You’ve probably never heard of RocketReach. But I think you should, as it’s got me properly riled up.

I just want people to leave me alone. My job is hard enough as it is, without people sliding into my inbox 24/7.

  • Hey, got time for a quick 15 minute chat about this random tool you’ll never use? NO
  • Hi, I’d love to chat with you about a potential partnership with-GO AWAY.
  • We really think your organisation could benefit from- JUST LEAVE ME ALONE.
  • I noticed you haven’t replied to our previous emails; just checking you didn’t miss this. I DIDN’T MISS IT I’M DELIBERATELY IGNORING YOU.

It’s constant, and it’s draining. I don’t know who out there is telling people that spamming folks with cold emails is the way to grow your business, but I’m begging them to stop.

I mean, it must be working, or they wouldn’t do it. But it’s just incredibly frustrating. Especially if you’re someone like me that doesn’t like to be mean to people. My deeply-instilled British values of politeness mean it pains me to ignore these people.

But I have to, or I wouldn’t be able to function. Just replying to these people would be a full-time job.

So imagine my dismay when I discovered there are websites out there specialising in making it even easier to contact me. And one of the worst offenders out there is RocketReach.

a screenshot of the RocketReach website

RocketReach makes you easier to find online, whether you like it or not.

RocketReach describes itself as “the world’s largest and most accurate database of emails and direct dials“.

That’s a pretty polite way of them saying that they’re a data harvesting company. They make it easy for those sleazy salespeople who make my life miserable to keep doing that. They even have a browser extension!

Whether you like it or not, RocketReach creates a profile for you. You probably have one already. Maybe go and check.

my profile information on RocketReach

Don’t remember giving them your details? That’s because you didn’t! This is all scraped from various places for your pleasure. Here’s how they describe that process:

RocketReach upholds strict ethical standards and is legally compliant. We mine profile information using a combination of a web crawler (similar to Google) and data mining algorithms such as entity recognition, email prediction etc. In essence, the information provided by our site is already publicly accessible on the internet. If our crawlers can find it, so can Google, Bing etc. Email addresses listed on our site are either found via entity search or predicted.

Well, at least they’re violating your privacy and consent with “strict ethical standards”. And what strikes me about this explanation is how blazé they are about it. Hey, they say, this is all online or guessable anyway, what’s the big deal? 

And sure, they’re right, just like if you stand outside my house long enough, you’ll probably be able to see me through the window. And if you followed me out of the house and down the street, you’d know where I was going. If you then published a dossier filled with pictures of me and details of my comings and goings, I’d throw my hands in the air and declare “fair play; it’s all publicly accessible information!”. (Actually, I wouldn’t say that. I am joking).

It’s so strange to me that the people at RocketReach are just happily building this Orwellian database without just constantly asking themselves, “are we the baddies?”

RocketReach seems to be a bit self-aware, at least.

Start Googling “is RocketReach…” and you’ll get results like “Is RocketReach legit” and “Is RocketReach legal?” RocketReach themselves have quite smartly written a blog post that turns up as one of the first results for these searches, trying to address the concerns.

The blog post doesn’t address the creep-factor of what they’re doing and includes gems like this:

RocketReach is trusted by salespeople and recruiters in some of the largest companies on the planet — Google, Apple, Facebook and Amazon, to name a few. Google and Amazon have over 400 employees each who trust and use RocketReach everyday. That’s about as legit as it gets.

Hey RocketReach! If you’re trying to alleviate my concerns about being creeping with my data, maybe don’t use Facebook or Google to back up your argument! Maybe pick companies that aren’t constantly under scrutiny for how they process user data!

Don’t forget that RocketReach is a paid service, too. From just £28 per month, you can look up 1,500 profiles of people who never agreed to have their data sold.

The price goes up to £50 if you want their direct phone numbers too. And I’ve been on the receiving end of one of these phone calls; it was a horrible experience! The ‘Business Development’ person rang me up DURING WORK HOURS, ON MY PERSONAL NUMBER, to try and pitch me some whatever. I was so baffled. After politely declining, I chased up with an email to get off their database and to find out where they’d got my number in the first place. Thanks, RocketReach!

Yes, you can opt out, but…

As soon as I found out I was on this hell database, I tried to get off it. RocketReach has a tiny “Do Not Sell My Info” button on their site, which lets you request to remove your info. But to do so, you have to give them MORE information first, so they can verify it’s really you asking to have your details removed.

the form you have to fill out to remove your details, such as name, company, and email address

And it also doesn’t quite feel like enough. Great, you can take my details down when requested. But I never asked to be harvested in the first place! And I’m no GDPR expert, but it all feels a bit iffy to me.

I got into an email exchange with RocketReach about this, and they weren’t very helpful. They pointed me to a help article which explains: “Our Company and Professional profiles are generated by tying together 100s of pieces of data using learning algorithms“. But that still doesn’t feel like enough. This ‘tying together’ smells like data processing to me, and I don’t consent!

I don’t usually make a big deal about privacy. I know that I’m exposing myself far more than what RocketReach do by using Facebook or using Google products. But the fact that RocketReach so gleefully sells this data on to the kind of people that make me miserable makes me want to do something about it.

So I went to the ICO. And they were pretty helpful! Submitting a complaint was pretty straightforward, and I just had to chase RocketReach down for a ‘final response’ – which amounted to them saying, “We have nothing else to say”. The final judgement wasn’t quite what I hoped, but fair.

I’ll post it in full here 👇

The ICO response on RocketReach’s harvesting of my data

You have raised a complaint about RocketReach’s use of your personal data. Your personal data has now been removed from their website, but you remain concerned about how this information was obtained in the first place.

In response to your concerns, Rocket Reach informed you that their data is collected and inferred from user contributions, public records and licensed from third party providers.

You explain that RocketReach have aggregated and bundled your data without your consent and that this processing was intrusive when you were not aware of this organisation’s existence.

Organisations do not need an individual’s consent to process personal data in all cases. Consent is one of six lawful bases an organisation may rely on to comply with data protection principles, please find further information here: https://ico.org.uk/your-data-matters/does-an-organisation-need-my-consent/. 

In this case, it appears likely RocketReach are processing personal data in their legitimate business interests. Processing in these circumstances should be within the individuals reasonable expectations and have minimal privacy impact.

We consider the privacy impact of this processing to be low as the data used appears to have been publicly available and does not appear to be sensitive.

I understand however, that you don’t consider processing in this case was within your reasonable expectations. Organisations must balance their interests in processing the data with the impact on individuals. To assess whether processing could be reasonably expected, organisations should consider relevant factors such as how data was collected, whether they have an existing relationship with the individual and whether individuals were informed about the processing.

In this case, it appears there was no pre-existing relationship between you and RocketReach therefore, it is harder to demonstrate that processing can be reasonably expected. Furthermore, where data is obtained from third party providers, the organisation needs to consider what individuals were told about how their data might be passed on to others.

We will now contact RocketReach on this matter to provide advice and guidance on what they need to consider to ensure data is processed within reasonable expectations in compliance with their data protection obligations. 

In summary: what they’re doing isn’t illegal and isn’t doing much harm anyway. But they were going to check in with RocketReach anyway. This was back in October, and I haven’t heard anything since. So I assume nothing’s changed.

Still, it was worth a shot! And at least my details are safe now?

Wrong. My details are not safe.

The problem is that RocketReach isn’t the only company doing this. This is an entire INDUSTRY. 

There’s Cognism, Lusha, GetEmail, People Data Labs, Snov.io, ZoomInfo, UpLead, Lead411, LeadIQ, Apollo.io, Hunter, and loads more! What exactly are you meant to do? Submit takedown requests for all of them? I’m not playing whack-a-mole with my data; it’s a game I can’t win. If the ICO thinks it’s harmless, it doesn’t sound like there’s much we can do.

UPDATE: Friend of the blog Tyler has shared a link to DeleteMe – a service that offers you protection against this kind of thing. But it’s a paid service, so no good. You shouldn’t need to pay to not be harvested! A racket on top of a racket.

 What you can do

But maybe together we can do something. Firstly, check and see if you’ve got a profile on these sites. If you do, ask them to take it down. And then spread the word, tell others to check their profiles too.

I think most people have no idea this is happening. And given how outraged people get the things Facebook are doing, they should feel just as strongly about this.

Meanwhile, I’m taking a more hardline attitude towards unsolicited cold emails. I’m aggressively marking emails as spam (I think it helps?), and I’m declining LinkedIn requests like Neo dodging bullets in The Matrix.

It’s not much, but it’s worth it for a bit of a quieter life.