top of page
Sora (3).png
Sora (3).png

Imprint &
Privacy Policy

Sherloq GmbH
Bindingstr. 9
60598 Frankfurt/ Main
GERMANY

E-Mail: support@gosherloq.com

CEO: Sebastian Bessing

Commercial Register:
HRB 140607
Frankfurt Local Court
VAT X0X0X0X0

1. INTRODUCTION

At Sherloq, we are committed to protecting your privacy and ensuring the security of any personal data we process. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our SaaS platform for tracking LinkedIn user (“Profile”) activities and managing Watchlists. By accessing or using Sherloq’s services, you acknowledge and consent to the practices described in this policy. If you do not agree with any aspect of this policy, please discontinue using our services.

2. WHO IS THE DATA COLLECTOR?

For the purposes of the GDPR, the data controller is: Sherloq GmbH
Address: Bindingstr. 9, 60598 Frankfurt/ Main (GERMANY)


Contact email: support@gosherloq.com

3. DATA WE PROCESS & HOW
3.1. CATEGORIES OF PERSONAL DATA

Depending on your use of our platform, we may collect the following categories of personal data:
 

  • Identification & authentication data: e.g., name, business email address, password (hashed) for Sherloq user accounts.

  • Contact data if premium account: e.g., business name, phone number, address.

  • Profile‑data and target activity data: e.g., LinkedIn profile identifier (public handle), publicly visible LinkedIn activity (posts, reposts, comments, reactions, job changes, contact changes) of the Profiles you track or monitor.

  • Usage & technical data: logs, IP address, device information, time stamps of access, tracking of how you use Sherloq’s features (e.g., creation of Watchlists, scoring of activities).

  • Payment & billing data (if you subscribe): e.g., invoicing information, credit/debit card payment data (note: full card details are processed by a third‑party payment processor; we do not store full card numbers on our servers).

  • Other information you voluntarily provide, such as support requests, feedback, or communication with our team.

3.2. PURPOSES & LEGAL BASES FOR PROCESSING

We process your personal data in connection with the following purposes and legal bases:

  • To provide you with access to and use of the Sherloq platform (performance of contract) – e.g., authentication, account management, Watchlist creation, notification of target activity.

  • To personalise and deliver notifications/alerts about LinkedIn profile activity (legitimate interest) – we believe such processing is necessary to provide our core “sniper” value‑proposition: timely, targeted notifications.

  • To process payments for subscription services (performance of contract, legal obligation).

  • To communicate with you about your account, support inquiries, service updates, security notifications (legitimate interest).

  • To send you marketing communications (with your consent, or if permitted under applicable law) – you may withdraw consent at any time.

  • To comply with legal or regulatory obligations (legal obligation).

  • To improve and develop our platform (legitimate interest) – e.g., monitoring usage, optimizing features, performing analytics to enhance system performance.

3.3. USE OF PROFILE ACtiVITY DATA & SCORING

Since our platform specifically tracks the activities of LinkedIn users (“Profiles”) you add to Watchlists and assigns scores based on weighted activity (posts, comments, reactions, job changes, etc.), we process publicly available profile data and activity metadata. We may transform, enrich or anonymise aggregated data for internal research or product improvement while ensuring that individual personal data is handled according to this policy.

4. DATA SHARING, TRANSFERS & STORAGE

4.1. RECIPIENTS & THIRD-PARTY PROVIDERS

We may share your personal data with the following categories of recipients:

  • Our trusted third‑party service providers (processors) who perform functions on our behalf (e.g., cloud hosting, database storage, payment processing, email delivery, analytics) and who have contractual obligations to handle your data in accordance with this policy and applicable laws.

  • Integration partners: if you choose to connect Sherloq to other platforms or services, data flows to those integrations only with your explicit authorisation.

  • Legal, regulatory or governmental authorities: if required by law or to protect our legal rights.

  • In connection with a corporate transaction (e.g., sale or merger) your personal data may be transferred to the acquiring entity, provided they assume equivalent data protection obligations.

4.2. INTERNAL TRANSFERS

If we transfer your personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to ensure the personal data remains protected to an equivalent standard. Unless explicitly stated otherwise, we host and process data within the EEA.

5. DATA RETENTION

We retain personal data only for as long as necessary for the purposes set out in this policy, and to meet legal, regulatory or contractual obligations. Criteria used to determine retention periods include:

  • The length of your subscription or active business relationship with us.

  • Whether there is an ongoing obligation (e.g., accounting invoice retention).

  • Whether we have a legitimate interest to retain the data for a longer period (for example analytics or product improvement), balanced against your rights.
    When data is no longer needed, we securely delete or anonymise it.

6. DATA SECURITY & INTEGRITY

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, accidental loss, alteration or destruction. These measures include (but are not limited to): encryption of data in transit and at rest, access controls, secure authentication, routinely updated security software and firewalls. We follow “privacy by design and default” principles.

7. COOKIES & TRACKING TECHNOLOGIES

We may use cookies and similar tracking technologies on our website. You will be provided with information about their use upon first visit and have the ability to manage your preferences. (Optional: detail specific cookie categories—essential, performance, analytics, marketing). If you do not accept wafers cookies, it may limit certain functionality of the website.

8. YOUR RIGHTS AS AN INDIVIDUAL

You have the following rights regarding your personal data, subject to applicable law:

  • Right to be informed: you have the right to know what personal data we process and why.

  • Right of access: you may request a copy of the personal data we hold on you.

  • Right to rectification: you may request that inaccurate or incomplete personal data be corrected.

  • Right to erasure (“right to be forgotten”): you may request deletion of your personal data under certain circumstances.

  • Right to restriction of processing: you may request that we restrict further processing in certain cases.

  • Right to data portability: where applicable you may request portability of your data in a structured, commonly used machine‑readable format.

  • Right to object: you have the right to object to processing that is based on our legitimate interests or for direct marketing.

  • Right to withdraw consent: where processing is based on consent you may withdraw consent at any time, without affecting processing done prior to withdrawal.

  • Right to lodge a complaint: you may complain to your competent supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at support@gosherloq.com. We may ask you to provide identity verification before honouring requests.

9. MARKETING COMMUNICATIONS

With your consent (or, where lawful, based on our legitimate interest) we may send you marketing communications about our platform, product updates, offers, and events. You can withdraw your consent or opt‑out at any time via a link in the email or by contacting us directly. Essential service‑related communications (e.g., account status, security alerts, billing notifications) will continue even if you opt‑out of marketing communications.

10. PROFILING & AUTOMATED DECISION-MAKING

As part of our service, Sherloq may use automated processing (including scoring algorithms) to evaluate the activity of LinkedIn Profiles you monitor (e.g., assigning a score based on relevance of an activity). This constitutes automated decision‑making or profiling. You have the right to request meaningful information about the logic involved, the significance and the envisaged consequences of such processing for you, and to request human intervention.

11. CHANGES TO PRIVACY POLICY

 

We may update this Privacy Policy from time to time (for example to reflect changes in our services or legal/regulatory changes). We will notify you of significant changes (for example via email or in‑app notice) and publish the new version on our website with a “last updated” date. We encourage you to review this policy periodically.

Effective Date: 01.11.2025

bottom of page