Legal · Policy

Privacy Policy

This Privacy Policy explains how the Company collects, uses, discloses, retains, and safeguards Personal Information across its Platform and Services. It is designed to comply with applicable global privacy laws and to reflect widely accepted principles of fair information practices.

Effective Date
January 1, 2026
Last Updated
January 1, 2026
Version
1.0
Jump to Table of Contents
Section 01

Introduction

This Privacy Policy (the “Policy”) describes how The Social Greenhouse (the “Company,” “we,” “us,” or “our”) collects, uses, discloses, retains, and safeguards Personal Information in connection with its websites, applications, application programming interfaces, mobile experiences, administrative portals, communications, marketing activities, and any related products or services (collectively, the “Platform” or the “Services”).

We are committed to protecting the privacy of every individual who interacts with the Services, and this Policy is intended to explain, in a clear and transparent manner, the practices that govern the information we handle. Our data practices are designed to comply with applicable data protection and privacy laws in the jurisdictions in which we operate and to reflect widely accepted principles of fair information practices, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

Section 02

Definitions

For the purposes of this Policy, the following capitalized terms have the meanings assigned to them below. Words denoting the singular include the plural and vice versa, and words denoting any gender include all genders.

Company
The entity providing the Services, together with its parents, subsidiaries, affiliates, successors, and assigns.
Services
Any product, feature, subscription, application, tool, integration, API, dashboard, communication channel, event, or professional service made available by the Company.
Platform
The technical infrastructure, software, and interfaces through which the Services are delivered.
User
Any natural person who accesses or uses the Services, including visitors, authorized users of a Customer account, invited collaborators, and individuals engaging with support or sales channels.
Customer
Any organization or individual that has entered into an agreement with the Company for access to the Services.
Personal Information
Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular individual or household.
Sensitive Information
A subset of Personal Information warranting heightened protection, such as government identifiers, financial account information, precise geolocation, biometric or genetic data, and health information.
Processing
Any operation performed on Personal Information, including collection, recording, storage, use, disclosure, and deletion.
Section 03

Information We Collect

We collect several categories of Personal Information in connection with the Services. The specific information collected depends on how you interact with us, the features you use, the configuration selected by the Customer, and the requirements of Applicable Law.

3.1 Identity and Contact Information

Name, email address, phone number, mailing address, job title, and any other identifying information you provide when creating an account, subscribing to communications, or contacting us.

3.2 Business Information

Where you interact with the Services on behalf of an organization, we may collect the organization’s name, address, industry, size, and your role.

3.3 Account and Profile Information

Login credentials, preferences, profile settings, and communication preferences.

3.4 Device, Browser, and Network Information

IP address, browser type and version, operating system, device identifiers, referring URLs, and other technical signals.

3.5 Usage and Activity Information

Pages viewed, features accessed, session duration, click paths, and interactions with the Services.

3.6 Payment Information

Billing details processed by qualified third-party payment providers that maintain PCI DSS compliance. We do not store full payment card numbers.

3.7 Content You Provide

Files, text, images, and other materials uploaded to or transmitted through the Services.

3.8 Authentication Data

Records of logins, authentication tokens, multi-factor authentication events, and related security events.

Section 04

How Information Is Collected

Personal Information is collected directly from you, automatically through your use of the Services, and from authorized Third Parties acting on behalf of, or in cooperation with, the Company.

4.1 Registration and Account Creation

Information you provide when creating an account or configuring a workspace.

4.2 Direct Communications

Information provided via contact forms, email, phone, chat, or events.

4.3 Automated Technologies

Cookies, pixels, SDKs, and server logs record technical information as you use the Services.

4.4 Analytics and Product Telemetry

First- and third-party analytics tools measure usage, performance, and feature adoption.

4.5 Third-Party Sources

Information received from resellers, partners, integrators, publicly available sources, and enrichment providers.

Section 06

How We Use Information

We use Personal Information for the following purposes:

  • Providing, maintaining, and improving the Services.
  • Authenticating users and securing accounts.
  • Processing transactions, subscriptions, and billing.
  • Communicating service updates, security notices, and support.
  • Sending marketing communications, where permitted by Applicable Law and your preferences.
  • Detecting, preventing, and responding to fraud, abuse, and security threats.
  • Meeting legal, regulatory, tax, audit, accounting, and internal governance obligations.
  • Conducting research, analytics, and product development to improve functionality.
Section 07

Payment Processing

Payment transactions are processed by qualified third-party payment providers (such as Stripe) that maintain compliance with the Payment Card Industry Data Security Standard (“PCI DSS”). We do not store full payment card numbers on our systems. We apply commercially reasonable measures to ensure that pricing, tax treatment, refunds, and chargebacks are handled accurately and consistently with Applicable Law.

Section 08

Cookies and Tracking Technologies

We use cookies, pixels, tags, SDKs, and similar technologies to operate, secure, personalize, and measure the performance of the Services.

8.1 Strictly Necessary Cookies

Required for core functionality such as authentication and security.

8.2 Functional Cookies

Enable a consistent, personalized experience by remembering your preferences.

8.3 Performance and Analytics Cookies

Help us understand how the Services are used and how to improve them.

8.4 Marketing Cookies

Used, where permitted, to measure the effectiveness of advertising and personalize communications.

8.5 Local and Session Storage

The Platform may use local and session storage to persist interface state, cache configuration values, and reduce round-trips to our servers.

Section 09

Analytics

We use analytics providers to understand how the Services are used, prioritize features, monitor platform health, and inform our product and business decisions. Analytics providers may collect information about your device, interactions, and inferred attributes in accordance with their own privacy practices and our contractual instructions.

Section 10

Marketing Communications

Subject to Applicable Law and your communication preferences, we may send promotional messages about our products, events, and offers. You may unsubscribe at any time using the mechanism provided in each communication. Withdrawing consent for marketing does not affect service-related messages necessary to provide the Services.

Section 11

Third-Party Services

The Services may integrate with or link to third-party services, plugins, or platforms. Those third parties operate independently and are governed by their own privacy notices. We are not responsible for their practices, and we encourage you to review their policies before providing information.

Section 12

Sharing and Disclosure

We may share Personal Information in the following circumstances:

12.1 Service Providers

With vendors and contractors that perform services on our behalf, including hosting, storage, analytics, communications, payment processing, and customer support.

12.2 Business Transfers

In connection with a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of services.

12.3 Legal and Regulatory Requirements

Where required to comply with laws, respond to lawful requests, or protect rights, safety, and property.

12.4 With Your Direction or Consent

Where you direct us to share or have provided consent to do so.

12.5 Fraud Prevention, Security, and Emergencies

To detect, investigate, prevent, or respond to fraud, security incidents, or emergencies.

Section 13

International Data Transfers

We may transfer, store, and process Personal Information in jurisdictions other than the country in which it was collected. Where required by Applicable Law, we implement appropriate safeguards for such transfers, including standard contractual clauses, adequacy decisions, or equivalent mechanisms proportionate to the nature and sensitivity of the data processed.

Section 14

Data Security

We implement administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. These safeguards include encryption in transit and at rest where appropriate, access controls, monitoring and logging, secure software development practices, personnel training, and vendor oversight. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Section 15

Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes described in this Policy, including providing the Services, maintaining business records, resolving disputes, enforcing agreements, and complying with legal, tax, audit, and regulatory obligations. Retention periods are determined based on the nature and sensitivity of the information, the potential risks associated with its processing, and applicable legal requirements.

Section 16

User Rights

Depending on your jurisdiction and the applicable legal basis for processing, you may have certain rights in respect of your Personal Information, including:

  • The right to access Personal Information we hold about you.
  • The right to request correction of inaccurate or incomplete information.
  • The right to request deletion, subject to legal exceptions.
  • The right to restrict or object to certain processing.
  • The right to data portability.
  • The right to withdraw consent, where processing is based on consent.
  • The right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the details in the Contact Information section. We may need to verify your identity before responding.

Section 17

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, provides specific rights, including the right to know, delete, correct, and opt out of the sale or sharing of Personal Information, and the right to limit the use of Sensitive Personal Information. We do not sell Personal Information as that term is traditionally understood.

Section 18

European Privacy Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in the User Rights section above under GDPR and equivalent laws. You may also contact your local data protection authority. Where applicable, our EU/UK representative can be reached via the details in the Contact Information section.

Section 19

Other International Privacy Laws

We comply with other applicable privacy laws in jurisdictions where we operate, including Canada’s PIPEDA, Brazil’s LGPD, Australia’s Privacy Act, and similar frameworks. Where you have rights under those laws, we honor them consistent with local requirements.

Section 20

Children's Privacy

The Services are not directed to children under the age of 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect Personal Information from children. If we become aware that a child has provided us with Personal Information without appropriate consent, we will take steps to delete it.

Section 21

Artificial Intelligence & Automated Decision Making

We may use machine learning and automated systems to improve the Services, detect fraud, personalize experiences, and support operational decisions. We do not use solely automated decision-making that produces legal or similarly significant effects concerning you without appropriate safeguards, including the right to human review where required by Applicable Law.

Section 22

User Generated Content

Content you post or make available through public areas of the Services may be visible to other users and the general public. You are responsible for the content you submit and should exercise caution before including Personal Information in publicly accessible areas.

Section 23

Account Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials.
  • Restricting access to your devices and account.
  • Using strong, unique passwords and enabling multi-factor authentication where available.
  • Promptly notifying us of any suspected unauthorized access to your Account.
Section 24

Business Transfers

In the event of a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of services to another provider, Personal Information may be transferred as part of the transaction. We will notify affected users where required by Applicable Law.

Section 25

Data Breach Notification

In the event of a Personal Information breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected individuals and regulators as required by Applicable Law, without undue delay and within any statutorily required timeframes.

Section 26

Do Not Track Signals

Some browsers offer a “Do Not Track” setting. Because there is no industry consensus on how to interpret these signals, our Services do not currently respond to them. You may control tracking through the cookie and consent controls described in this Policy.

Section 27

Accessibility

We are committed to making this Policy accessible. If you require this Policy in an alternative format, please contact us using the details in the Contact Information section.

Section 28

Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes to our practices, technologies, legal requirements, or business operations. When we make material changes, we will provide notice as required by Applicable Law. The “Last Updated” date at the top of this Policy indicates when it was most recently revised.

Section 29

Contact Information

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at:

The Social Greenhouse
Privacy Team
privacy@thesocialgreenhouse.com