Effective date: May 4, 2026
Breakout, operated by Meaku, Inc. ("Breakout," "we," "us," or "our"), provides an AI-powered inbound pipeline platform that engages website visitors with personalized conversations, surfaces buyer intent signals, and routes qualified leads to sales teams. We operate https://www.getbreakout.ai (the "Website") and https://dashboard.getbreakout.ai (the "App") (together, the "Sites"), and we provide certain services to our business customers (the "Services"). This Privacy Policy describes how we collect, use, and disclose information.
Scope of this Privacy Policy
This Privacy Policy addresses two categories of information.
Customer data: Information we collect and process as a "controller" from our business customers ("Customers"). This includes information about individuals representing our Customers (such as their employees and contractors).
Service Data: Information we process as a processor on behalf of our Customers when they use our Services. This is data our Customers collect from their end users ("End Users") through Breakout-powered experiences on Customer websites.
Our Sites and Services are designed for businesses and their representatives. We do not offer them for personal, family, or household use.
If you are an End User of one of our Customer's websites, applications, or services, the Customer is the controller of your data and their privacy policy governs how that data is collected and used. Breakout acts as a data processor for our Customers and processes End User data only as instructed by them. You should review the relevant Customer's privacy policy to understand their data practices.
Information We Collect
2.1 Customer Data
We may collect the following information from Customers:
Contact data, such as name, postal address, email address, phone number, company name, job title, and other business contact information.
Profile data, including usernames, passwords, and other account details.
Communications data, including emails, chat logs, support tickets, and social media interactions.
Marketing data, including preferences for receiving marketing communications, engagement with our marketing materials, and event attendance.
Billing data necessary to process payments for the Services.
Usage data about how Customers use our Sites and Services, including features used, pages visited, and time spent on the platform.
Device data, including device type, operating system, browser type, IP address, and unique device identifiers.
2.2 Service Data
As a data processor, we collect and process Service Data only as instructed by our Customers. Depending on how a Customer configures the Services, this may include End User information such as website visitor activity, conversation transcripts with our AI agents, lead and contact information, and integration data flowing to or from connected systems such as CRMs (for example, Salesforce and HubSpot) and marketing automation platforms (for example, Marketo and HubSpot).
2.3 Visitor Identification and Enrichment
Where Customers enable visitor identification features and where End Users have provided the necessary consent on the Customer's website (for example, through a cookie banner or other consent mechanism), we may use third-party data providers to associate visitor activity with company-level or person-level information. We act as a processor for this functionality on behalf of our Customers. Whether and how visitor identification operates is controlled by each Customer and is governed by that Customer's privacy notice and lawful basis for processing.
2.4 Information from Other Sources
We may combine personal information we receive directly with information from publicly available sources, joint marketing partners or event co-sponsors, and third-party business contact data providers.
How We Use Information
3.1 Customer Data:
We use Customer Data to provide, maintain, and improve our Sites and Services; create and manage accounts; authenticate users; provide customer support; communicate with Customers about the Services; personalize Customer experience; send marketing communications (subject to Customer preferences); comply with applicable law; and operate our business.
3.2 Service Data:
We process Service Data solely to provide the Services to our Customers in accordance with their instructions and our agreements with them. We do not use Service Data for our own purposes, do not sell Service Data, and do not use Service Data to train our own machine learning models or those of our AI sub-processors.
3.3 Use of AI Sub-Processors
The Services rely on third-party large language model providers, including OpenAI and Anthropic, to generate AI-powered responses. Customer prompts and conversation content are transmitted to these providers under contractual terms that prohibit them from using the data to train their models. The current list of AI sub-processors is maintained on our Trust Center.
How We Share Information
4.1 Customer Data:
We may share Customer Data with: service providers that support our operations (such as hosting, analytics, and support tooling) under written contracts requiring confidentiality and appropriate safeguards; integrated third-party applications that Customers choose to connect; professional advisors; affiliates; acquirers in the event of a merger, acquisition, or business transfer; and authorities when required by law or legal process.
4.2 Service Data:
We share Service Data only as instructed by the relevant Customer or as otherwise permitted by our agreement with that Customer.
4.3 Sub-Processors
We use a set of sub-processors to provide the Services. The current list of sub-processors, including each sub-processor's role and location, is published on our Trust Center at https://trust.getbreakout.ai. We will provide Customers with at least 30 days' prior notice before engaging a new sub-processor that processes Service Data, and Customers may object to the addition of a new sub-processor in accordance with the terms of their agreement with us.
Breakout maintains a SOC 2 Type II attestation covering the Security, Availability, and Confidentiality Trust Services Criteria. Our security program includes encryption of data in transit (TLS) and at rest (AES-256), role-based access controls, multi-factor authentication for access to critical systems, quarterly access reviews, continuous vulnerability scanning, annual third-party penetration testing, formal incident response procedures, and regular backup and disaster recovery testing. Additional detail is available in our Trust Center.
No method of transmitting or storing data is completely secure, and we cannot guarantee absolute security.
We retain Customer Data for as long as the Customer maintains an active account with us, plus a period necessary to comply with legal, accounting, or reporting obligations. Service Data is retained for the duration of the Customer's contract with us and for up to 90 days following termination of that contract, unless the Customer requests earlier deletion or unless a longer retention period is required by law.
Breakout is based in the United States, and our infrastructure is hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on appropriate transfer mechanisms, including the Standard Contractual Clauses, where required.
8.1 Rights Available to All Users
Subject to applicable law and verification of your identity, you may request to access the personal information we hold about you; correct inaccurate information; request deletion of your personal information; object to or restrict certain processing; and receive your personal information in a portable format. To exercise these rights, contact us at privacy@getbreakout.ai. We will respond within the timeframe required by applicable law (generally within 30 days, with extensions where permitted).
8.2 European Economic Area, United Kingdom, and Switzerland
If you are in the EEA, the UK, or Switzerland, your personal information is processed under the General Data Protection Regulation, the UK GDPR, or the Swiss FADP, as applicable. We process personal information on lawful bases including the performance of a contract, our legitimate interests, your consent (where required), and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority.
8.3 California Residents
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), provides you with specific rights regarding your personal information.
In the preceding 12 months, we have collected the following categories of personal information: identifiers (such as name, email, IP address); commercial information; internet or other electronic network activity information; professional or employment-related information; and inferences drawn from this information.
We collect this information from the sources, and use it for the purposes, described in Sections 2 and 3.
We do not sell personal information for monetary consideration. We do not knowingly sell or share the personal information of consumers under 16 years of age. We may share personal information with advertising partners for cross-context behavioral advertising in connection with our own marketing of the Services. To opt out of this sharing, contact us at privacy@getbreakout.ai or use the "Do Not Sell or Share My Personal Information" mechanism on our Sites where available. We honor Global Privacy Control signals where required by law.
California residents have the right to know, the right to delete, the right to correct, the right to opt out of sale or sharing, the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising these rights. To exercise these rights, contact privacy@getbreakout.ai. You may designate an authorized agent to make a request on your behalf.
8.4 Other U.S. State Privacy Rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights similar to those described above, including rights of access, correction, deletion, and portability, and the right to opt out of targeted advertising, sale, and certain profiling activities.
To exercise these rights, contact privacy@getbreakout.ai.
Our Sites use cookies and similar technologies for essential functionality, analytics, and marketing. You can control cookies through your browser settings and through any cookie consent mechanism we provide on the Sites. Where required by law, we obtain consent before placing non-essential cookies on your device.
. Children's Privacy
The Services are intended for businesses and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it.
We may update this Privacy Policy from time to time. We will post any changes on our Sites and update the "Effective date" above. If changes are material, we will provide additional notice as required by applicable law.
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Meaku Inc.
978 Cera Dr
San Jose
CA 95129
