← Back to home

Privacy Notice

PrivacyAutomated LLC

Last updated: June 4, 2026

PrivacyAutomated LLC ("PrivacyAutomated," "we," "us," or "our") respects your privacy. This Privacy Notice explains how we collect, use, disclose, and protect personal information when you visit privacyautomated.ai, use our application at app.privacyautomated.ai, communicate with us, or engage our services (collectively, the "Services").

Scope note. This Notice covers personal information for which PrivacyAutomated acts as a controller — for example, information about website visitors, prospects, account administrators, and authorized users of our application. It does not cover personal information that our customers submit to the platform about their own employees, customers, or other data subjects; we process that information as a processor on behalf of those customers under our Terms of Service and Data Processing Addendum, and the relevant customer's own privacy notice applies.

1. Information We Collect

We collect personal information in three ways: information you provide directly, information collected automatically when you use the Services, and information we receive from third parties.

1.1 Information You Provide

  • Account and contact details. Name, business email address, phone number, company name, job title, and login credentials when you create an account, request a demo, contact sales or support, or sign up for our newsletter.
  • Billing information. If you purchase a paid subscription, we collect billing contact details. Payment card details are collected and processed directly by our payment processor (Stripe); we do not store full card numbers on our systems.
  • Communications. Records of your communications with us, including emails, support tickets, chat messages, meeting notes, and survey responses.
  • Marketing engagement. Preferences you set, event registrations, content downloads, and similar interactions.
  • Application content. Configuration choices, integrations you set up, and the data you choose to submit when using the platform. (Customer data submitted to the platform is governed by your organization's agreement with us; see the scope note above.)

1.2 Information Collected Automatically

When you visit our website or use our application, we and our service providers automatically collect:

  • Device and connection data. IP address, browser type and version, operating system, device identifiers, language settings, and referring URLs.
  • Usage data. Pages viewed, links clicked, features used, session duration, dates and times of access, and similar telemetry.
  • Cookies and similar technologies. See Section 6 below.

We use Plausible Analytics to understand site usage in aggregate. Plausible is a privacy-friendly analytics product that does not use cookies, does not collect cross-site identifiers, and does not store personally identifiable information. All data is aggregated; we cannot identify individual visitors. Plausible's data-handling practices are described in their data policy.

1.3 Information From Third Parties

  • Marketing analytics. Aggregate visitor analytics provided by Plausible Analytics (cookie-free, no cross-site tracking, no personally identifiable data stored). We do not currently use a customer relationship management or marketing automation platform; sales and support correspondence is handled by email.
  • Payment processor. Stripe provides us with limited information about your transactions (e.g., last four digits of a card, billing zip code, transaction status) so we can manage your subscription. Stripe's handling of payment data is governed by Stripe's privacy policy.
  • Business contact data providers. We may obtain business contact information (e.g., name, title, business email) from publicly available sources or third-party data providers for B2B marketing purposes, where permitted by law.
  • Authentication providers. If you sign in using a single sign-on provider, we receive the identifiers and profile information you authorize that provider to share.

2. How We Use Personal Information

We use personal information to:

  • provide, operate, maintain, and support the Services;
  • create and manage your account and authenticate users;
  • process payments and manage subscriptions;
  • communicate with you about your account, transactions, security, and updates;
  • send marketing communications (where permitted) about our products, events, and content, which you can opt out of at any time;
  • respond to your inquiries and provide customer support;
  • understand how the Services are used and improve them, including analytics and product research;
  • personalize your experience and remember your preferences;
  • prevent, detect, and investigate fraud, abuse, security incidents, and violations of our policies;
  • comply with legal obligations, respond to lawful requests, and enforce our agreements;
  • conduct corporate transactions such as financings, mergers, acquisitions, or divestitures; and
  • with your consent, for any other purpose we describe at the time of collection.

We may aggregate or de-identify personal information so it can no longer reasonably be associated with an individual, and we may use that information for any lawful purpose.

3. Legal Bases for Processing (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal information depend on the context:

  • Contract. Processing necessary to enter into or perform a contract with you (or with the entity you represent), such as providing the Services.
  • Legitimate interests. Processing necessary for our legitimate interests or those of a third party, such as operating and improving the Services, securing our systems, communicating with prospects, and conducting B2B marketing — except where overridden by your interests or rights.
  • Consent. Where required, such as for certain cookies, marketing communications to individuals, or other situations where consent is the appropriate basis. You can withdraw consent at any time without affecting prior processing.
  • Legal obligation. Where processing is necessary to comply with a legal obligation we are subject to.

4. How We Share Personal Information

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act ("CCPA/CPRA"). We disclose personal information only as described below.

4.1 Service Providers

We share personal information with vendors that perform services on our behalf, under contracts that restrict their use of the information to providing services to us. Categories include:

Category Examples of providers we use
Cloud hosting and infrastructure Hetzner Online GmbH (Hetzner Cloud, Falkenstein, Germany) for primary application and database hosting; Backblaze B2 (US-East) for encrypted off-site backups
Payment processing Stripe
Aggregate website analytics Plausible Analytics
Customer support and communications Helpdesk and email providers
Security, monitoring, and fraud prevention Logging, error tracking, and security tooling
Professional advisors Auditors, lawyers, accountants

A list of our current platform sub-processors (the third parties that process customer data submitted to the platform) is available on request.

4.2 Affiliates

We may share personal information with our corporate affiliates for purposes consistent with this Notice.

4.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to confidentiality protections.

4.4 Legal and Safety

We may disclose personal information when we believe in good faith it is necessary to: (a) comply with applicable law, legal process, or governmental request; (b) enforce our agreements; (c) protect the rights, property, or safety of PrivacyAutomated, our customers, or others; or (d) detect, prevent, or address fraud, security, or technical issues.

4.5 With Your Direction

We share personal information with third parties when you direct us to do so, such as when you connect a third-party integration.

5. International Data Transfers

Privacy Automated LLC is incorporated in the United States, but the primary application and database infrastructure for the Services is hosted in the European Union (Hetzner Cloud, Falkenstein, Germany). Encrypted off-site backups are stored in the United States (Backblaze B2, US-East). Certain other service providers we rely on — including our identity provider, payment processor, transactional email provider, large-language-model provider, and source-code host — are located in the United States or other countries; our error-monitoring provider (Sentry) runs in the European Union (Frankfurt). Depending on the feature you use, your personal information may therefore be transferred to, stored in, or processed in the European Union, the United States, or another country where one of our service providers operates.

Where personal information is transferred from the EEA, UK, or Switzerland to a country that has not received an adequacy decision (for example, to a U.S.-based service provider), we rely on appropriate transfer mechanisms, such as the EU Standard Contractual Clauses (and the UK Addendum where applicable), to provide a lawful basis for that transfer. You may request a copy of the relevant safeguards by contacting us using the details in Section 14.

6. Cookies and Similar Technologies

We try to use the smallest number of cookies necessary to deliver the Services. The only cookies set on our marketing site (privacyautomated.ai) and the application (app.privacyautomated.ai) are:

  • Strictly necessary. Authentication and security cookies set by our identity provider (Clerk) so signed-in users stay signed in across requests. These cannot be disabled if you want to use the application.

We do not use:

  • Analytics cookies (our analytics provider, Plausible, is cookie-free).
  • Advertising or cross-site tracking cookies.
  • Behavioural-profiling cookies.
  • Third-party chat widgets, marketing-automation pixels, social-media buttons, or similar tracking tags.

You can control cookies through your browser settings. Blocking strictly-necessary cookies will prevent you from signing in to the application.

Global Privacy Control (GPC). Where you are in a U.S. state that recognizes opt-out preference signals, we treat a valid GPC signal received from your browser as a request to opt out of any "sale" or "sharing" of personal information for that browser and device, to the extent applicable. (As noted above, we do not currently sell or share personal information for cross-context behavioral advertising.)

Do Not Track. Most browsers offer a "Do Not Track" setting. Because there is no consensus on how to interpret these signals, we do not currently respond to DNT signals.

7. Marketing Communications

We send marketing emails to business contacts about our products, events, and content. You can opt out at any time by using the unsubscribe link in any marketing email or by contacting us at info@privacyautomated.ai. Even if you opt out of marketing, we will still send you transactional and administrative messages relating to the Services.

8. Data Retention

We retain personal information for as long as needed to provide the Services and for the purposes described in this Notice. The actual retention period depends on the type of information and our legal, accounting, or operational requirements. As general guidelines:

  • Account data: for the duration of your account plus a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements.
  • Billing records: typically seven (7) years to satisfy tax and accounting requirements.
  • Marketing and prospect data: until you opt out or we determine it is no longer needed.
  • Support communications: typically up to three (3) years after the issue is closed.
  • Logs and security data: typically up to twelve (12) months, except where retention is needed for an active investigation.

When personal information is no longer needed, we delete or de-identify it, or where this is not feasible (for example, because it is held in backup archives), we securely isolate it until deletion is possible.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit and at rest, least-privilege access controls, network and endpoint security, logging and monitoring, secure development practices, vendor due diligence, and incident response procedures. No system is 100% secure, and we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information. We honor these rights as required by applicable law, including for individuals in jurisdictions where they are not legally required, where reasonable.

10.1 Rights Available to Most Individuals

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request correction of inaccurate or incomplete information.
  • Deletion. Request deletion of your personal information.
  • Opt out of marketing. Unsubscribe from marketing emails at any time.

10.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights, subject to certain exceptions:

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
  • Right to delete personal information we collected from you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. As stated above, we do not sell or share personal information.
  • Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information for purposes that require offering this right.
  • Right to non-discrimination for exercising your rights.

Categories of personal information collected in the past 12 months (using CCPA categories):

CCPA Category Collected? Sources Business Purposes Disclosed to
Identifiers (name, email, IP address, account ID) Yes You; automatic; third parties Provide and improve Services; communications; security Service providers; legal/safety
Customer records (billing contact, employer) Yes You; payment processor Account management; billing Service providers
Commercial information (subscription, transactions) Yes You; payment processor Account management; billing Service providers
Internet or other electronic network activity Yes Automatic Analytics; security; service improvement Service providers
Geolocation (approximate, from IP) Yes Automatic Security; analytics Service providers
Professional or employment information Yes You; third-party B2B data Sales; account management Service providers
Inferences Yes Derived Marketing; product improvement Service providers
Sensitive personal information (e.g., precise geolocation, government IDs, account credentials) Account login credentials only You Authentication and account security Service providers (cloud hosting, security)

We do not knowingly collect personal information of California residents under 16 years old, and we do not sell or share personal information.

Authorized agents. You may use an authorized agent to submit a request. We will require verification of the agent's authority and may require you to verify your identity directly.

10.3 Additional Rights for EEA, UK, and Swiss Residents (GDPR/UK GDPR)

If you are in the EEA, UK, or Switzerland, you may also have the right to:

  • object to processing based on legitimate interests;
  • restrict processing in certain circumstances;
  • data portability for information you provided to us based on consent or contract;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with your local supervisory authority.

10.4 Florida Residents

We provide the rights described in Section 10.1 to Florida residents regardless of whether the Florida Digital Bill of Rights applies to us.

10.5 How to Exercise Your Rights

Submit a request through our privacy request portal at app.privacyautomated.ai/r/privacy-automated. Select the type of request (access, deletion, correction, portability, or opt-out), provide your email address, and describe your request and the state or country in which you reside. We will email you a verification link to confirm the request, then verify your identity using information already associated with your account or relationship with us. We will respond within the timeframes required by applicable law (generally 45 days under CCPA and one month under GDPR, with possible extensions).

If we deny your request, you may appeal by submitting another request through the portal with "Privacy Rights Appeal" in the additional details, within 60 days.

11. Children's Privacy

The Services are intended for use by businesses and are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Third-Party Websites and Services

The Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices.

13. Changes to This Notice

We may update this Notice from time to time. When we do, we will revise the "Last updated" date at the top. If we make material changes, we will provide additional notice, such as by email or a prominent notice on the Services. Your continued use of the Services after the update takes effect constitutes acceptance of the updated Notice.

14. Contact Us

To exercise your privacy rights (access, deletion, correction, portability, or opt-out), use our privacy request portal at app.privacyautomated.ai/r/privacy-automated. For general privacy questions or concerns about this Notice, contact us at:

PrivacyAutomated LLC Email: info@privacyautomated.ai

If you are in the EEA, UK, or Switzerland and have unresolved concerns, you have the right to lodge a complaint with your local data protection authority.

© PrivacyAutomated LLC. All rights reserved.