PRIVACY POLICY

Effective October 17, 2024 | See previous version

SCOPE OF THIS POLICY

This Privacy Policy (“Policy”) applies between you and Snovio Inc. (“Snovio”, “Company”, “we”, “us”, “our”), the owner and provider of this website https://snov.io/ (“Site”), web application Snov.io, API methods available by api.snov.io hostname (collectively the “Platform”). This Policy applies to our use of any personal data processed by us in relation to the provision of our services and products and your use of the Platform.

When processing your personal data Snovio can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller, joint controller or data processor under the GDPR and business and service provider under the CCPA respectively.

You can be our website visitor, client, prospect, or related person:

You are a website visitor when you merely browse this Site and/or submit your personal data via the Site’s online chat, feedback forms or any other forms;
You are a client or client’s representative (“client”or “user”) when you submit your personal data through a registration form on the Site, our social media accounts, email, contact us for assistance, leave us feedback regarding the provision of services, connect your email or social media accounts, or share your or third-party personal data with us when you use our products and services or integrate your Hubspot or Pipedrive account.
You are a prospect if your personal data related to your business interests or occupation is used in the process of providing services by us to our clients within our Platform, including within our integration with the Hubspot or Pipedrive platform.
You are a related person if your personal data related to business information and contained in various publicly available sources (e.g., social media platforms) has been uploaded to our Platform as part of Business Data, including within our integration with the Hubspot or Pipedrive platform as part of Synchronized Data.

When you submit your personal data as a client through our Platform, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.

INTERPRETATION AND DEFINITIONS

We use the following definitions in this Policy:

“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.

“data processor” means the natural or legal person who processes personal data on behalf of the data controller.

“joint controllers” means two or more controllers jointly determining the purposes and means of processing.

“data subject” is a natural person about whom Snovio holds personal data.

“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.

“processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“services” means sourcing, lead generation and sales automation services provided by the Company via online platform and web application.

TYPES OF PERSONAL DATA WE COLLECT

We collect three basic types of information about you in connection with our services: client and website visitor data, prospect data, and business data which relate to clients, website visitors, prospects, and related persons respectively. In particular, we collect:

Client and website visitor data:

(a) Registration Information. When you create an account on the Platform, we collect the following required information about you: email address, first and last names, and phone number. You must enter the above information yourself to create an account unless we receive such information (except phone number) about you from the Gmail authentication token when you choose to sign up using the ‘Sign In with Google’ button.

When you register an account, the Platform creates a unique identifier (user ID) to facilitate your identification on the Platform.

(b) Authentication Token Information. When you create an account on the Platform through the ‘Sign In with Google’ button, we collect encrypted Gmail authentication token obtained from Google LLC. We can obtain the following information about you via such a token: first and last names, email address, language settings.

(c) Automatically Collected Information. When you create an account, we collect certain information about you and your device automatically, including, IP Address, referral link, registration date, account balance information, language, and browser type. We may also collect some information about your activity on the Platform, such as the time you purchased a subscription or renewed your plan, the progress in completing gamification tasks, and any other actions taken while using our services.

(d) Workplace Information. When you create an account on the Platform, we collect some general information about your workplace and the purpose for using our Platform so that we can develop and optimize our Platform to meet the needs of our customers. Collecting workplace information allows us to know specifically who the processing agent is in order to expedite communication, e.g. in the event we receive a request from a data subject. Such information includes your company name, approximate company size, your occupation and purpose for using our Platform.

(e) Payment Information. If you order services from us, you will need to provide certain personal details, including payment information, so the order can be fulfilled. This information includes your identifier (client and order), email address, IP address, phone number, first and last names, country code, address (city, state, zip code), company name, card type, last 4 digits of the card number, user agent and browser language data, name of payment processor and may be used to prevent fraudulent chargebacks.

In order to obtain payment from you, we will use or direct you to a third-party payment processor who will collect this information from you and process your payment. Please note that a third-party payment processor is responsible for all collection, processing, and storage of your financial information and we do not have direct access to or possession of your payment card information (except the four last digits of the card number) or banking information.

(f) Google User Data. Email address of the integrated Gmail account, the access token, or identifiers for 1) drafts and messages sent via features (such as Remind Me and Send Later) of Unlimited Email Tracker for Gmail, 2) emails sent via campaigns and/or GBlast, 3) all inbox emails with all text information, attaches and images, received as answer to emails sent via campaigns, 4) synchronization of Google Calendar with Snovio CRM service.

(g) Connected Accounts Data. We can collect information related to your email or social media account when you connect (add) an email sender account or social media account in the settings of your account in order to use Drip Campaigns or Email Warm-Up services. This data may include login credentials of the connected account (login and password) and the following information for the social media accounts: a country, a city, and a temporary code.

The added email can also be used as part of Domain Health functionality. In this case, Snovio can send automated emails with no content from added emails to enhance its services and allow clients to access the results of domain health assessment.

(h) Drip Campaigns Data. Information regarding the Drip Campaigns services sent by the clients: email addresses added to drip campaign recipients, settings for the purposes of sending the email drip campaigns, replies to campaign emails, a timeline of these campaign actions, identifiers of sent and received emails, content of emails, information on the email recipient, the tracking status of sent emails for statistics.

To provide our services, when the client sends a message via the LI Touch functionality to another individual (recipient), we can collect the recipient's full name, country of residence, link to the recipient's social media account, and message content.

(i) Email Warm-Up Campaigns Data. Information regarding clients’ use of the Email Warm-Up services, i.e. how many emails were sent, received, and found in the ‘spam/junk’ section of your email account during your email warm-up campaign. Email Warm-Up services are not provided for Gmail (Google) accounts. Therefore, Email Warm-Up Campaigns Data cannot include any data obtained from clients’ Gmail (Google) accounts.

(j) Unlimited Email Tracker Data. Information regarding clients’ use of the Unlimited Email Tracker extension, i.e. message ID, subject, sender, and recipient of an email.

(k) Integrations API Information. Clients’ API tokens, which are necessary to integrate your account (giving our Platform access to a third-party platform API) with other third-party services, including CRM, collaboration tools, forms, customer support platforms, such as Calendly, Pipedrive, Zapier.

(l) Email AI Data. We can collect a client's personal data when the client uses our Email AI feature to write, edit the email text (including the email tone and language), and/or generate the email subject line according to the provided information. This data may include the input text content, generated text content, client's evaluation with additional comments, email block and company ID, user ID, and pricing plan ID.

(m) Push Notifications Information. If you have enabled push notifications on our website, we can provide you with push notifications about opening an email sent, engaging with a designated link within an email sent, and receiving a reply for the email sent, depending on what event notifications you have selected. In this case, we can collect certain information regarding the selected event notifications and details about your browser's permission to receive these notifications.

(n) Contact Information. We can collect some personal data when you submit your personal information via the Site’s online chat or other forms to contact, such as to book a call, provide feedback on our Platform, subscribe to updates, or join our affiliate program. Such data may include name, email address, phone number, job position, message, and other information you may provide us via available contact options.

(o) Cookies Information. On our Site, we use cookies and other tracking technologies for a variety of purposes: for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third party website or us. To learn more regarding our use of cookies please see our Cookie Policy.

The Company may have admin access to any data available in the client's account in cases when the client applies for customer and/or technical support or for the purposes of ensuring availability and accessibility of account and/or preventing bugs. In this case, Registration Information and Automatically Collected Information can be processed.

Prospect data:

(p) Prospect Data. We collect and process third-party personal data (mainly information related to data subject’s business interests or occupation) that has been provided to us by the client manually, via integrations, or generated/collected through Snovio’s tools (Email Finder, LI Prospect Finder, Database Search, Single Email Search, Bulk Email Search, Domain Search, Bulk Domain Search, Company Profile Search). Such information can include email address and/or first name, last name, corporate email, location (not precise), industry, current and previous position, place of work, links to social media and client’s notes about a particular prospect.

(q) CRM Data. We process prospect data and any other personal data provided to us by our client within the Snovio CRM service, information used in ‘Deals’ and ‘Tasks’ features of CRM.

(r) Synchronized Data. We can process third-party personal data (stored in client’s Hubspot or Pipedrive account) that has been provided to us by the client when the client decides to integrate their HubSpot or Pipedrive account with our platform and subsequently share with us the information stored in their HubSpot or Pipedrive account.

Business data:

(s) Business Data. We collect and process business information such as company name, location, website, HQ phone, year of foundation, industry, company size, and company social media. In some cases, this information may include personal data, for example, individual name and/or surname as a company name (such as a partnership), contained in the website URL, or phone number of the related person published as a general business number.

We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

We DO NOT sell your data. We DO NOT use automated decision-making and profiling.

We DO NOT intentionally collect and process the personal data of children or any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data

GROUNDS FOR PROCESSING

We collect and process your personal data or the personal data you provided us with in accordance with the provisions of the GDPR and other applicable laws.

GDPR provides an exclusive list of lawful bases allowing us to process the personal data. During the personal data processing, we rely only on four of them, namely:

Article 6.1(a): consent

We collect the information you choose to give us, and we process it with your consent. We require the minimum amount of your personal data that is necessary to notify you about our services and products (for example, send you a newsletter or offer).

You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful.

You may withdraw the consent to the processing of your personal data by sending us an email at help@snov.io, a message via the Site’s online chat form, or by contacting us in any other way convenient for you.

You may also withdraw your consent to receiving marketing communications from us at any time by clicking the unsubscribe link provided in the first marketing communication you receive, via the Account’s settings page or otherwise by contacting the Company via available contact options.

Article 6.1(f): legitimate interests

We can process prospect data and business data based on our, your and your potential business partner’s legitimate interests, namely to:

contribute to business cooperation between you and your potential business partners;
create and assist in discovering new business-targeted marketing and sales opportunities for you and your potential business partners;
allow you to expand your database of the potential business partners;
develop the new unique platform that simplifies and facilitates professional interaction between businesses;
allow you to use an online platform for businesses that combines sales, CRM, analytics, marketing and email service functionality;
allow your potential business partners to approach new potential and verified clients or suppliers;
allow your potential business partners to commercialize the use of their publicly posted information related to their professional or business interests/occupation.

You may read more about it in Snovio’s Joint Controllership Agreement.

We use only strictly necessary data that was subject to the legitimate interest assessment procedure.

Article 6.1(b): performance of a contract

When you provide us with the personal data during the registration of the account on the Platform, insert requested payment information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.

Article 6.1(c): legal obligation

We process your personal data to fulfill the applicable legal obligations arising mainly under the GDPR. If you send us the request to fulfill the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

HOW WE USE YOUR DATA

When acting as a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information as to the source of such data:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Creating an account on the Platform	(a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google LLC
Maintenance of the account on the Platform (including ensuring availability and accessibility of account and preventing bugs)	(a) Registration Information (b) Authentication Token Information (c) Automatically collected Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google LLC
Communication with clients and website visitors (to resolve general queries, concerns, or complaints, any other issues, or to send reports on the services performed)	(a) Registration Information (n) Contact Information (c) Automatically collected Information	Performance of a contract (Article 6(1)(b)) Your consent (Article 6(1)(a))	AWS, Hotjar, Crisp, Google Workspace, Sendgrid, Calendly, Contractors	Client, Website visitor
Analytics & Developing (for understanding, optimizing, and improving our Platform)	(c) Automatically collected Information (d) Workplace Information (n) Contact Information (o) Cookies Information	Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f))	Hotjar, Google Analytics, Google Workspace, Amplitude, Prove Source, Contractors	Client, Website visitor
Marketing (to suggest and notify you about the services and products of the Company and conduct other marketing activities)	(a) Registration Information (n) Contact Information (o) Cookies Information	Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f))	CRM Pipedrive, SendPulse, AnnounceKit, Facebook, Google LLC, Contractors	Client, Website visitor, Facebook
Processing of Payments	(e) Payment Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, 2Checkout, FastSpring
Fraud Prevention (including chargeback fraud)	(a) Registration Information (c) Automatically collected Information (e) Payment Information (j) Unlimited Email Tracker Data (o) Cookies Information	Our legitimate interest (Article 6(1)(f))	AWS, IP Quality Score, Contractors	Client, Website visitor, 2Checkout, FastSpring
Maintenance of Snov.io Affiliate Program	(n) Contact Information (name and email address)	Performance of a contract (Article 6(1)(b))	Contractors	Client, First Promoter
Enabling email sending through the Platform on the client’s behalf, track the replies to messages sent through the Platform and/or GBlast, enable the ‘Remind Me’ and ‘Send Later features’ of Unlimited Email Tracker	(f) Google User Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google API
Providing Drip Campaigns services (including LI Touch functionality) to clients	(f) Google User Data (g) Connected Accounts Data (h) Drip Campaigns Data	Performance of a contract (Article 6(1)(b))	AWS, SendPulse, Contractors	Client, Google API, Snovio tools and extension
Providing Email Warm-Up Campaigns services to clients	(g) Connected Accounts Data (i) Email Warm-Up Campaigns Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client
Performance of Domain Health functionality	(g) Connected Accounts Data (email only)	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client
Providing other services, including synchronization Google Calendar with Snovio CRM service, to clients and ensure the proper operation of the Platform	(f) Google User Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google API (including Google Calendar API)
Enabling clients to integrate their accounts on the Platform with other services	(k) Integrations API Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Third-party API (Calendly, Pipedrive, Zapier, etc.)
Maintenance of a database of contact information of potential customers or business partners to assist our clients in finding prospects according to the set search criteria	(p) Prospect Data (s) Business Data	Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)).	AWS, Contractors	Clients, Snovio tools and extensions
Providing clients with the Email AI feature and further enhancing the performance of the feature	(l) Email AI Data	Performance of a contract (Article 6(1)(b)) Our legitimate interest (Article 6(1)(f))	OpenAI, AWS, Contractors	Clients
Informing clients about the selected events via push notifications	(c) Automatically Collected Information (m) Push Notifications Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Clients
Complying with the law or legal process	(a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information (e) Payment Information (f) Google User Data (g) Connected Accounts Data (h) Drip Campaigns Data (i) Email Warm-Up Campaigns Data (j) Unlimited Email Tracker Data (k) Integrations API Information (l) Email AI Data (m) Push Notifications Information (n) Contact Information (o) Cookies Information (p) Prospect data (q) CRM Data (r) Synchronized Data (s) Business data	Legal obligation (Article 6(1)(c)) Our legitimate interest (Article 6(1)(f))	AWS, Hotjar, Google Workspace, Google Analytics, Sendgrid, Crisp, Amplitude, Prove Source, CRM Pipedrive, SendPulse, IP Quality Score, Contractors	Client, Google LLC, Facebook, 2CheckOut, FastSpring, Third-party API, Snovio tools and extensions

We also process certain personal data as a data processor, at the request and pursuant to the instructions given by the respective user of our Platform (data controller in that case). Please note that we can process certain personal data when you use or access our services, tools, and extensions, or synchronize data about contacts stored in your HubSpot or Pipedrive account with Prospect and Business data in your Snovio account. You can read more in the ‘SNOVIO EXTENSIONS AND INTEGRATIONS’ section of this Policy. We describe several possible situations where we can act as a data processor in the table below:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Providing our clients with the services and tools for searching personal data of potential customers or business partners	(p) Prospect data (s) Business data	Determined by the respective data controller, namely, the Client.	AWS, Contractors	Client, Snovio tools and extensions
Providing our clients with the services regarding verification of email addresses	(p) Prospect data (only Email addresses)	Performance of a contract (Article 6(1)(b)).	AWS, Contractors	Client
To provide CRM services to clients (operate, group and structure the Prospect data and other information used in the ‘Deals’ and ‘Tasks’ features of CRM)	(q) CRM Data	Performance of a contract (Article 6(1)(b)).	AWS, Contractors	Client
Providing our clients with the possibility to integrate their account of another platform with our platform to combine the functionalities of multiple platforms	(p) Prospect data (r) Synchronized data (s) Business data	Performance of a contract (Article 6(1)(b)).	AWS, HubSpot, Pipedrive, Contractors	Client, HubSpot, Pipedrive
Providing our clients with the Drip Campaigns services (including LI Touch functionality)	(h) Drip Campaigns Data (p) Prospect data	Performance of a contract (Article 6(1)(b)).	AWS, Contractors	Client, Snovio tools and extensions

In some situations, we can act as joint controllers with our clients. When we act as a joint controller jointly with you, Joint Controllership Agreement shall be applicable to you. In such a case, we may process the following personal data:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Providing our clients with the services and tools for searching personal data of potential customers or business partners	(p) Prospect data (s) Business data	Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)).	AWS, Contractors	Client, Snovio tools and extensions

GOOGLE USER DATA

IMPORTANT: Snovio's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We analyze all new email in your Inbox using automated algorithms and, in the event they received as answer to emails sent via campaigns and single send email option, we will store them (with all text information, attaches and images) and record the results of the analysis to provide accurate campaign functioning, campaign statistics, demonstrate the content of the emails to the user (to which Snovio does not have access), and ensure operability of the Remind Me feature in case the sent email receives no reply.

We do not access your Sent emails through your Gmail account. We use access to draft sending in your Gmail account to ensure the operability of the Send Later feature.

We may add a tracking pixel to the body of emails sent through our service to track email opens and wrap your links with tracking domain to track link clicks. We use the data acquired through these tracking methods to maintain email campaign operability and provide campaign reports.

You may revoke Snovio’s access to your Gmail account in the Account’s settings page here. If you decide to do so, we will lose access to your Gmail account and will no longer be able to provide you campaign sending services through Gmail API.

We delete all data collected from your Gmail account upon request.

Not all Google User Data may contain personal data. Some statistical data will be anonymized.

With regard to the access to Google User Data as specified above, we will:

only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
not use this Gmail data for serving advertisements;
not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Platform's internal operations and even then only when the data have been aggregated and anonymized.

SNOVIO EXTENSIONS AND INTEGRATIONS

You may use our extensions, namely Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier, and Web Technology Checker to facilitate your email campaigns to your potential business partners.

Email Finder and LI Prospect Finder

To use the extensions, you need to be registered at and logged into app.snov.io. Upon installation and activation of the extensions, the extensions may collect personal information such as email addresses and business profiles from publicly available sources. Handling and storing of this information in your account on your behalf occurs only at your request. At the same time, we may store certain information obtained when you use the LI Prospect Finder extension such as business profiles you visited. This data is stored in our database and can be found through a search inside the Platform.

If you do not want your personal data to be included as part of our service, you may opt-out by contacting us at help@snov.io or opt-out from all mailing lists on the Platform through this form. You can read more in the ‘HOW TO DELETE MY DATA’ section of this Policy.

Unlimited Email Tracker

The extension may require authorization in our web application (app.snov.io). Additionally, to use the Send Later and Remind Me features you must allow Snovio to access your Google account. You can learn more about how Snovio uses your Google data in the ‘GOOGLE USER DATA’ section of this Policy.

You can send emails through your usual Gmail interface and Unlimited Email Tracker extension will provide tracking information. We’ll let you know if we think your emails have been opened and how many times. We store the subject and message ID of emails for the open notifications only. We use them for tracking, as well as to enable the ‘Send Later’ and ‘Remind Me’ features. We store message ID, subject, sender, and recipient of an email for fraud prevention purposes within the period specified in ‘DATA SECURITY, INTEGRITY, AND RETENTION’ section of this Policy.

Email Verifier

To use the extension, you need to be registered at and logged into app.snov.io. The extension may collect email addresses from the websites you visit. We store the data only upon your request, and only if you click the "Save" button.

Website Technology Checker

To use the extension, you don't need to be registered at or logged into app.snov.io. This extension collects the information about websites using specific web technologies (non-personal data). We only store domains from visited websites to help us provide a better user experience.

Depending on your device and OS version, we have to request you to approve certain permissions for collection and processing of your personal data to enable the operation of the Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier and Web Technology Checker extensions. Below is a list of such permissions and information explaining why our extensions ask for them:

Type of permissions required by the extensions and purposes of their collection/processing	Legal grounds	Third Parties recipients	Extension
"tabs" is using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open pages of app.snov.io); "*http: // /", - access to all sites to get page content (alternative to all_urls); "https: // * /", - access to all sites to get page content (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "notifications", - to show push notifications (completion of background tasks); "webRequest", - for automated information collected from web pages without direct opening of the pages by the user; "contextMenus**" - to create a new item 'Background tasks' in the context menu of the extension.	Your consent (Article 6(1)(a));	AWS, MongoDB	Email Finder
"**: //.snov.io/**", - access to our pages and API; "https://mail.google.com/", - access to Gmail pages; "tabs" - for using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open Gmail pages); "cookies", - session recovery via cookies from app.snov.io; "storage", - we store the activation settings of the tracker in the synchronized storage (if it's activated on one computer, then the settings are synchronized on others via Google account); "notifications" - push notifications; "gcm" - to transfer data from the server to the client, needed to show push notifications; "scripting" - is used to execute the script in the tab; "alarms" - this allows the user to set a timer for sending the email or to send it later automatically at a time specified by the user.	Your consent (Article 6(1)(a));	AWS, MongoDB	Unlimited Email Tracker
"tabs", - for using chrome.tabs API (getting bookmark links, creating new tabs with our link); "*http: // /*", "https:///"- access to all sites to receive page content, for email search on pages (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "storage", - storage of found emails lists; "unlimitedStorage", removes the limit on the number of emails stored in the Сhrome storage; "notifications" - push notifications after the email verification is completed.	Your consent (Article 6(1)(a));	AWS, MongoDB	Email Verifier
"storage", - for storing settings and found technologies; "tabs", - for using chrome.tabs API; "webRequest", - to access the chrome.webRequest API functions for reading of the HTTP headers to identify the technologies used; "http: // * / ", - access to all sites to get page content; "https:///", - access to all sites to get page content; "cookies*" - session recovery via cookies from app.snov.io, as well as to determine the technologies used.	Your consent (Article 6(1)(a));	AWS, MongoDB	Website Technology Checker

Third-Party Integrations

On our Platform we enable users to use our integration with HubSpot or Pipedrive service to synchronize Prospect and Business data from their Snovio account with data about contacts stored in their HubSpot or Pipedrive account. When you integrate your HubSpot or Pipedrive account with our Platform, the data is transferred from your Snovio account to the HubSpot or Pipedrive account and from the Hubspot or Pipedrive account to your Snovio account in order to synchronize data between both platforms.

By enabling third-party integration, you potentially allow the third-party platform to access your data. We highly recommend reviewing the privacy practices implemented by the third-party services before enabling any integrations with them. You may read HubSpot’s Privacy Policy here and Pipedrive’s Privacy Notice here.

Email AI (Integration with OpenAI API)

The clients can use Email AI feature to write and edit the email text (including the email tone and language) and/or generate the email subject line according to the provided information. We use OpenAI's API to provide clients with the Email AI feature, available to fee-based plans. The Email AI feature is available by default, but the client can deactivate it on any occasion.

When the client uses the Email AI feature, we will transmit the client email's textual content to OpenAI to generate or edit the text and/or subject line according to the provided information. Be aware the generated email text and/or email subject line may occasionally be inaccurate due to the nature of machine learning. The client is solely responsible for reviewing the generated text and/or subject line.

Please note, Snovio and OpenAI may retain the information you provide us with while using the Email AI feature for a limited period of time. You can learn more about how long your Email AI data is stored and processed below in the ‘DATA SECURITY, INTEGRITY, AND RETENTION’ section of this Policy.

We highly recommend reviewing the privacy practices implemented by OpenAI before using the Email AI feature. You may read OpenAI Sharing & publication policy, OpenAI API data usage policies and Open AI Usage policies.

MARKETING COMMUNICATIONS

To keep users informed about our new products and services, we may send them promotional messages via SMS or email.

We may send SMS messages under legal bases as defined in the ‘HOW WE USE YOUR DATA’ section of this Policy. During the sign-up process, clients are provided with a checkbox to opt in to receive marketing communications. By selecting this checkbox, clients are actively providing their consent to receive marketing messages from us. This step is optional, and clients can skip the checkbox and proceed with the sign-up process if they prefer not to receive any marketing communications.

For clients registered on the Platform prior to the implementation of this option, marketing messages may be sent based on the Company's legitimate interests. However, these clients retain the right to opt out of receiving marketing communications at any time as defined in this Policy.

We can send marketing communications promoting our similar products and services by email under our legitimate interests. We have conducted a Legitimate Interests Assessment (LIA) to assess that this processing is necessary and balanced against the rights and freedoms of our clients.

Opportunity to withdraw consent or opt-out

Clients can opt out of receiving marketing communications at any time. The first marketing SMS message we send and every email include a link to unsubscribe from receiving marketing communications. If the client wants to stop receiving further marketing content from us, they can follow the link and withdraw their consent or opt out. In any case, the client can withdraw their consent or opt out through other available options as specified in the ‘GROUNDS FOR PROCESSING’ section of this Policy.

DATA SECURITY, INTEGRITY, AND RETENTION

We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.

We store Registration Information for the entire period when you use our services and for 90 days after the termination of your account on the Platform.

We store Payment Information you have provided us with for the entire period when clients use our services subject to partial deletion and partial anonymization thereafter.

We store Cookie Information for the period specified in our Cookie Policy.

We store Prospect Information provided to us by you manually or via Email Search services, excluding email addresses, for the entire period when you use our services and 3 months after the deletion of your account on the Platform. In any case, such information can be deleted if we obtain a deletion request from a prospect.

We store CRM Data, including personal data contained in the deals and tasks, for 90 days either after the deletion of the specific deal or task where such data has been processed or after the deletion of your account on the platform.

We store Email AI Data for 60 days after you have provided this data for us using the Email AI feature. Please note that while our service provider OpenAI states it does not use API data to train OpenAI models or improve OpenAI’s service offering by default, it may store data generated by the service for abuse and monitoring purposes for the period established in OpenAI API data usage policies (for up to 30 days at the moment of updating our Privacy Policy).

We store Authentication Token Information, Google User Data, Drip Campaigns Data, Integrations API Information for the period established by a third party who provided us with such information.

We store Unlimited Email Tracker Data for 60 days after the relevant email was delivered.

We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at help@snov.io or contacting us in another way convenient for you.

We have implemented appropriate organizational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

SHARING YOUR DATA WITH OTHER ENTITIES

We may share your personal data as a data controller with joint controllers, other controllers, and data processors in accordance with provisions specified hereafter.

Sharing personal data with joint controllers (other controllers)

We act as the joint controller while cooperating with Facebook (Meta Platforms Ireland Limited). With respect to this case of personal data processing, we are the party to the Facebook Controller Addendum. Namely, Meta Platforms Ireland Limited and we act as joint controllers with regard to:

marketing and statistical data collected by Facebook and shared with us via Facebook pixel; and
emails of the clients we provide Facebook with to customize the advertising of our services.

Likewise, we act as joint controllers during the provision of our services to the clients. You may read more about it in Snovio’s Joint Controllership Agreement.

When we act as a joint controller for particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both joint controllers.

Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services such as Google DoubleClick Digital Marketing and Google AdWords. To learn more, please visit our Cookie Policy.

Sharing personal data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We have established supplier assessment procedures to ensure we choose trusted partners who provide appropriate security measures and safeguards.

Therefore, we may share and disclose your personal data to other data processors:

AnnounceKit (AnnounceKit LLC, USA): to communicate updates to the users. You may read AnnounceKit’s Privacy Policy here.
Hotjar (Hotjar Ltd, Malta): to explore the user’s experience while using the Platform. You may read Hotjar’s Privacy Policy here;
CRM Pipedrive (Pipedrive OÜ, Republic of Estonia): to notify our clients about the services and products of the Company and use its communication tools for sales. You may read Pipedrive’s Privacy Policy here;
Amazon Web Services, AWS (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read AWS Privacy Policy here;
MongoDB (MongoDB, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read MongoDB Privacy Policy here;
Google Analytics (Google LLC, USA): to analyse statistical data on how the website visitor uses the Site in order to improve our Site’s functionality. You may read its Privacy Policy here;
Google Workspace (Google LLC, USA): to use Google services such as Gmail, Chat, Meet, Calendar, Drive, Docs, Sheets, Slides, Forms for collecting, storing, structuring and using your personal data. You may read its Privacy Policy here;
SendPulse (SendPulse Inc., USA): to facilitate mail campaigns to the clients and monitor the status of such sent messages. You may read SendPulse’s Privacy Policy here;
SendGrid (Twilio Inc., USA): to facilitate mail campaigns initiated by our clients to third parties and provide our clients with the statistical data regarding such campaigns. You may read SendGrid’s Privacy Policy here;
Crisp (Crisp IM SARL, France): to ensure the proper communication with you in case you will need any help, assistance, explanations etc. You may read Crisp’s Privacy Statement here;
IP Quality Score (IPQualityScore, LLC, USA): to prevent any fraudulent actions and predict the probability of refunds and chargebacks from the clients’ side. You may read IPQualityScore’s Privacy Statement here;
FastSpring (Bright Market, LLC, UK, USA and the Netherlands): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read FastSpring's Privacy Statement here;
2Checkout (Avangate B.V., the Netherlands and Avangate Inc., USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read 2Checkout’s Privacy Policy here;
First Promoter (Igil Webs SRL, Romania): to create and maintain our affiliate, referral and influencer programs. You may read First Promoter’s Privacy Policy here;
Calendly (Calendly LLC, USA): to schedule and manage appointments with website visitors regarding our Platform and/or services. You may read Calendly’s Privacy Notice here;
Amplitude (Amplitude, Inc., USA): to track the digital performance of our services and products by analysing clients’ behaviour to adapt and optimize the Platform for our clients’ needs. You may read Amplitude’s Privacy Notice here;
Prove Source (Configo Ltd., Israel): to collect information on user preferences and interaction with content on the Platform. You may read Prove Source’s Privacy Policy here.
OpenAI (OpenAI LLC, USA): to provide the clients with the Email AI feature. You may read OpenAI’s Usage policies here.
We may disclose some of your personal data to our outsource technical specialists in order to improve our Platform and your experience as well as deliver the functionality of the Platform. We may disclose your data to sales and marketing specialists to provide you with better client service, communicate with you at your request, send you newsletters and increase the sales. Also, we may disclose some of your personal data to our outsource legal professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors.

We may transfer your personal data to countries outside the EU and EEA (for example, Ukraine, China, and Brazil) that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Snovio may adjoin such a data processing agreement. If so, Snovio and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.

Snovio had adjoined the publicly available data processing agreements of the following Contractors:

Contractor	Data Processing Agreement
Google (Google Analytics and Google Workspace)	available in the personal account: https://support.google.com/analytics/answer/3379636?hl=en; https://support.google.com/tagmanager/answer/7207086?hl=en.
Hotjar	https://www.hotjar.com/legal/support/dpa/
CRM Pipedrive	https://www-cms.pipedriveassets.com/documents/Data-Processing-Addendum-Mar_2022.pdf
Amazon Web Services	https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
MongoDB	https://www.mongodb.com/legal/dpa
SendPulse	https://sendpulse.com/legal/processing
Send Grid	https://www.twilio.com/en-us/legal/data-protection-addendum
Crisp	available in the personal account; https://help.crisp.chat/en/article/how-to-sign-my-gdpr-data-processing-agreement-dpa-1wfmngo/
IP Quality Score	https://www.ipqualityscore.com/data-processing-agreement
FastSpring	https://fastspring.com/terms-use/seller-terms-service/clauses/
First Promoter	available at request; https://firstpromoter.com/gdpr
Amplitude	https://amplitude.com/dpa
Prove Source	https://drive.google.com/file/d/1-7TLIFu8vTggJrM0CAeUDQ78TOCGiDwy
Calendly	https://calendly.com/dpa
OpenAI	available after execution - https://openai.com/policies/data-processing-addendum

LINKS TO THIRD-PARTY WEBSITES OR SERVICES

Our Platform may contain links that direct you to other websites or services whose privacy practices may differ from ours. Snovio can incorporate links to third-party websites or post YouTube videos with information about Snovio’s services within its articles posted on Snovio’s Blog, in Knowledgebase, Glossary or other sections of the Site, or supply you with such links when communicating with you.

Please note that if you provide any information to these third-party websites or services, their privacy policies, notices, or statements will govern your data, not this Privacy Policy. We encourage you to carefully review the privacy policies, notices, or statements of any website you visit. We have no control over and assume no responsibility for third-party websites or services' content, privacy policies or practices.

INTERNATIONAL DATA TRANSFERS

For transfers to countries that do not fall under the requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal International Transfer Procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.

We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

CHILDREN’S PRIVACY

We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the Platform does not knowingly collect personal data from persons under the age of 13.

By registering on the Platform and entering into the contract with the Company, you acknowledge that you have reached the age of 13 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.

If you have any reason to believe that a child under the age of 13 has provided his/her personal data to us, please contact us at help@snov.io.

RIGHTS UNDER GDPR

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channels to address your inquiries: help@snov.io.

When we act as a joint controller with regard to particular processing of prospect data and business data, you may exercise your rights under the GDPR in respect of and against both our clients and us.

If we receive any complaint, claim or request from the data subject which shall be completed by our joint controller, we immediately notify it of such request and inform the data subject of the applied measures and further performance steps regarding serving such complaint/claim/request.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Your rights under the GDPR:

right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.
right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
right to restriction of processing means that you may ask us to restrict processing where:
1. your personal data is not correct or outdated;
2. the processing is unlawful.
right to object to the processing means that you may raise objections on grounds relating to your particular situation;
right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
right to withdraw the consent when your personal data processed on a basis of your consent (see section Grounds for processing);
right to lodge a complaint with the supervisory authority pertaining to the processing of your personal data.

Supervisory Authority under GDPR:

In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.

YOUR US STATE PRIVACY RIGHTS

California residents’ rights

Under the California Consumer Privacy Act (the “CCPA”) amended with the California Privacy Rights Act (the “CPRA”), California residents have certain rights regarding our collection, use, and sharing of their personal information.

In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Platform:

Category A – Identifiers;
Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80(e);
Category D - Commercial information;
Category F – Internet or other similar network activity;
Category G – Geolocation data;
Category I – Professional or employment-related information;
Category L – Sensitive personal information, namely, the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

You can find a detailed description of the personal information that we may collect from you above in the ‘TYPE OF DATA WE COLLECT’ section of this Policy. The purposes of the collection and/or use of personal information is stated in the 'HOW WE USE YOUR DATA' section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.

If you are a California resident, to the extent provided for by the CCPA and subject to applicable exceptions, you have the following rights in relation to the personal information we have about you:

Right to obtain information. You can request information about what personal information has been collected about you and how we have used that personal information during the preceding 12 months.
Right of access. You can request a copy of the personal information that we have collected about you during the preceding 12 months.
Right to deletion. You can request us to delete the personal information that we have collected from you unless it is necessary for us to maintain your personal information in certain cases under the CCPA, such as protection against malicious, deceptive, fraudulent, or illegal activity.
Right to be free from discrimination relating to the exercise of any of your privacy rights.

The CPRA, amended the CCPA and added new additional privacy protection rights for a California residents, as follows:

Right to correct inaccurate personal information. You can request us to correct the inaccurate personal information about you.
Right to limit the use and disclosure of sensitive personal information. This right allows you to limit the use and disclosure of your sensitive personal information by the company. We don’t intentionally collect any sensitive personal information about you.

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA, as amended.

You can exercise your rights under the CCPA, as amended by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA, as amended. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Virginia, Colorado, Connecticut residents’ rights

Under the Virginia Consumer Data Protection Act (the “VCDPA”), Colorado Privacy Act (the “CPA”), Connecticut Data Privacy Act (the “CTDPA”), residents have certain rights regarding our collection, use, and sharing of their personal information.

We may collect various categories of personal information when you use and/or access our Platform, including personal information of clients and website visitors, related persons and third-party prospects. Under the jurisdiction of applicable state laws you may possess certain rights. Subject to the laws of your particular jurisdiction, you may have the following rights:

Right of access. You can request confirmation whether or not we are processing your personal data and request access to such personal data.
Right to correction. You can request correcting inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.
Right to deletion. You can request deleting personal data provided by or obtained about you.
Right to data portability. You can request obtaining a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
Right to opt out. You can request opting out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the VCDPA, CPA and CTDPA.

You can exercise your rights under the VCDPA, CPA and CTDPA by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the VCDPA, CPA and CTDPA. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

BRAZILIAN RESIDENTS’ RIGHTS

This section will help you understand your rights under the LGPD and the way how we ensure them. If you are a user located in Brazil, you are able to exercise the following rights with respect to your personal data that we process:

right to confirmation of the existence of the processing;
right to access the data;
right to correct incomplete, inaccurate or out-of-date data;
right to anonymize, block, or delete unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD;
right to the portability of data to another service or product provider, by means of an express request;
right to delete personal data processed with the consent of the data subject;
right to obtain the information about the possibility of not giving consent and about the consequences of the refusal;
right to obtain the information about public and private entities with which the controller has shared data;
right to revoke consent.

Please note! We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal data relates to you. We will only use such personal data to verify your identity

You may exercise the aforementioned rights by submitting your request at help@snov.io or in any other way convenient for you.

HOW TO DELETE YOUR DATA

We kindly ask you to contact us directly so that we can quickly satisfy your deletion request or you can use a dedicated tool to delete your personal data from our Platform by yourself as described below.

You may request Company to delete all of your personal data using the following options of your choice:

by sending a request to Snovio via email help@snov.io or through any other available means of communication;
by using Snovio’s Clear email feature, which works as follows: upon receipt of the signal that a person used the dedicated form, the Company will delete the personal information it holds as a data controller and pass through such request for deletion to current and future data controllers (our clients in this case) if any.

In any case, please let us know if you have any difficulties in deleting your personal data. We will be happy to help you.

CHANGES TO THIS POLICY

This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. Also, we encourage you to regularly review this Policy to check for any changes.

Such notification may be provided via your email address, posted in our social media accounts or announcement on the Site and/or by other means, consistent with applicable law.

If possible, we always give advance notice of upcoming changes by indicating when the new version Privacy Policy will take effect. If you continue to use our service or otherwise provide us with your personal information after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.

CONTACT INFORMATION

If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR, CCPA, LGPD, and other applicable laws, you can contact our Data Protection Officer directly using the following details:

External Data Protection Officer
Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: snovio_dpo@snov.io.

You may also contact us directly, including by post, using the following details:

Our address: 220 East 23rd Street, 4th Floor, Office 401, New York 10010, USA
Our email: help@snov.io
Phone number: (+1) 347 705 0819.

OUR REPRESENTATIVE IN THE EU/EEA

Snovio Inc. has appointed Privacity GmbH as its EU/EEA representative pursuant to Article 27 GDPR. You can contact the representative at:

Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: representative@privacity.de