Engageo

Privacy Policy

Effective date: May 2, 2026

1. Introduction

Engageo ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform ("Service"). Please read this policy carefully.

2. Information We Collect

Information you provide to us

  • Account information: Name, email address, password, company name, phone number
  • Billing information: Payment card details (processed by Stripe; we do not store full card numbers), billing address
  • Content: Contacts, emails, campaigns, social posts, files, and other data you create or upload to the Service
  • Communications: Messages you send to our support team

Information collected automatically

  • Usage data: Pages visited, features used, actions taken within the Service
  • Device information: Browser type, operating system, device type, screen resolution
  • Log data: IP address, access times, referring URLs
  • Cookies: We use essential cookies for authentication and functionality. See section 7 for details.

Information from third parties

  • Social media platforms: When you connect a social account, we receive your profile information and content as authorized by you
  • Calendar providers: When you connect Google Calendar or Microsoft 365, we receive calendar events and availability
  • Email and SMS providers: Delivery status, open tracking, and click tracking data from our sending partners

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and send related information (receipts, confirmations)
  • Send you technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities in connection with the Service
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize your experience and deliver relevant content

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

  • Service providers: We share data with third-party companies that perform services on our behalf, including email delivery (Postmark), SMS delivery (Twilio), payment processing (Stripe), error tracking (Sentry), and file storage (S3-compatible providers). These providers are contractually obligated to protect your data.
  • Social media platforms: When you use the Service to post content to social platforms, we transmit your content to those platforms via their APIs.
  • Legal requirements: We may disclose your information if required by law, regulation, or legal process (such as a court order or subpoena).
  • Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: We may share your information with third parties when you give us explicit consent to do so.

5. Data Retention

We retain your account information and content for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it (for example, billing records for tax purposes, which we retain for 7 years).

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and product improvement.

6. Data Security

We take reasonable measures to protect your information from unauthorized access, use, alteration, and destruction. These measures include:

  • Encryption of data in transit using TLS
  • Encryption of sensitive fields at rest using AES-256-GCM
  • Password hashing using bcrypt
  • Row-level security in our database to prevent cross-tenant data access
  • Regular security audits and dependency vulnerability scanning
  • Access controls and audit logging for all administrative actions

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication and core functionality. These cannot be disabled.
  • Analytics cookies: Used to understand how you use the Service so we can improve it. You can opt out of these in your cookie preferences.

We do not use advertising or tracking cookies. Our marketing site includes a cookie consent banner where you can manage your preferences.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can request that we delete your personal data.
  • Right to data portability: You can request a machine-readable copy of your data.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to object: You can object to our processing of your data for certain purposes.
  • Right to withdraw consent: Where we process data based on your consent, you can withdraw consent at any time.

To exercise these rights, use the "Your Data" section in your account settings, or contact us at [email protected]. We provide a self-service data export and account deletion tool in the platform. We will respond to all requests within 30 days.

9. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You can request that we delete your personal information.
  • Right to opt out of sale: We do not sell your personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected] or use the account settings in the platform.

10. International Data Transfers

Our primary servers are located in Europe (Hetzner, Germany). If you access the Service from outside the EEA, your data may be transferred to and processed in the EEA. We ensure all data transfers comply with applicable data protection laws.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective date" above. We will also send you an email notification for significant changes.

We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Engageo
Email: [email protected]
Data Protection Officer: [email protected]