Privacy Policy
Last updated: December 7, 2025
Effective date: December 7, 2025
SocialCRM, initiative of Social Protocol Labs LLC ("SocialCRM," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at socialcrm.com (the "Website") or use our AI brand monitoring platform and related services (collectively, the "Services").
Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.
Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing (GDPR)
- Information Sharing and Disclosure
- International Data Transfers
- Data Retention
- Data Security
- Your Privacy Rights
- Rights for EEA/UK Residents (GDPR)
- Rights for California Residents (CCPA/CPRA)
- Cookies and Tracking Technologies
- Third-Party Services
- Children's Privacy
- Automated Decision-Making
- Data Breach Notification
- Changes to This Privacy Policy
- Contact Information
1. Information We Collect
1.1 Information You Provide Directly
We collect information you provide directly to us, including:
- Account Information: Name, email address, password, company name, job title, phone number, and billing address when you create an account or subscribe to our Services.
- Payment Information: Credit card numbers, bank account information, and billing details processed through our third-party payment processors (Stripe). We do not store complete payment card information on our servers.
- Brand Information: Brand names, product information, company descriptions, logos, and other content you upload to configure your brand monitoring.
- Communications: Information you provide when you contact our support team, respond to surveys, or communicate with us via email, chat, or other channels.
- User Content: Any content, data, or materials you submit, post, or upload through the Services.
1.2 Information Collected Automatically
When you access or use our Services, we automatically collect certain information, including:
- Device Information: Device type, operating system, unique device identifiers, browser type and version, language preferences, and mobile network information.
- Log Information: Access times, pages viewed, IP address, referring URL, and actions taken within the Services.
- Usage Information: Features used, preferences, interaction patterns, and performance data.
- Location Information: General geographic location derived from your IP address.
- Cookies and Similar Technologies: Information collected through cookies, pixel tags, web beacons, and similar technologies as described in our Cookie Policy.
1.3 Information from Third Parties
We may receive information about you from third parties, including:
- AI Platform Data: Publicly available information from AI platforms (ChatGPT, Claude, Perplexity, Gemini, etc.) related to brand mentions and representations.
- Business Partners: Information from partners who provide integrations or referrals.
- Public Sources: Publicly available information from websites, social media, and business registries.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery
- Provide, operate, maintain, and improve our Services
- Process transactions and send related information
- Monitor AI platforms for brand mentions and accuracy
- Generate reports, analytics, and insights
- Manage user accounts and subscriptions
2.2 Communications
- Send technical notices, updates, security alerts, and support messages
- Respond to your comments, questions, and requests
- Send promotional communications (with your consent where required)
- Provide customer support and training
2.3 Analytics and Improvement
- Analyze usage patterns and trends to improve our Services
- Develop new products, services, features, and functionality
- Conduct research and analysis
- Monitor and analyze effectiveness of our marketing
2.4 Security and Compliance
- Detect, investigate, and prevent fraudulent or illegal activities
- Protect the rights, property, and safety of SocialCRM and others
- Comply with legal obligations and enforce our terms
- Respond to legal process and government requests
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom (UK), we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Providing our Services | Performance of contract (Article 6(1)(b)) |
| Processing payments | Performance of contract (Article 6(1)(b)) |
| Sending service communications | Performance of contract (Article 6(1)(b)) |
| Marketing communications | Consent (Article 6(1)(a)) or Legitimate interest (Article 6(1)(f)) |
| Analytics and improvement | Legitimate interest (Article 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Article 6(1)(f)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
4. Information Sharing and Disclosure
We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Cloud Infrastructure: Supabase (database), Vercel (hosting), Google Cloud Platform (storage)
- Payment Processing: Stripe
- Email Services: Resend
- AI Services: OpenAI, Anthropic, Google (for AI monitoring functionality)
- Analytics: Google Analytics
- Customer Support: Internal tools
4.2 Business Transfers
In connection with any merger, acquisition, sale of company assets, financing, or transfer of all or a portion of our business to another company, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Website of any change in ownership or uses of your personal information.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:
- Comply with a legal obligation
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the personal safety of users or the public
- Protect against legal liability
4.4 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
4.5 Aggregated or De-identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analysis, and business purposes.
5. International Data Transfers
SocialCRM is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For transfers of personal data from the EEA or UK to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate data protection safeguards
- Data Processing Agreements: Contractual commitments with our service providers regarding data protection
- Certification mechanisms: Where applicable, reliance on privacy frameworks and certifications
You may request a copy of the safeguards we use by contacting us at the information provided below.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:
- The nature and sensitivity of the data
- The purposes for which we process the data
- Whether we can achieve those purposes through other means
- Applicable legal requirements
Specific Retention Periods
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Transaction records | 7 years (tax and accounting requirements) |
| Brand monitoring data | Duration of subscription + 90 days |
| Support communications | 3 years from last interaction |
| Server logs | 90 days |
| Analytics data | 26 months (aggregated) |
| Marketing preferences | Until consent withdrawn + 30 days |
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Technical Measures
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access control (RBAC) and multi-factor authentication
- Database Security: Row-level security (RLS) for data isolation
- Password Security: Passwords hashed using bcrypt with appropriate work factors
- Session Management: Secure JWT tokens with appropriate expiration
- Infrastructure: Hosted on SOC 2 compliant infrastructure
Organizational Measures
- Regular security assessments and penetration testing
- Employee security awareness training
- Incident response procedures
- Vendor security assessments
- Access logging and monitoring
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Your Privacy Rights
Depending on your location and applicable laws, you may have certain rights regarding your personal information:
- Access: Request access to your personal information
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal information
- Portability: Request a copy of your data in a portable format
- Opt-out: Opt out of marketing communications
- Withdrawal: Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us at privacy@socialcrm.com. We will respond to your request within 30 days.
9. Rights for EEA/UK Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you have the following additional rights under the General Data Protection Regulation (GDPR):
- Right to Access (Article 15): You have the right to obtain confirmation as to whether personal data concerning you is being processed and access to that data.
- Right to Rectification (Article 16): You have the right to obtain rectification of inaccurate personal data.
- Right to Erasure (Article 17): You have the right to obtain erasure of personal data ("right to be forgotten") under certain circumstances.
- Right to Restriction (Article 18): You have the right to obtain restriction of processing under certain circumstances.
- Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right Not to be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.
Data Protection Authority
You have the right to lodge a complaint with a supervisory authority. If you are in the EEA, you can find your local Data Protection Authority at: https://edpb.europa.eu/about-edpb/board/members_en
If you are in the UK, you can contact the Information Commissioner's Office (ICO) at: https://ico.org.uk/make-a-complaint/
Data Protection Contact
For GDPR-related inquiries, please contact our Data Protection team at: privacy@socialcrm.com
10. Rights for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers: Name, email address, account name, IP address
- Commercial Information: Records of products or services purchased, purchasing histories
- Internet Activity: Browsing history, search history, interaction with our website
- Geolocation Data: General location derived from IP address
- Professional Information: Job title, company name, business contact information
- Inferences: Preferences, characteristics, behavior, and attitudes
Sale and Sharing of Personal Information
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
Your California Privacy Rights
- Right to Know: You have the right to request disclosure of the personal information we have collected, used, disclosed, and sold about you.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. As noted above, we do not sell or share your information.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.
How to Exercise Your Rights
To exercise your California privacy rights, you may:
- Email us at: privacy@socialcrm.com
- Submit a request through your account settings
We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.
Financial Incentives
We do not offer financial incentives for the collection, sale, or deletion of personal information.
California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
12. Third-Party Services
Our Services may contain links to third-party websites, products, or services that are not owned or controlled by SocialCRM. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.
We strongly advise you to review the privacy policy of every site you visit. Our Privacy Policy applies only to our Services.
13. Children's Privacy
Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information.
If you believe we have collected information from a child under 16, please contact us at privacy@socialcrm.com.
14. Automated Decision-Making
We use automated systems to help provide our Services, including:
- AI Monitoring: Automated detection and analysis of brand mentions across AI platforms
- Accuracy Scoring: Automated assessment of AI answer accuracy
- Alert Generation: Automated notifications based on monitoring rules
These automated processes assist in service delivery but do not make decisions that produce legal effects or similarly significantly affect you. If you have concerns about automated decision-making, please contact us.
15. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by law)
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Document the breach, its effects, and the remedial actions taken
Our incident response procedures are designed to quickly identify, contain, and remediate security incidents.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last updated" date at the top of this Policy
- Sending you an email notification (for material changes)
- Providing a prominent notice on our Services
We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.
17. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
SocialCRM, initiative of Social Protocol Labs LLC
Attn: Privacy Team
Email: privacy@socialcrm.com
General Support: support@socialcrm.com
For GDPR-related inquiries or to exercise your data protection rights, please email: privacy@socialcrm.com
We will respond to your inquiry within 30 days, or sooner if required by applicable law.
Cookie Management
You can manage your cookie preferences at any time using the controls below:
Cookie Settings
Manage your cookie preferences. Essential cookies are always active as they are necessary for the website to function properly.
Essential Cookies
Required for the website to function properly. Cannot be disabled.
Functional Cookies
Enable personalized features and remember your preferences.
Analytics Cookies
Help us improve our website by collecting anonymous information.
Marketing Cookies
Allow us to provide personalized ads and content based on your browsing behavior.