Privacy Policy

1. Introduction

Welcome to Findeefi ("Company", "we", "our", or "us"). We are committed to protecting your privacy and handling your personal data responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at findeefi.com and its subdomains (the "Service"). Please read this privacy policy carefully.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, username, password, and company information
• Profile Information: Job title, phone number, business address, and other profile details
• Payment Information: Credit card details and billing address (processed securely by Stripe)
• Communications: Messages, feedback, and support inquiries you send to us
• Form Data: Information submitted through forms you create and distribute using our Service

2.2 Information Collected from Third-Party Integrations

When you connect third-party services to your Findeefi account, we collect data from these platforms to provide our Service:

GoHighLevel (GHL)

• Contact information (names, emails, phone numbers, addresses)
• Opportunity and pipeline data
• Calendar events and appointments
• Task and workflow information
• Conversation history (SMS, WhatsApp, email)
• Custom field data
• Location and user information

Meta (Facebook/Instagram)

• Page information and settings
• Instagram business account data
• Ad campaign performance metrics
• Insights and analytics data
• Post engagement metrics

Google Analytics 4

• Website traffic and user behavior data
• Page views and session information
• User demographics and interests
• Conversion tracking data
• Property and data stream information

Zoom

• Meeting information (date, time, duration)
• Participant data
• Meeting analytics and quality metrics
• Recording metadata

JustCall

• Call logs and recordings
• SMS message content and metadata
• Agent performance metrics
• Contact information

Slack

• Workspace information
• Channel data
• User information
• Message metadata (not message content unless explicitly authorized)

2.3 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps
• Device Information: Device type, unique device identifiers, and mobile network information
• Usage Data: Features used, actions taken, time spent on pages, and interaction patterns
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking: See Section 8 for details on cookies

2.4 Webhook and API Data

We receive data through webhooks from connected platforms for real-time synchronization. This data is processed automatically and may include any information types listed in Section 2.2 above.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Provide, operate, and maintain the Service
• Process and complete transactions
• Manage your account and subscriptions
• Synchronize data across integrated platforms
• Generate analytics, reports, and visualizations
• Process form submissions and manage custom forms

3.2 Communication

• Send you service-related notifications
• Respond to your inquiries and support requests
• Send scheduled reports and alerts
• Provide updates about new features or changes
• Send marketing communications (with your consent)

3.3 Service Improvement

• Understand and analyze usage trends
• Improve, personalize, and expand our Service
• Develop new features and functionality
• Debug and fix technical issues
• Conduct research and analytics

3.4 Security and Compliance

• Detect, prevent, and address security incidents
• Protect against fraudulent or illegal activity
• Enforce our Terms of Service
• Comply with legal obligations
• Maintain audit logs and records

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for our legitimate business interests (e.g., improving the Service, fraud prevention)
• Consent: You have given explicit consent for specific processing activities
• Legal Obligation: Processing required to comply with applicable laws

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

• Stripe: Payment processing and subscription management
• AWS S3: File storage and backups
• SendGrid: Email delivery service
• Redis: Caching and session management (if enabled)
• Database Hosting: PostgreSQL database hosting providers

5.2 Integrated Platforms

When you connect third-party services, we exchange data with these platforms according to your permissions:

• GoHighLevel
• Meta (Facebook/Instagram)
• Google (Google Analytics, Google Maps)
• Zoom
• JustCall
• Slack

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.4 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal processes
• Requests from law enforcement or government authorities
• Protect our rights, property, or safety
• Investigate fraud or security issues

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data in transit is encrypted using TLS/SSL; sensitive data at rest (tokens, passwords) is encrypted
• Access Controls: Role-based access controls and authentication requirements
• Secure Infrastructure: Industry-standard cloud hosting with security monitoring
• Regular Backups: Automated database backups with encryption
• Security Audits: Regular security reviews and vulnerability assessments
• Employee Training: Staff trained on data protection and security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Active Accounts

While your account is active, we retain all data necessary to provide the Service.

7.2 After Account Termination

• Personal account data: Retained for 90 days after termination, then deleted
• Transaction records: Retained for 7 years for legal and tax compliance
• Aggregated, anonymized data: May be retained indefinitely for analytics
• Backup copies: Automatically deleted within 30 days of primary deletion

7.3 Data from Integrated Platforms

When you disconnect an integration, we retain cached data for 30 days to allow for reactivation, then delete it unless required for legal compliance.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and basic site functionality
• Preference Cookies: Remember your settings (theme, language)
• Analytics Cookies: Help us understand how visitors use the Service
• Security Cookies: Used to detect authentication abuse and fraud prevention

8.2 Third-Party Cookies

Some third-party services we use may place cookies on your device:

• Google Maps (for map visualization)
• Stripe (for payment processing)
• Google reCAPTCHA (for spam protection)

8.3 Cookie Management

Most web browsers allow you to control cookies through settings. Note that disabling cookies may limit your ability to use certain features of the Service.

9. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal data:

9.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Export: Request a machine-readable copy of your data (data portability)
• Objection: Object to certain types of processing
• Restriction: Request restriction of processing in certain circumstances

9.2 GDPR Rights (EEA Residents)

If you are located in the EEA, you have additional rights under GDPR:

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to data portability in structured, commonly used format
• Right not to be subject to automated decision-making

9.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

9.4 Exercising Your Rights

To exercise any of these rights, please:

• Use the data export and deletion tools in your account settings
• Contact us at privacy@findeefi.com
• Submit a request through our support portal

We will respond to your request within 30 days (or as required by applicable law).

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country.

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain jurisdictions
• Other legally approved transfer mechanisms

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.

Each integrated platform has its own privacy policy:

• GoHighLevel Privacy Policy
• Meta Privacy Policy
• Google Privacy Policy
• Zoom Privacy Policy
• JustCall Privacy Policy
• Slack Privacy Policy
• Stripe Privacy Policy

We encourage you to review the privacy policies of any third-party services you connect to your account.

13. Marketing Communications

13.1 Email Marketing

With your consent, we may send you marketing emails about new features, promotions, and updates. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in account settings
• Contacting us at privacy@findeefi.com

13.2 Transactional Emails

We will continue to send transactional emails (account notifications, receipts, service updates) even if you opt out of marketing communications.

14. Data Processing for Clients

14.1 Client as Data Controller

When you use our Service to process personal data of your customers or contacts, you are the data controller and we are the data processor.

14.2 Your Responsibilities

As a data controller, you are responsible for:

• Ensuring you have a legal basis to process personal data
• Obtaining necessary consents from data subjects
• Providing appropriate privacy notices
• Responding to data subject requests
• Complying with applicable data protection laws

14.3 Data Processing Agreement

By using our Service, you agree to our Data Processing Agreement (DPA), which is incorporated into our Terms of Service. The DPA governs how we process personal data on your behalf.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to the address associated with your account
• Displaying a notification in your account dashboard

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

16. California "Do Not Track" Disclosure

We do not currently respond to "Do Not Track" signals from web browsers. We do not track users across third-party websites to provide targeted advertising.

17. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users without undue delay
• Report to relevant supervisory authorities as required by law
• Provide information about the breach and steps being taken
• Offer guidance on protective measures you can take

18. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Findeefi - Privacy Team
Email: privacy@findeefi.com
Data Protection Officer: dpo@findeefi.com
Website: https://findeefi.com
Support: https://findeefi.com/contact

For EEA Residents

If you have a complaint about how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority.

For California Residents

California residents may contact us to exercise their CCPA rights using the information above.