of the Service, your data is stored locally on your machine and is physically inaccessible to Outwright support under all circumstances. The compliance tier and support access features described above apply only to the cloud edition.

11. Material Non-Public Information (MNPI)

We acknowledge that customers in regulated financial services may handle MNPI within the Service. We do not collect, view, transmit, train on, or otherwise process MNPI for any purpose other than providing the Service to you. The diagnostic report and configuration viewer features described in Section 10 are explicitly designed to exclude any data that could constitute or reveal MNPI.

For organizations in the default MNPI Restricted tier, application data access by Outwright staff is hardcoded blocked. We cannot view, retrieve, or extract Customer Data from an MNPI Restricted organization regardless of any internal or external request, court order notwithstanding (in which case we would respond per Section 14 below).

12. Data Security & Encryption

• Encryption at rest: All stored API keys, OAuth tokens, and sensitive credentials are encrypted with AES-256-GCM. Encryption keys are managed by Outwright and rotated on a published schedule.
• Encryption in transit: All connections to the Service use TLS 1.2 or higher.
• Multi-tenant isolation: Enforced at the application query layer. Every database query is filtered by organization identifier — not via row-level policy alone.
• Audit log: Every superadmin action and support access event is logged to an immutable audit table. The audit log is visible to your organization administrator in real time.
• Credential hygiene: API keys and OAuth tokens are never logged, never exposed in client-side code, and never echoed to error tracking systems.
• Per-organization rate limiting: No shared rate buckets across organizations. One firm's usage cannot affect another firm's quota or performance.
• Data deletion: Upon subscription cancellation, you have a 30-day window to export your data. After that, all Customer Data is permanently deleted from our systems. We do not retain copies, summaries, or derivative data for our own use beyond the deletion window.

For a full security and compliance overview, including our subprocessor inventory and the Vendor Risk Review pack, see our Security & Compliance page.

13. Limitation of Liability

The Outwright platform is provided "as is" without warranties of any kind, express or implied. To the maximum extent permitted by law:

• We are not liable for lost deals, missed opportunities, or business outcomes resulting from use of the platform.
• We are not liable for inaccurate or incomplete AI-generated content.
• We are not liable for email delivery failures, third-party service outages, or data loss beyond our reasonable control.
• Our total liability is limited to the amount you paid us in the 12 months preceding the claim.

14. Termination & Legal Process

• You may cancel your subscription at any time from your account settings or by contacting us.
• We may terminate accounts that violate these Terms, with reasonable notice where possible.
• Upon termination, your access is revoked. Your data is retained for 30 days and then permanently deleted.
• If we receive a valid legal request (subpoena, warrant, court order) compelling disclosure of Customer Data, we will, where permitted by law, notify you before responding so that you have the opportunity to contest the request.

15. Governing Law

These Terms are governed by the laws of the State of California, United States. Any disputes arising from these Terms shall be resolved in the courts of Los Angeles County, California.

16. Changes to These Terms

We may update these Terms from time to time. Changes will be posted on this page with an updated effective date. Material changes will be communicated to your organization administrator at least 30 days in advance. Continued use of Outwright after changes constitutes acceptance of the revised Terms.

17. Contact

Questions about these Terms? Contact us:

Email: ellie@outwright.ai
Phone: +1 (323) 766-6647
Address: 3438 Troy Dr, Los Angeles, CA 90068