Privacy policy

(a) Contact Information. We can collect some personal data when you submit your personal data via the Website’s forms, social media, messengers, email to contact and/or provide feedback on our Platform. Such data may include name, email, and other information you may provide us via available contact options.

(b) Cookies Information. On our Website, we may use cookies and other tracking technologies for a variety of purposes: for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third party website or us. To learn more regarding our use of cookies please see our Cookie Policy.

(c) Registration Information. When you create an account on the Platform, we collect the following required information about you — email address. You must enter the above information yourself to create an account unless we receive such information about you from the third-party authentication token when you choose to sign up using the respective button.

(d) Authentication Token Information. When you create an account in the Platform through the respective ‘Sign In with…’ button, we collect an encrypted authentication token obtained from the selected service provider. We can obtain the following information about you via such a token: support@uspacy.com.

(e) Integrations API Information: Clients’ API tokens, which are necessary to integrate your account (giving our Platform access to a third-party platform API) with other third-party services such as social networks, email marketing, payment systems, telephony, banks, etc.

(f) Automatically Collected Information. When you use our Platform, we collect certain information about you and your device automatically, including user behaviour and conversions.

(g) Payment Information. If you order services from us, you will need to provide certain personal details, including name, email, and phone number, so the order can be fulfilled. If the payment is made on the behalf of a legal entity, we also may collect some information about such a legal entity. In order to obtain payment from you, we will use or direct you to a separate payment provider who will collect financial information from you and process your payment. Please, read the privacy policy of a separate payment provider before making a payment to us, as that separate payment provider is collecting, processing, and storing your financial information and we do not have direct access to or possession of your payment card information or banking information.

(j) Client’s Information. As part of our services, we can process third-party personal data that has been provided to us by our Clients. In this case, we process such personal data (which may relate to customers, prospects, employees, contractors of Clients) under instructions provided by the respective Client.

We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.

Usually, we retain your data while your account is actively used, but we will delete your personal data if we notice that you have not used your account for a long time or if you ask us to delete your personal data.

Some categories of data can be stored for a shorter time: for example, cookies expire in a few days, weeks or months as they are programmed to (or earlier if you clean your browser’s cache).

We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Despite any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at privacy@uspacy.com or contacting us via another way convenient for you.

As a data processor, we store information you provided us with through your account for the period of time specified in the Company’s Terms of Service. If your account on the Platform is inactive (you do not access Platform and/or do not use our services) for the [insert period], the personal data is to be deleted in accordance with Company’s Data Processing Addendum.

We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

We may share your personal data as a data controller to joint controllers and data processors in accordance with provisions specified hereafter.

Sharing data with joint controllers

In some cases we may act as a joint controller jointly with other joint controllers, for example, while using Meta pixel. In respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum. In such a case, a data subject may exercise their rights under the GDPR in respect of and against both other joint controllers and us.

Sharing data with data processors

There are many features necessary to provide you with access to our Platform that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.

Therefore, we may share and disclose your personal data to other data processors:

• Google Workspace (Google LLC, USA): to use Google services such as Gmail, Chat, Meet, Calendar, Drive, Docs, Sheets, Slides, Forms for collecting, storing, structuring and using your personal data. You may read its Privacy Policy here.
• Google Analytics (Google LLC, USA): to analyse statistical data on how the visitor uses the Website in order to improve our Website’s functionality, to improve advertisement campaigns. You may read Google LLC’s Privacy Policy here.
• AWS (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read its Privacy Policy here.
• PowerBI (Microsoft Corporation, USA): to analyse user behaviour and conversions. You may read its Privacy Statement here.
• ChargeBee (CHARGEBEE INC., USA): to subscription management. You may read its Privacy Policy here.
• Stripe (Stripe, Inc., USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read its Privacy Policy here.
• eSputnik (ФОП Тимченко Вікторія Володимирівна, Ukraine): to send messages for marketing communications. You may read its Privacy Policy here.
• Intercom (Intercom, Inc., USA): to ensure proper communication in support chat if our clients and visitors need help, assistance, explanations. You may read its Privacy Policy here.

During our business activities we may engage different specialists which may receive your personal data, including technical, sales and marketing specialists, to provide you with better customer service. Also, we may disclose some of your personal data to our outsource legal and accounting professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors.

We may transfer your personal data to countries outside the EU and EEA (for example, the USA) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible and necessary, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Company may adjoin such data processing agreement. If so, Company and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.

For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to another third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal procedures regarding international transfers in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.

We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.