Privacy Policy

Introduction

This Privacy Policy describes how PromoCo ("we", "our", "us") collects, uses, and protects your personal information. By using PromoCo (app.promoco.io), you agree to this policy. If you do not agree, please refrain from using our services.

Information We Collect

• Account Information: Email, name, and profile information via Google OAuth (scopes: openid, email, profile).
• Gmail Emails: We use Gmail Read-Only access to store emails matching domain phrases listed on our public Whitelist. Stored details include sender, subject, date, content (text, CSS, HTML), tags, and metadata.
• Invite & Referral Information: Who invited you, referral relationships, invite status.
• User Roles and Permissions: Consultant/client roles and associated permissions.
• Technical Logs: Logs stored in AWS CloudWatch include IP addresses, browser type, timestamps, and access patterns.

How We Use Your Information

• Facilitating secure sharing of whitelisted email activity.
• Providing analytics and insights to authorized users.
• Improving PromoCo functionality and user experience.
• Ensuring site security and integrity.
• Complying with legal obligations and protecting our rights.

We never sell your data for marketing or advertising purposes.

Data Security and Storage

We use AWS DynamoDB with industry-standard security measures, including encryption at rest and in transit, to protect your data.

Data Sharing & Third Parties

Your data is only shared with the specific user who invited you. No third-party services have access to your emails beyond the stated purpose.

Cookies and Tracking Technologies

PromoCo uses cookies primarily for authentication (Google OAuth). You may disable cookies in your browser settings; however, this might limit certain functionalities.

Your Data Rights

• Request access, update, or deletion of your personal data via account settings.
• Individually delete shared emails or delete your account entirely.
• Revoke consultant/client access anytime.
• Export your personal data on request by contacting privacy@promoco.io.

Invite records are retained solely to prevent reuse.

Children's Privacy

PromoCo is not intended for individuals under 18. If you discover a child has provided personal data without consent, notify us at privacy@promoco.io, and we will promptly remove it.

International Data Transfers

Our services are hosted on AWS infrastructure. Using PromoCo may involve data transfers to and from the United States and other jurisdictions.

GDPR and CCPA Compliance

PromoCo complies with data protection regulations including the EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA). Residents of these regions have the right to:

• Access their personal data stored by PromoCo.
• Request correction or updating of their personal information.
• Request deletion of personal data.
• Export their personal data in a portable format.
• Withdraw consent for data processing.

To exercise these rights, contact us at privacy@promoco.io.

Changes to This Privacy Policy

We regularly update this policy, especially regarding whitelist changes. We notify users of significant changes via email or in-app notices. Continued use indicates acceptance.

Consent

By using PromoCo, you explicitly consent to this Privacy Policy. If you disagree with this policy, please cease using our services immediately.

Dispute Resolution and Governing Law

This policy is governed by laws applicable in our primary jurisdiction. Privacy disputes will be resolved through arbitration or court proceedings in that jurisdiction.