Privacy Policy

Effective as of September 3, 2021

We take your privacy very seriously.

We know Cooby touches the most personal part of our lives - our messaging inbox, so we design and build it with privacy at heart. In contrast to other hard-to-read privacy policies, our privacy policy is intended to be human-readable and easy to digest. That's why we have illustrations to complement the policy. We hope you take some time to read through it carefully, as it is important!

Please click here to view the previous version of our Privacy Policy.

This Privacy Policy describes how Cooby, Inc. ( "Cooby," "we", "us" or "our") handles personal information that we collect through our digital properties that link to this Privacy Policy, including our website, chrome extension, and mobile application (collectively, the "Service"), as well as through social media, our marketing activities, and other activities described in this Privacy Policy.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, professional title and company name, and phone number.

  • Profile data, such as the username and password that you may set to establish an online account on the Service, photograph, preferences, and any other information that you add to your account profile.

  • Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise.

  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.

  • User-generated content, such as profile pictures, photos, images, music, videos, comments, questions, messages, groups and group names, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.

  • Payment information needed to complete transactions, including payment card information or bank account number.

  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
  • Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.

  • Marketing partners, such as joint marketing partners and event co-sponsors.

  • Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.

  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

  • Location data when you authorize the Service to access your device’s location.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.

  • Local storage technologies, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.

  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.

These technologies are used for the following purposes:

  • Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.

  • Functionality. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.

  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here:
    https://tools.google.com/dlpage/gaoptout?hl=en.

Data about others. We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations.
Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal information to:

  • provide, operate and improve the Service and our business;
  • establish and maintain your user profile on the Service;
  • facilitate your invitations to friends who you want to invite to join the Service;
  • enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
  • Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Your choices section below.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information that we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection.

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.

Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Cooby or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Other users and the public. Your messages and user-generated content may be visible to other users of the Service and the public. Some of this information may be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information. For example, other users of the Service or the public may have access to your information if you chose to share a link to your chat with others. Note that, when sharing a link to your conversations, unless you choose to password protect the sharing, the conversation could be accessible to anyone who obtains the link (not just the initial recipient).

We make commercially reasonable efforts to verify that the parties with whom our mobile application shares personal information provide a level of protection of personal information consistent with the practices described in this Privacy Policy, except that all such parties described above other than service providers and affiliates may, to the extent permitted by law, use personal information as described in their own privacy policies.

Your choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.

Advertising choices. You can limit use of your information for interest-based advertising by:

  • Browser settings. Blocking third-party cookies in your browser settings.

  • Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.

  • Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising:

  • Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:

  • Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device from which you wish to opt-out.

We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Linked third-party platforms. If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by anyone under 16 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

California privacy rights notice

Your California privacy rights. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes and the categories of personal information disclosed. You may send us requests for this information to support@cooby.co. In your request, you must include the statement “Shine the Light Request," and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Notice to European users

The information provided in this “Notice to European users” section applies only to individuals in the United Kingdom, Switzerland, and the European Economic Area (hereafter collectively referred to as “Europe”).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. Cooby is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose

Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.

Legal basis

For Service delivery

Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
  • For research and development
  • For marketing and advertising purposes
  • Compliance and protection purposes
  • Sharing your personal information as described in this Privacy Policy
These activities may constitute our legitimate interests, may be necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services, or may be based on your consent. To the extent that these activities constitute our legitimate interests, we do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with applicable law

Processing is necessary to comply with our legal obligations.

With your consent

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for Compliance and protection purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services, or otherwise to us.

If you provide us with any sensitive personal information to us when you use the services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.

Your rights. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to support@cooby.co or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-border data transfer. If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.