Compliance Overview

Operational safeguards for outreach, billing, and customer data.

CyberArc Outreach is built for production outreach workflows, which means sender trust, unsubscribe handling, tenant isolation, and billing integrity cannot be afterthoughts. This page summarizes the controls exposed in the product and links to the formal policy documents.

Sender Safeguards

Email sending flows are designed to protect sender reputation and recipient choice. The platform supports unsubscribe URLs, suppression handling, deliverability checks, sequence stop conditions, and inbox warmup workflows before full campaign volume.

  • Unsubscribe coverage: outbound marketing flows include visible unsubscribe controls and mailbox headers.
  • Suppression handling: unsubscribed or replied contacts are excluded from future sends.
  • Warmup controls: warmup volume is gradual and tracked per inbox instead of immediately pushing production volume.

AI and Data Handling

CyberArc Outreach uses customer-provided lead, inbox, and identity data to generate copy, schedule sends, and maintain audit trails. Sensitive credentials such as inbox passwords, refresh tokens, and API secrets are encrypted at rest before persistence.

  • Secret storage: passwords, OAuth refresh tokens, and API keys are encrypted before database storage.
  • Scoped access: application queries are filtered by user identifier to preserve tenant isolation.
  • Observability: monitoring is configured to scrub sensitive fields before events leave the application.
  • Consent records: the platform stores lead-level consent metadata fields for operators who need CASL-aware outreach workflows.

Billing Integrity

Subscription lifecycle changes are driven through Paddle checkout and webhook processing. This keeps pricing, plan changes, renewals, cancellations, and credit resets attached to the external billing source of truth instead of ad hoc local plan switching.

  • Hosted checkout: payment collection is handled through Paddle checkout sessions.
  • Webhook verification: webhook secrets are required and events are processed idempotently.
  • Access gating: plan-restricted features remain behind explicit feature checks.

Public Documents

The summary on this page is not a substitute for the formal policy documents. Review the linked disclosures for the governing terms, privacy commitments, and data-handling details that apply to the service.

  • Privacy: how account and product data are handled.
  • Terms: commercial and service-use obligations.
  • Data handling: disclosure of how the application processes stored and operational data.

Privacy Policy

Review the privacy policy for collection, usage, and retention guidance.

Open privacy policy

Terms of Service

Review account responsibilities, billing terms, and service usage obligations.

Open terms of service