Skip to main content
Operator
Scan free

Legal

Data Processing and Privacy Addendum

How Operator sources, handles, and secures B2B business data, and how businesses and individuals exercise their privacy rights.

Last updated: July 2026

1. Purpose and scope

This Data Processing and Privacy Addendum (the "Addendum") explains how Operator ("Operator", "we") sources, handles, and secures the business information it provides through operator.fyi, and how businesses and individuals can exercise privacy rights that apply to that information.

The Addendum supplements the Operator Terms of Service and Acceptable Use Policy(the "AUP"). It does not replace them. Where a term is defined in the Terms, it has the same meaning here. If this Addendum conflicts with the Terms on a matter of data handling or privacy rights, this Addendum controls for that matter.

2. What data we hold

Operator maintains a catalog of business-level information about companies and the people who run them in their professional capacity. For a given business record, this can include:

  • Business, legal, and DBA ("doing business as") names.
  • Business mailing or physical address.
  • Business phone number and website.
  • Publicly listed business email address.
  • Industry or trade classification.
  • Firmographic estimates such as approximate revenue and employee count.
  • Where publicly available, the name and role of an owner, principal, or officer, in that professional capacity.

We treat this as B2B business-contact and firmographic data. It describes organizations and the roles people hold within them, not consumers in their personal lives. We do not build profiles of private consumer behavior, and we do not seek to hold sensitive personal information.

3. How it is sourced

Business records are assembled from public and derived sources, including:

  • Public business registrations and government filings.
  • Professional and occupational licensing records.
  • Public business directories and listings.
  • A business's own public web presence.
  • Scores and estimates that Operator derives by analyzing the sources above.

We do not purchase consumer data, and we do not scrape private or logged-in accounts. Firmographic estimates and Operator scores are computed values, not statements verified by the business, and may be approximate or out of date.

4. Roles of the parties

For the data Operator provides, Operator acts as an independent business that determines how it collects and organizes its own catalog. A buyer who receives a list is an independent controller and business in its own right. Once a list is delivered, the buyer is responsible for how it stores, uses, and acts on that data, including any outreach it conducts and its compliance with the laws that govern that outreach. Operator does not direct or control a buyer's downstream processing.

5. CCPA/CPRA and state privacy rights

Operator positions its product as B2B business data and does not "sell" consumer personal information as that concept is used under the California Consumer Privacy Act, as amended by the CPRA, or comparable US state privacy laws. Even so, where a record includes an identifiable individual, that person or the business may exercise the following rights by contacting the privacy address in Section 9:

  • Access: ask what business-level information we hold that relates to them.
  • Correction: ask us to correct information that is inaccurate.
  • Deletion and opt-out: ask us to delete the record and to opt out of any sale or sharing.

We will honor verified requests and will suppress opted-out records so they are not reintroduced in future catalog refreshes. We may take reasonable steps to verify that a request comes from the person or business it concerns, or an authorized agent, before we act on it.

6. Opt-out and removal

Any business, or any individual named in a record, may request removal from the Operator catalog by writing to the privacy address in Section 9. Please identify the business or listing so we can locate it. We aim to process verified removal requests within 30 days. Removed records are added to a suppression list so they are not re-added when we refresh the catalog from public sources. Lists already delivered to a buyer before a removal request are outside our control; requests about those should be directed to the buyer that received them.

7. Security

Operator maintains reasonable administrative and technical safeguards designed to protect the information it holds against unauthorized access, alteration, disclosure, or loss. These include access controls limited to personnel who need the data to operate the service, encryption of data in transit, and logging of administrative access. No safeguard is perfect, and we cannot guarantee absolute security.

8. Retention, updates, and international scope

We retain business records for as long as they remain useful to the service and are supported by public sources, and we refresh and re-derive them periodically so the catalog stays reasonably current. Suppression entries for opted-out records are retained as long as needed to keep those records out of future refreshes.

Operator's catalog is focused on United States businesses and is governed by US federal and state law. It is not designed to process data subject to the GDPR or other non-US frameworks, and we do not market it for that purpose.

9. Contact

Privacy, opt-out, and removal requests: privacy@operator.fyi. Please include enough detail to identify the business or listing so we can act on your request.