The services are provided by involve.me, a product of stereosense GmbH (hereinafter referred to as “involve.me”), an Austrian company with registered address at Gußhausstraße 15/8, 1040 Vienna, company registered at the court Handelsgericht Wien with the commercial register number: FN 461219p.

1. Purpose

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve our service. By using our service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from Terms and Conditions.

2. Definitions

Personal Data
Personal Data means data about a living individual who can be identified from that data (or from those and other information either in our possession or likely to come into our possession).

Usage Data
Usage Data is data collected automatically either generated by the use of our service or from the service infrastructure itself (for example, the duration of a page visit).

Cookies
Cookies are small pieces of data stored on a User’s device.

Data Controller
A Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we act as a Data Controller when processing personal data of:

Website visitors (who access the site), and
involve.me account owners (who use the service directly).

Data Processor (or Service Providers)
A Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes data on behalf of the Data Controller.

In instances where involve.me funnels collect user data on behalf of our customers, we act as a Data Processor. As a Data Processor, we process personal data in accordance with the instructions of the Data Controller (our customer). For more details on how we process data on behalf of our customers, please refer to our Data Processing Agreement.

Data Subject
Data subject is any living individual who is the subject of Personal Data. Data subjects can be of several categories, as follows:

Website Visitors: If you access our service as a website visitor, you are responsible for regularly checking for updates to this Privacy Policy, as updates may occur without prior notice.
Platform Users: If you use our service as a registered platform user, we will notify you of significant updates to this Privacy Policy before such changes take effect. It is your responsibility to review the updated policy.
Participants: If you are a participant accessing funnels created through our service, your data controller is one of our users and you should review their privacy policy. For further inquiries please reach out to them directly.

3. Legal Bases for Processing

We process your personal data based on one or more of the following legal bases:

Your consent (e.g. for marketing emails)
Performance of a contract (e.g. when you use our platform)
Compliance with a legal obligation
Our legitimate interests, provided these do not override your fundamental rights (e.g. analytics, fraud prevention).

4. Types of Data Collected

We collect several different types of information for various purposes to provide and improve our Service to you.

Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

Email address
Company name
Country
First name and last name
Phone number (for when being billed)
Address, State, Province, ZIP/Postal code, City (for when being billed)
Cookies and Usage Data
IP address and user agent string

We collect and use Personal Data for the following core purposes:

Access and Use of Service – To provide, manage, and maintain access to our services, including user authentication and account management. Similarly, to notify you about changes to our Service and provide customer support.
Security and Fraud Prevention – To verify identities and protect against unauthorized access, fraud, and other illicit activities.
Analytics and Sales Insights – To understand how our services are used, improve performance, and inform business and sales strategies.
Marketing and Communication – To send newsletters, promotional materials, and other information that may be of interest to you (with the option to opt out at any time). You may opt out of receiving any, or all, of these communications by following the unsubscribe link or instructions provided in any email we send.

Usage Data
We may also collect information on how our service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our service and hold certain information. We record IP addresses of attempted and successful account authorizations as a protection mechanism against potentially fraudulent activity.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Cookie Settings

Below are examples of the cookies we use:

Session Cookies: We use Session Cookies to operate our Service.
Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
Security Cookies: We use Security Cookies for security purposes.

When you visit our website or service, a cookie banner will appear to give you the option to select your cookie preferences. You can choose which types of cookies you wish to accept or reject, and your preferences will be saved for future visits.

6. Retention of Data

involve.me retains your Personal Data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

Specific Retention Periods:

Account’s Billing Data: Retained for 7 years after contract end (Austrian tax law).
Marketing Leads: Retained for 24 months after the last interaction, or until consent is withdrawn.
Participant Submissions:
- Collected via free accounts: Retained for 30 days (default).
- Collected via paid accounts: Retained indefinitely (default).
- Deletion Requests: The account holder acting as the Data Controller is responsible for deletion requests. involve.me will assist the Data Controller as required by law if technically feasible. We aim to respond within 30 days.
Account Data:
- Free accounts: Retained for 7 months with no interaction.
- Paid accounts & previously paid accounts: Retained indefinitely or until deletion request.
- Deletion Requests: Data deleted within 30 days upon request.

7. Transfer Of Data

Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

We primarily process and store data within the European Union, where the core infrastructure is located. In some cases, we use sub-processors or service providers outside the EU, or those subject to overseas data disclosure laws. When transferring data outside the EU, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs). For details on the locations of our sub-processors and their data centres, please see our sub-processor list.

The legal mechanisms mentioned above and your consent to this Privacy Policy followed by your submission of such information represents your agreement to any data transfers mentioned in this policy.

involve.me will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

8. Disclosure Of Data

Business Transaction
If involve.me is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice if your Personal Data is transferred and becomes subject to a different privacy policy.

Disclosure for Law Enforcement
Under certain circumstances, involve.me may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency) within legally required time frames.

Legal Requirements
involve.me may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation.
To protect and defend the rights or property of involve.me.
To prevent or investigate possible wrongdoing in connection with our service.
To protect the personal safety of users of our service or the public.
To protect against legal liability.

9. Your Rights

involve.me aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the right:

To access and receive a copy of the Personal Data we hold about you
To rectify any Personal Data held about you that is inaccurate
To request the deletion of Personal Data held about you

You have the right to data portability for the information you provide to involve.me. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. Please note that we may ask you to verify your identity before responding to such requests.

10. Additional User Privacy Commitments

involve.me is committed to enhancing transparency and accountability in its handling of personal information. In addition to the rights outlined above, we uphold the following commitments:

We maintain records of all third-party disclosures of personal information to ensure transparency and compliance.
We verify the identity of any authorized representative acting on behalf of a user before granting access to that user's personal information. Verification methods include access via a Microsoft or Google connected account, or a standard email and password login with additional one time codes sent. If access is lost, identity is confirmed through a documented custom ownership verification process based on purchasing and company information.
We document any new purposes for which previously collected personal information will be used. We record users’ consent to new uses or, if applicable, their withdrawal of consent for previously agreed uses.
We provide notice to users at the time of or before collecting or using their personal information for a new purpose not previously identified in this Privacy Policy.

These measures are part of our broader effort to ensure that personal data is processed in accordance with applicable data protection laws and user expectations.

11. Use of AI Features and Data Privacy

The platform offers a variety of AI-powered features designed to enhance the experience. These features leverage advanced artificial intelligence to provide tailored recommendations to help users create, personalize and analyze funnels. AI features are not designed to make automated decisions that have legal or significant effects.

Optional Use: The use of AI-powered features within our services is entirely optional. We do not transmit any data to large language models (LLMs) or AI services unless you specifically choose to utilize an AI feature.
Personal Data Protection: By default, we do not send any personal data to AI LLMs. Even when respondent data is analyzed through AI-generated reports, personal data is filtered out, provided that users collect personal information correctly using designated Contact Forms rather than free text input fields.
AI Subprocessors: The current list of AI/LLM subprocessors and service providers we may use is maintained and regularly updated in our Trust Center’s subprocessor list.

12. Sub-processors

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide our service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties may process your data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Below you find core processors listed, for the full list, also for optional processors and their data locations, please visit our Trust Center.

12.1. Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on our service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

Personal Data collected: Cookies and Usage Data.
Place of processing: United States.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

12.2 Behavioral Remarketing

involve.me uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google Ads

Google Ads remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe, or opt-out using your mobile device settings.

Personal Data collected: Cookies and Usage Data.
Place of processing: United States.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

12.3. Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

Amazon Web Services (AWS)
Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: Germany, EU.
For more information on the privacy practices of Amazon AWS, please visit Amazon AWS’s privacy policy: https://aws.amazon.com/privacy/

Hetzner Online GmbH
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: Germany, EU.
For more information on the privacy practices of Hetzner Online GmbH, please visit Hetzner Online GmbH’s privacy policy: https://www.hetzner.com/legal/privacy-policy/

12.4. User database management

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Application, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving this Application. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.

Intercom (Intercom Inc.)
Intercom is a User database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within our product(s).
Personal Data collected: email address and various types of Data as specified in the privacy policy of the service.
Place of processing: United States.
For more information on the privacy practices of Intercom, please visit Intercom’s privacy policy: https://www.intercom.com/legal/privacy

Brevo

Brevo is an all-in-one platform for managing customer relationships, offering email marketing, marketing automation, SMS, and WhatsApp campaigns, as well as sales and conversation tools.

Personal data collected: email address, and various types of data as specified in the privacy policy of the service.

For more information on the privacy practices of Brevo, please visit their privacy policy: https://www.brevo.com/legal/privacypolicy/

Hubspot

HubSpot is a customer relationship management (CRM) platform that provides tools for marketing, sales, customer service, and content management to help businesses grow and manage customer interactions.

Personal data collected: email address, and various types of data as specific in the privacy policy of service.

For more information on the privacy practices of Hubspot, please visit their privacy policy: https://legal.hubspot.com/privacy-policy

12.5. Payments

We may provide paid features, sub-services or products within our service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Stripe
Personal Data collected: Name, Address, Email, Phone, Credit Card Details.

Place of processing: United States.

For more information on the privacy practices of Stripe, please visit Stripe’s privacy policy https://stripe.com/us/privacy

Chartmogul

Personal data collected: Name, address, email

Place of processing: Ireland

For more information on the privacy practices of Chartmogul, please visit Chartmogul’s privacy policy https://chartmogul.com/privacy/

12.6. Affiliate & Referral

Affiliate and referral tracking is enabling us to incentivize partners, affiliates and brand ambassadors for promoting our service and increasing sales. In that case, we use third-party services for handling incentives, fees, etc.

Reditus
Reditus is a service provided by Reditus B.V. Europalaan(Netherlands). Reditus is tracking referral visitors and setting up the cookie, tracking referral leads and signups, and tracking referral sales and commissions/rewards. For this purpose, the service stores data from our affiliates, partners and/or brand ambassadors (promoters) and data from our leads/customers referred by our affiliates/promoters.

Personal Data collected: Name, Address, Email, Profile Picture, Website, URLs to public social media accounts, IP address, uid.
Place of processing: The Netherlands.
For more information on the privacy practices of Reditus, please visit Reditus’ privacy policy https://www.getreditus.com/privacy-policy/

13. Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

14. Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”). Accounts can and should only be registered by individuals of at least 18 years of age, though involve.me does not have explicit technical mechanisms in place to enforce this.

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

15. Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

16. Security

We are committed to maintaining the highest standards of data security and privacy. We have implemented a comprehensive set of organizational, technical, and administrative controls to protect your personal information. You’ll find a documented list of measures in our Trust Center. Below is an overview of our key security measures:

Organizational Controls

Employee Training: All employees undergo regular security awareness training to ensure understanding of data protection and privacy obligations.
Access Management: Access to personal data is strictly limited to authorized personnel on a need-to-know basis, enforced through role-based access controls.
Vendor Management: We assess and monitor third-party vendors for compliance with our security and privacy standards.
Regular Audits: We conduct regular (at least annual) internal and external audits to evaluate the effectiveness of our security and privacy controls.
Privacy Reviews: Regular (at least annual) privacy reviews are performed to ensure ongoing compliance with relevant laws and best practices.

Technical Controls
Encryption: All personal data is encrypted in transit using TLS and at rest using industry-standard encryption algorithms.
Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments are employed to protect our infrastructure.
Authentication: Multi-factor authentication (MFA) is required for administrative access to critical systems.
Data Minimization: We collect and retain only the data necessary to provide our services, in line with the principle of data minimization.

Administrative Controls

Policies and Procedures: We maintain documented security policies and procedures, including incident response, data breach notification, and regular policy reviews.
Monitoring and Logging: Continuous system monitoring and logging are in place to detect and respond to suspicious activities promptly.
Incident Response: We have a formal incident response plan to address and mitigate security incidents, including timely notification of becoming aware of any incident to affected parties. Data breaches are reported to the Austrian Data Protection Authority within 72 hours of becoming aware of the incident. Where notification exceeds 72 hours, the delay reasons will be documented and provided.

Physical Controls

Secure Facilities: Our data centers are protected by physical security measures such as access controls, surveillance, and environmental safeguards.
Visitor Management: Access to sensitive areas is restricted and monitored.

Data Integrity

Accuracy and Completeness: We implement procedures to ensure the accuracy and completeness of personal data. This includes regular data validation, periodic reviews, and mechanisms for individuals to update or correct their information as needed.
Data Quality Controls: Automated and manual checks are in place to detect and correct inaccuracies or inconsistencies in personal data.
User Access: Users are provided with the ability to review and update their personal information to maintain its accuracy.

Data Lifecycle Management

Secure Data Disposal: We ensure secure disposal of personal data in accordance with GDPR requirements, using methods such as secure deletion and physical destruction of storage media when data is no longer needed.

We strongly recommend that you do not disclose your password to anyone. If you forget your password, you can request a password reset through the user interface.

Please remember that you control what personal information you provide while using our service. Ultimately, you are responsible for maintaining the secrecy of your identification, passwords and/or any personal information in your possession for the use of our service. Always be careful and responsible regarding your personal information. We are not responsible for, and cannot control, the use by others of any information which you provide to them and you should use caution in selecting the personal information you provide to others through our service. Similarly, we cannot assume any responsibility for the content of any personal information or other information which you receive from other users through our service, and you release involve.me and its subsidiaries and affiliates and each of their employees, officers, and directors from any and all liability in connection with the contents of any personal information or other information which you may receive using our service. We cannot guarantee, or assume any responsibility for verifying, the accuracy of the personal information or other information provided by any third party. You release involve.me and its subsidiaries and affiliates and each of their employees, officers, and directors from any and all liability in connection with the use of such personal information or other information of others.

17. Data Protection Officer

If you have any questions about this Privacy Policy, please contact us here.

Any requests or complaints about involve.me’s collection, use or disclosure of personal information through our service should be directed to our Data Protection Officer Cosmin Badea at data-protection@involve.me.

18. Contact Us

If you have any questions about this Privacy Policy, please contact us here or by email: support@involve.me.