ConvertDeck

Privacy Policy for ConvertDeck

Effective Date: 31 May 2025

Welcome to ConvertDeck! This Privacy Policy describes how ConvertDeck ("ConvertDeck," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website, services, and applications (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service.

1. Information We Collect

We collect information to provide and improve our Service to you. The types of information we may collect are:

A. Information You Provide Directly to Us:

  • Account Information: When you create a ConvertDeck account, we collect information such as your name, email address, company name (if applicable), and password.
  • Payment Information: If you subscribe to a paid plan, we will collect payment information (such as credit card details or other payment method information). This information is typically processed by our third-party payment processors, and we do not store full credit card numbers on our servers.
  • Klaviyo Account Credentials: To connect your Klaviyo account(s) to our Service, you will need to provide us with API keys or other necessary credentials for your Klaviyo account(s). We use these solely to interact with the Klaviyo API on your behalf as instructed by you.
  • Brand Assets: If you use our auto-branding features, you may upload or provide brand assets such as logos, color schemes, and font preferences.
  • Communications: If you contact us directly (e.g., for customer support, feedback), we may collect your name, email address, and the contents of your communication.

B. Information We Collect Automatically When You Use the Service:

  • Usage Information: We collect information about how you interact with our Service. This may include features you use, pages you visit, forms you create (metadata about the forms, not the subscriber data entered into them), the dates and times of your access, and other actions you take.
  • Log Data and Device Information: We automatically collect log data and device information when you access and use the Service. This information may include your IP address, browser type, operating system, device identifiers, referral URLs, and crash data.
  • Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies (e.g., web beacons, pixels) to operate and administer our Service, gather usage data, and improve your experience. You can control the use of cookies at the individual browser level. For more information, see our "Cookies and Tracking Technologies" section below.

C. Information Regarding Your End-Users (Subscribers):

IMPORTANT CLARIFICATION: ConvertDeck does not store the personal data of your end-users or subscribers (e.g., email addresses, phone numbers) that are submitted through the forms created using our Service. Form submissions are transmitted directly to your connected Klaviyo account(s) via the Klaviyo API. We do not access or store this subscriber data. Your subscriber data resides within your Klaviyo workspace(s) and is subject to Klaviyo's privacy practices and your agreements with Klaviyo.

2. How We Use Your Information

We use the information we collect for various purposes, including:

To Provide and Maintain Our Service:

  • To create and manage your ConvertDeck account.
  • To enable the connection to your Klaviyo account(s) and facilitate the creation and deployment of forms.
  • To apply your brand assets to forms as directed by you.
  • To process your payments for subscription services.

To Improve and Personalize Our Service:

  • To understand how users interact with our Service to enhance usability and develop new features.
  • To personalize your experience with the Service.

To Communicate With You:

  • To send you service-related communications, including updates, security alerts, and administrative messages.
  • To respond to your inquiries, comments, and provide customer support.
  • To send you marketing and promotional communications (with your consent, where required by law, and with the option to opt-out).

For Security and Fraud Prevention:

  • To monitor and protect the security of our Service, detect and prevent fraudulent activity, and enforce our Terms of Service.

To Comply with Legal Obligations:

  • To comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With Klaviyo: As the core functionality of our Service involves integrating with Klaviyo, we transmit data related to the forms you create (but not your subscribers' personal data collected by those forms, which goes directly to Klaviyo) and use your Klaviyo API credentials to interact with your Klaviyo account as directed by you.
  • Service Providers and Business Partners: We may share your information with third-party vendors, service providers, contractors, or agents who perform services on our behalf, such as:
    • Payment processing (e.g., Stripe, PayPal)
    • Cloud hosting and infrastructure (e.g., AWS, Google Cloud)
    • Analytics providers (e.g., Google Analytics)
    • Email service providers (for our communications with you)
    • Customer support tools
    These third parties are authorized to use your personal information only as necessary to provide these services to us and are obligated to protect your information.
  • Legal Requirements and Protection of Rights: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
    • Comply with a legal obligation, court order, or subpoena.
    • Protect and defend the rights, property, or safety of ConvertDeck, our users, or the public.
    • Prevent or investigate possible wrongdoing in connection with the Service.
  • Business Transfers: If ConvertDeck is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
  • Aggregated or Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for purposes such as research, analytics, or marketing.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

4. Data Retention

We will retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Specifically:

  • Account information is kept while your account is active and for a reasonable period thereafter in case you decide to re-activate the Service or for audit purposes.
  • Klaviyo API credentials you provide are stored securely while your account is active and are deleted upon account termination or when you disconnect a Klaviyo account.
  • Usage data may be retained for analytical purposes for a period necessary to achieve those purposes.

If you wish to request the deletion of your personal information, please contact us as described in the "Your Data Rights and Choices" section.

5. Data Security

We take reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, and disclosure. For example, we use encryption (such as SSL/TLS) for data in transit and at rest where appropriate, and we restrict access to personal information to authorized personnel.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Your Data Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include:

  • Right to Access: You may have the right to request access to the personal information we hold about you.
  • Right to Rectification: You may have the right to request that we correct any inaccurate or incomplete personal information.
  • Right to Erasure (Right to be Forgotten): You may have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Restrict Processing: You may have the right to request that we restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: You may have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You may have the right to object to our processing of your personal information, such as for direct marketing purposes.
  • Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

To exercise any of these rights, please contact us at legal@convertdeck.com or using the mail information provided in the "Contact Us" section. We will respond to your request within a reasonable timeframe and in accordance with applicable laws. We may need to verify your identity before processing your request.

You can typically access and update some of your account information through your account settings within the Service. You can opt-out of receiving promotional emails from us by following the unsubscribe instructions provided in those emails.

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), UK, or Switzerland, we will ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other mechanisms as permitted by applicable data protection laws.

By using our Service, you consent to the transfer of your information to The Netherlands and other jurisdictions where we or our service providers operate.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Types of Cookies We Use:

  • Essential Cookies: Necessary for the Service to function and cannot be switched off in our systems.
  • Performance and Analytics Cookies: Allow us to count visits and traffic sources so we can measure and improve the performance of our Service.
  • Functionality Cookies: Enable the Service to provide enhanced functionality and personalization.

Your Choices: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Service.

9. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or a higher age threshold if applicable in your jurisdiction, e.g., 16 in some parts of the EU). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child, please contact us.

10. Third-Party Links and Services

Our Service integrates with Klaviyo and may contain links to other websites or services not operated or controlled by us (e.g., links in blog posts or support articles). This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them. Your interactions with Klaviyo are governed by Klaviyo's own privacy policy and terms of service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also provide notice to you through your registered email address or through a notification within the Service.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after any modification to this Privacy Policy will constitute your acceptance of such modification.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: legal@convertdeck.com