1. Introduction

HighAdvocacy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer advocacy platform and related services (the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.

This policy applies to all users worldwide, with specific provisions for users in the European Union (GDPR) and California (CCPA).

2. Information We Collect

We collect information in several ways:

Personal Information You Provide

- Account information (name, email address, company name, job title) - Contact information (phone number, business address) - Profile information (profile photo, bio) - Communication data (messages, support requests)

Information from Your Use of the Service

- Usage data (features accessed, actions taken, time spent) - Device information (browser type, operating system, device identifiers) - Log data (IP address, access times, pages viewed) - Performance data (errors, crashes, diagnostics)

Information from Third Parties

- Social media profile data (when you connect LinkedIn or other accounts) - Payment information (processed by our payment providers) - Review platform data (when you authorize integrations)

Cookies and Tracking Technologies

- Essential cookies (required for Service functionality) - Analytics cookies (to understand usage patterns) - Marketing cookies (with your consent, for relevant advertising)

3. How We Use Your Information

We use collected information for the following purposes:

Service Delivery

- Provide, maintain, and improve our Service - Process transactions and manage your account - Enable advocacy campaign features and integrations - Verify advocacy actions and distribute rewards

Communication

- Send service-related notifications and updates - Respond to your inquiries and support requests - Provide customer service assistance

Analytics and Improvement

- Analyze usage patterns to improve our Service - Develop new features and functionality - Monitor and prevent fraud or abuse

Legal and Compliance

- Comply with legal obligations - Enforce our Terms & Conditions - Protect our rights and the rights of others

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

Contract Performance

Processing necessary to provide the Service you requested, including account management and feature delivery.

Legitimate Interests

Processing for our legitimate business interests, such as improving our Service, preventing fraud, and marketing (balanced against your rights).

Consent

Where you have given explicit consent, such as for marketing communications or optional cookies.

Legal Obligation

Processing required to comply with applicable laws and regulations.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Information Sharing & Disclosure

We do not sell your personal information. We may share information in the following circumstances:

Service Providers

With trusted third-party vendors who assist in operating our Service (hosting, analytics, payment processing), bound by confidentiality obligations.

Business Transfers

In connection with a merger, acquisition, or sale of assets, with appropriate notice provided.

Legal Requirements

When required by law, court order, or governmental authority, or to protect our legal rights.

With Your Consent

When you authorize integrations with third-party platforms (G2, LinkedIn, etc.), information is shared as necessary for those integrations.

Aggregated Data

We may share anonymized, aggregated data that cannot identify individuals for research and analytics purposes.

6. Data Security

We implement industry-standard security measures to protect your information:

•Encryption of data in transit (TLS/SSL) and at rest
•Regular security assessments and penetration testing
•Access controls and authentication requirements
•Secure data centers with physical security measures
•Employee training on data protection practices
•Incident response procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

7. Your Rights (GDPR - EU Users)

If you are located in the European Economic Area, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

Right to Restriction

Request limitation of processing in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making

Not be subject to decisions based solely on automated processing with legal effects.

To exercise these rights, contact us at hello@highadvocacy.com. We will respond within 30 days.

8. Your Rights (CCPA - California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.

Right to Delete

Request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Opt-Out

We do not sell personal information. If this changes, you will have the right to opt-out.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

To submit a request, email us at hello@highadvocacy.com or use the contact form on our website. We will verify your identity before processing requests.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for basic functionality (authentication, security, preferences). Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our Service. You can opt-out via your browser settings or our cookie preferences.

Marketing Cookies

Used to deliver relevant advertisements. Require your consent and can be managed through our cookie banner.

Managing Cookies

Most browsers allow you to control cookies through settings. Disabling certain cookies may affect Service functionality.

We also use: - Local storage for preference settings - Pixel tags in emails to track opens and clicks (you can disable images in your email client)

10. Data Retention

We retain personal information for as long as necessary to:

•Provide the Service and fulfill our contractual obligations
•Comply with legal and regulatory requirements
•Resolve disputes and enforce agreements
•Maintain security and prevent fraud

Retention Periods

- Account data: Retained while your account is active, plus 3 years after closure - Transaction records: 7 years (for legal and tax purposes) - Analytics data: 26 months (anonymized thereafter) - Marketing data: Until you opt-out or withdraw consent

Upon request for deletion, we will remove or anonymize your data within 30 days, except where retention is required by law.

11. International Data Transfers

HighAdvocacy is based in India. If you access our Service from outside India, your information may be transferred to and processed in India or other countries.

For EU Users

We ensure appropriate safeguards for international transfers through: - Standard Contractual Clauses (SCCs) approved by the European Commission - Adequacy decisions where applicable - Your explicit consent where required

We take steps to ensure your data receives the same level of protection regardless of where it is processed.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us immediately at hello@highadvocacy.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

- Material changes will be notified via email and/or prominent notice on our Service - The "Last updated" date will be revised - Previous versions will be made available upon request

We encourage you to review this policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

HighAdvocacy Email: hello@highadvocacy.com Website: www.highadvocacy.com

Data Protection Inquiries

For GDPR-related requests or data protection inquiries, email: hello@highadvocacy.com

We aim to respond to all privacy-related inquiries within 30 days.

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.