Privacy Policy

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information from Third Parties

We may receive information about you from:

• •Authentication providers (Clerk) for identity verification
• •Payment processors (Stripe) for transaction information
• •Social media platforms when you connect your accounts
• •Public databases and data enrichment services (with your consent)

3.1 Service Provision and Performance

• •Create and manage your account
• •Provide, operate, and maintain our Services
• •Process transactions and send transactional communications
• •Enable campaign creation, management, and analytics
• •Generate QR codes and track campaign performance
• •Facilitate email and SMS communications on your behalf

3.2 Service Improvement and Development

• •Analyze usage patterns and improve platform functionality
• •Develop new features and services
• •Conduct research and data analysis
• •Test and optimize platform performance

3.3 Customer Support and Communication

• •Respond to inquiries and provide customer support
• •Send technical notices, updates, and security alerts
• •Provide training and onboarding assistance
• •Send administrative messages and service announcements

3.4 Marketing and Promotional Activities

With your consent, we may use your information to:

• •Send promotional emails about new features and offers
• •Provide personalized recommendations
• •Conduct surveys and request feedback
• •Display targeted advertisements (you can opt out at any time)

3.5 Security, Fraud Prevention, and Legal Compliance

• •Detect, prevent, and investigate fraud and security incidents
• •Monitor and address technical issues
• •Enforce our Terms of Service and policies
• •Comply with legal obligations and regulatory requirements
• •Respond to legal requests and prevent harm

5.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our platform:

• •Clerk: Authentication and user identity management
• •Convex: Database hosting and backend infrastructure
• •Resend: Email delivery and management
• •Twilio: SMS messaging services
• •Stripe: Payment processing and billing
• •Vercel: Hosting and content delivery
• •Analytics Providers: Platform usage analysis and optimization

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements and Protection

We may disclose your information when required by law or to:

• •Comply with legal process, court orders, or government requests
• •Enforce our Terms of Service and other agreements
• •Protect our rights, property, or safety, or that of our users
• •Detect, prevent, or address fraud, security, or technical issues
• •Prevent harm or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and provide choices regarding your information.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

Technical Safeguards

• •End-to-end encryption for data in transit (TLS 1.3)
• •Encryption at rest for all stored data (AES-256)
• •Secure authentication and authorization mechanisms
• •Regular security audits and penetration testing
• •Intrusion detection and prevention systems
• •Automated backup and disaster recovery procedures

Administrative Safeguards

• •Access controls and role-based permissions
• •Employee training on data protection and security
• •Confidentiality agreements with all personnel
• •Incident response and breach notification procedures

8.1 Rights for All Users

• •Access: Request a copy of your personal data
• •Correction: Update or correct inaccurate information
• •Deletion: Request deletion of your personal data (subject to legal obligations)
• •Opt-Out: Unsubscribe from marketing communications
• •Account Closure: Close your account at any time

8.2 Additional Rights for GDPR (EEA, UK, Switzerland)

• •Data Portability: Receive your data in a structured, machine-readable format
• •Restriction: Request restriction of processing in certain circumstances
• •Objection: Object to processing based on legitimate interests
• •Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• •Lodge Complaint: File a complaint with your local data protection authority
• •Automated Decision-Making: Opt out of automated decision-making, including profiling

8.3 Additional Rights for CCPA (California)

• •Know: Know what personal information we collect, use, and share
• •Delete: Request deletion of personal information
• •Opt-Out of Sale: We do not sell personal information
• •Non-Discrimination: Equal service regardless of privacy rights exercise

8.4 Additional Rights for PIPEDA (Canada)

• •Access: Access your personal information we hold
• •Challenge Accuracy: Challenge the accuracy and completeness of your information
• •Withdraw Consent: Withdraw consent for collection, use, or disclosure
• •File Complaint: File a complaint with the Privacy Commissioner of Canada

Retention Periods

• •Account Data: Retained while your account is active and for 90 days after account closure
• •Customer Data: Retained as long as you maintain your account or as required for legal compliance
• •Transaction Records: Retained for 7 years for accounting and tax purposes
• •Marketing Data: Retained until you opt out or for 2 years of inactivity
• •Analytics Data: Aggregated data may be retained indefinitely
• •Backup Data: Retained for 90 days in secure backups

Types of Cookies We Use

• •Essential Cookies: Required for platform functionality (authentication, security, session management)
• •Performance Cookies: Help us understand how you use our Services (analytics, error tracking)
• •Functional Cookies: Remember your preferences and settings
• •Marketing Cookies: Deliver relevant advertisements and track campaign effectiveness

Managing Cookies

You can control cookies through:

• •Browser settings (most browsers allow you to refuse or delete cookies)
• •Our cookie consent banner (for non-essential cookies)
• •Opt-out tools provided by advertising networks

Note: Disabling essential cookies may affect platform functionality.

Do Not Track

We currently do not respond to Do Not Track (DNT) signals. We will update this policy if we implement DNT support in the future.

For California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). For detailed information about your California privacy rights, please see Section 8.3 above.

We do not sell personal information and have not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising.

For Nevada Residents

Nevada residents have the right to opt out of the sale of their personal information. We do not sell personal information as defined under Nevada law.

For Middle East Residents

We comply with applicable data protection laws in Middle Eastern jurisdictions, including the UAE Data Protection Law, Saudi Arabia Personal Data Protection Law, and Qatar Data Privacy Law. You have rights to access, correct, and delete your personal data as provided under applicable local laws.