Respona
Privacy Policy

Last updated: 12/09/2025

  1. Intoduction

     

    Respona is an outreach platform (the “Platform”) via which businesses can reach out to website owners, publishers, and other contacts to develop and run campaigns to raise awareness about their brands and obtain backlinks and other placements. We also offer a done‑for‑you link building and outreach product (the “DFY Product”). The Platform and DFY Product together are referred to in this Privacy Policy as the “Services.”

    The Services are offered to users (“Users” or “you”) at www.respona.com (the “Site”) and are owned and operated by Respona, LLC, a Delaware limited liability company doing business as Respona (“Company,” “we,” or “us”).

    This Privacy Policy explains how we collect, use, disclose, and protect information relating to identified or identifiable individuals (“personal data”) in connection with the Services.

    This policy applies where

    • (a) we are acting as a data controller with respect to your personal data, in other words, where we determine the purposes and means of the processing of that personal data, and/or
    • (b) we are acting as a data processor with respect to personal data, in other words, where we process personal data on behalf of and in accordance with the instructions of another party (for example, when we process prospect contact data that you upload to the Platform or instruct us to process as part of the DFY Product).

    This Privacy Policy also applies to personal data collected through our customer support channels, marketing communications, and any other interactions you have with us in connection with the Services, whether online or offline.

    Relationship to Terms of Service

    Use of the Services is subject to the terms of our Terms of Service, which are hereby incorporated and made part of this Privacy Policy. By using the Services, you agree to be bound by our Terms of Service.

    Your use of the Services is also subject to the terms and conditions set forth in this Privacy Policy.

    We continually strive to find new ways to enhance your experience with the Services and we may modify this Privacy Policy from time to time to reflect changes in our privacy practices. You are encouraged to review this Privacy Policy periodically and to check the “Last Updated” date above for the most recent version. If we make changes to this Privacy Policy, we will notify you here, by email, or by means of a notice through the Site or other parts of the Services.

    PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY ALL THE TERMS OF THIS PRIVACY POLICY AND OUR TERMS OF SERVICE. IF YOU DO NOT AGREE TO SUCH TERMS, EXIT THIS PAGE AND DO NOT ACCESS OR USE THE SERVICES.

  2. How we use your personal data

     

    In this Section 2 we set out:

    • the general categories of personal data that we may process;

    • the purposes for which we may process personal data; and

    • the legal bases of the processing.

    We collect two broad types of information about you: “Personally Identifiable Information” and “Non‑Personally Identifiable Information.”

    2.1 Personally Identifiable Information, general users

    Personally identifiable information is information that identifies a specific person. When you engage in certain activities via the Services, including but not limited to creating an account, subscribing, sending feedback, contacting support, or otherwise participating in the Services (“Identification Activities”), we may ask you to provide certain information about yourself.

    If you elect to engage in an Identification Activity, we may ask you to provide us with personal information such as your name, company name, address, email address, telephone number, login details, billing details, and any other information you choose to provide to us. We may use this information to create and maintain your account or profile, to provide the Services, to send communications about the Services to you, and to populate forms for future transactions.

    We may process different categories of personal data as described below. Depending on your location, the legal basis for our processing may be your consent, our legitimate interests, the performance of a contract with you, or compliance with a legal obligation.

    Account data

    We may process your account data (“account data”). Account data may include your name, email address, company information, and login details. The source of the account data is you or your organization. Account data may be processed for the purposes of operating the Site, providing the Services, authenticating you, ensuring the security of the Site and Services, maintaining backups, and communicating with you. The legal basis for this processing is your consent where applicable, our legitimate interests in operating and improving the Services, and/or the performance of a contract between you and us. We may also use account data to enforce our policies, detect misuse, and maintain the integrity of user accounts.

    Usage data

    We may process data about your use of the Site and Services (“usage data”). Usage data may include your IP address, approximate geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, features used in the Platform, as well as information about the timing, frequency, and pattern of your Service use. The source of the usage data is our analytics tracking systems. Usage data may be processed for the purposes of analyzing the use and performance of the Site and Services, improving the Services, and troubleshooting. The legal basis for this processing is your consent where required, or our legitimate interests in monitoring and improving the Site and Services. Usage data may also be used for detecting suspicious or abusive activity, preventing security incidents, and optimizing performance.

    Publication data

    We may process information that you post for publication on our Site or through our Services (“publication data”). Publication data may be processed for the purposes of enabling such publication and administering the Site and Services. The legal basis for this processing is your consent or our legitimate interests in operating and improving the Services. Publication data may also be indexed by search engines or publicly accessible depending on where and how you publish it. You are responsible for ensuring that you do not include sensitive or confidential information in content intended for public display.

    Inquiry data

    We may process information contained in any inquiry you submit to us regarding the Services (“inquiry data”). Inquiry data may be processed for the purposes of providing support, responding to your inquiries, and offering, marketing, and selling relevant Services to you. The legal basis for this processing is your consent or our legitimate interests in responding to user inquiries and growing our business. Inquiry data may also be used for internal training, quality assurance, and auditing of customer support interactions.

    Transaction data

    We may process information relating to transactions, including purchases of Services, that you enter into with us and/or through the Site (“transaction data”). Transaction data may include your first and last names, an email address used as a login, billing contact information, credit card details (processed by our payment processor), and a password. Transaction data may be processed for the purpose of supplying the purchased Services, processing payments, preventing fraud, and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract, as well as our legitimate interests in maintaining financial and transaction records.

    Notification data

    We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). Notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is your consent or our legitimate interests in keeping you informed about the Services and related updates. Notification data may also be used to tailor the communications you receive, such as sending more relevant product updates.

    You can opt out of marketing emails at any time by clicking the “unsubscribe” link in those emails or by contacting us.

    Correspondence data

    We may process information contained in or relating to any communication that you send to us (“correspondence data”). Correspondence data may include the communication content and metadata associated with the communication. Our Site may generate metadata associated with communications made using website contact forms. Correspondence data may be processed for the purposes of communicating with you, improving the Services, and record‑keeping. The legal basis for this processing is your consent or our legitimate interests in responding to communications and improving our Services.

    Legal and compliance data

    We may process any of your personal data identified in this policy where necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out‑of‑court procedure, and where necessary for compliance with legal obligations. The legal basis for this processing is our legitimate interests in the protection and assertion of our legal rights, your legal rights, and the legal rights of others, and/or compliance with legal obligations.

    In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary to protect your vital interests or the vital interests of another natural person.

    Please do not supply another person’s personal data to us unless you have their permission and it is required for the Services or we prompt you to do so. By providing any personal data relating to another individual, you represent that you have the authority and legal right to do so and that the individual has been informed of and consents to such processing, where required.

  3. Google User Data

     

    If you choose to connect a Gmail account to the Platform, we will ask you to grant the Platform application permissions to access your Gmail account. These permissions are necessary to sustain the functionality of the Services as intended and described in our Terms of Service. In particular, we may need to:

    • access your inbox or specific folders to detect replies to emails that have been sent via the Platform, and

    • send emails on your behalf from your connected account.

    We will store your authentication token and account email address. This data will be securely stored and used by the Platform to provide you with the Services, including but not limited to logging into your account, sending emails via the Platform, accessing emails you sent through the Platform, and viewing replies you received.

    Under no circumstances will this data be voluntarily shared with any third parties. Respona may provide this information to legal authorities only upon a lawful request or as otherwise required by law. If you choose to disconnect your Gmail account or close your Respona account, any information from Google that is stored on our servers in connection with that account will be removed within a reasonable period, subject to legal retention requirements.

    We do not use data obtained from our customers’ Google accounts for advertising purposes, including personalized, retargeted, or interest‑based advertising.

    Respona’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

    Our employees, contractors, and other humans are not allowed to access your personal information, including data obtained via Google APIs, except in limited circumstances. We may access user data only after obtaining the user’s affirmative agreement, for example, to resolve a support issue, provide advice on service usage, or provide other help you request, or when and if necessary for a security investigation or to comply with applicable laws.

  4. Non‑Personally Identifiable Information

     

    Non‑Personally Identifiable Information is information that does not identify a specific person. This type of information may include:

    • the URL of the website you visited before coming to the Site;
    • the URL of the website you visit after leaving the Site;
    • the type of browser you are using;
    • your Internet Protocol (IP) address;
    • mobile carrier information;
    • mobile device identifiers and information;
    • general and/or aggregated location data; and
    • device attributes, operating system details, language preferences, and performance diagnostics relating to your use of the Services.

    We and/or our authorized third party service providers may automatically collect this information when you visit or use the Services using electronic tools like cookies, web beacons, or pixel tags, as described below.

    We use Non‑Personally Identifiable Information to troubleshoot, administer the Services, analyze trends, gather demographic information, comply with applicable law, and cooperate with law enforcement activities. We may also share this information with our authorized third‑party service providers to measure the overall effectiveness of our products and services.

    We may combine or aggregate Non-Personally Identifiable Information with other data in a manner that does not identify you, and we may use or share such aggregated data for research, analytics, product improvement, and benchmarking. Once aggregated or anonymized, this data does not identify you and may be retained or used indefinitely.

    We may also use Non-Personally Identifiable Information for security purposes, including detecting anomalies, diagnosing technical issues, preventing fraudulent activity, and monitoring the stability and performance of the Services.

    Although Non-Personally Identifiable Information does not directly identify an individual, certain jurisdictions treat some categories, such as IP addresses or device identifiers, as personal data when linked with other information. We process such data in accordance with applicable law.

    We do not use Non-Personally Identifiable Information for behavioral advertising or cross-site targeted advertising unless expressly disclosed elsewhere in this Privacy Policy.

  5. Providing Your Personal Data to Others

     

    We may disclose your personal data to any member of our group of companies, which means our subsidiaries, our ultimate holding company, and all its subsidiaries, insofar as reasonably necessary for the purposes and legal bases set out in this policy.

    We do not sell your personal data.

    Financial transactions relating to the Site and Services may be handled by our payment service providers. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, preventing fraud, refunding such payments, and dealing with complaints and queries relating to such payments. Our payment processors are permitted to use personal data only as necessary to provide payment-related services and are not permitted to use such data for their own independent purposes.

    We may share your personal data with carefully selected third‑party service providers that help us operate, provide, improve, or secure the Services, such as hosting providers, analytics providers, email service providers, customer support tools, and similar vendors. These third‑party providers will only receive personal data to the extent necessary to perform their services and are typically bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it. We may also disclose your personal data to our professional advisers, including attorneys, auditors, insurers, or consultants, where such disclosure is reasonably necessary to obtain advice, manage risk, or maintain regulatory compliance.

    In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data:

    • where such disclosure is necessary for compliance with a legal obligation to which we are subject;
    • in order to protect your vital interests or the vital interests of another natural person; or
    • where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out‑of‑court procedure.

    We may also disclose personal data when we believe in good faith that such disclosure is necessary to (i) prevent fraud, abuse, or security threats, (ii) enforce our Terms of Service or contractual rights, or (iii) protect the rights, property, and safety of Respona, our users, or the public. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be shared or transferred as part of that transaction as permitted by law. If such a transaction materially changes the way your personal data is used or processed, we will provide notice as required by applicable law.

    If third-party integrations (such as Gmail or Outlook) are used to send or receive email via the Platform, personal data may be shared as necessary with those integrations solely to provide the requested functionality. These third parties may process data in accordance with their own privacy policies, and we encourage you to review those policies.

  6. Cookies

     

    A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

    Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date. A session cookie will expire at the end of the user session, when the web browser is closed.

    Cookies do not typically contain information that personally identifies a user, but personal information that we store about you may be linked to information stored in and obtained from cookies.

    6.1 Cookie usage

    We use cookies for the following purposes:

    • authentication: to identify you when you visit our Site and Services and as you navigate;
    • status: to help us determine if you are logged in;
    • personalization: to store information about your preferences and to personalize the Site and Services for you;
    • security: as an element of security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect the Site and Services generally;
    • analysis: to help us analyze the use and performance of the Site and Services; and
    • cookie consent: to store your preferences in relation to the use of cookies.

    We may use Google Analytics to analyze use of our Site. Google Analytics gathers information about website use by means of cookies. The information gathered is used to create reports about use of the Site. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.

    6.2 Cookies used by third‑party suppliers

    Our third‑party service providers may use cookies and similar technologies, and those cookies may be stored on your computer or device when you visit our Site or use the Services. These providers may include analytics services, advertising networks (if used), and other vendors helping us operate and improve the Services.

    6.3 Managing cookies

    Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser and from version to version. You can obtain up‑to‑date information about blocking and deleting cookies via these links:

    Blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, you may not be able to use all the features on our Site or Services.

    Where required by law, we will seek your consent for non‑essential cookies through our cookie banner or settings.

  7. Analytics

     

    We continuously improve the Site and Services and use different third‑party web analytics tools to help us do so. We are interested in how visitors use our Site, our desktop tools, and our applications, what they like and dislike, and where they have problems.

    Our products and tools may use analytical technologies to understand feature usage patterns, to enhance and improve your product experience, and to offer you usage tips and guidance. In connection with normal business operations, as well as to increase functionality and enhance your user experience, usage information may be linked to personal information that we have about individual users. We maintain ownership of this data and we do not share this type of data about individual identifiable users with third parties unless required by law or with your consent.

    This information is used solely to assist us in maintaining more effective and useful websites and products for our customers. This data will not be shared with third parties without your prior consent unless required by law.

    Analytics providers may use cookies, pixels, SDKs, log files, and similar tracking technologies to collect information about how users interact with the Services. This may include device identifiers, browser characteristics, navigation paths, feature usage, session duration, and crash or performance data.

    Where technically feasible, we configure analytics tools (such as Google Analytics) to use IP anonymization or similar privacy-enhancing settings. We do not permit analytics providers to use data collected through the Services for their own marketing or advertising purposes.

    We may generate aggregated or de-identified analytics from personal data, and such aggregated data does not identify individual users. We may use or share aggregated analytics for business insights, product development, and benchmarking.

    Some analytics providers may process data as our processors under data processing agreements, while others may act as independent controllers of certain data under their own privacy policies. We encourage you to review the privacy policies of any analytics tools integrated into the Services.

    Depending on your jurisdiction, you may have the right to opt out of analytics tracking through your browser settings, cookie preferences, or by using a legally required opt-out mechanism. Where required by law, non-essential analytics technologies will not be activated unless you provide consent.

  8. Security of Information

     

    You may be able to access your Personally Identifiable Information via the Services using your username and password. Passwords are encrypted. We advise against sharing your password with anyone. If you access your account via a third‑party site or service, you may have additional or different sign‑in protections via that third‑party site or service.

    Although we take reasonable steps to secure the Services, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of your information.

    You may be able to access your Personally Identifiable Information through the Services using your username and password. Passwords are encrypted, and we strongly advise that you do not share your login credentials with any person. If you access your account through a third-party service or identity provider, you may be subject to additional or different authentication requirements imposed by that provider.

    You are solely responsible for maintaining the confidentiality of your login credentials and for preventing unauthorized access to your account and personal information. This includes using strong and unique passwords, enabling available security features, limiting access to your devices, and logging out after each session. You agree to notify us immediately of any suspected unauthorized access or use of your account.

    To the extent permitted by applicable law, we are not responsible for any losses arising from unauthorized access to your account resulting from your failure to secure your login credentials or devices.

  9. Data Retention

     

    We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal and contractual obligations, resolve disputes, enforce our agreements, and support normal business operations. Retention periods may vary depending on the type of data, the nature of the Services, and applicable legal requirements.

    9.1 Retention of account and profile data.
    We retain account-related personal data, such as your name, contact information, login credentials, and account settings, for as long as your account remains active. If you close your account, we will delete or anonymize this data within a reasonable period, unless a longer retention period is required for compliance with legal obligations, dispute resolution, fraud prevention, or enforcement of our agreements.

    9.2 Retention of usage data.

    We may retain usage data, such as log files, device information, analytics data, and interaction logs, for as long as necessary to operate, secure, and improve the Services. Where possible, this information is aggregated or anonymized.

    9.3 Retention of transaction data.

    We retain transaction records, invoices, billing details, and payment-related information for the period required under applicable financial and tax laws, typically between six (6) and ten (10) years, depending on jurisdiction.

    9.4 Retention of communication and support data.
    We retain correspondence data, including emails, support requests, and related communications, for as long as needed to provide support and maintain accurate business and legal records.

    9.5 Retention of prospect and outreach data.
    When you upload or otherwise provide prospect contact information or other outreach data in connection with the Services, we retain such data for the duration of your use of the Services or as instructed by you. After your account is closed, we will delete or anonymize this data within a reasonable period, unless required or permitted to retain it for compliance, dispute resolution, fraud prevention, or other legal obligations.

    9.6 Retention for legal, regulatory, and compliance purposes

    We may retain any category of personal data where retention is necessary:

    • (a) to comply with applicable laws or regulatory requirements,
    • (b) to establish, exercise, or defend legal claims,
    • (c) to enforce our agreements, including our Terms of Service,
    • (d) to detect and prevent fraud, abuse, or security incidents.

    9.7 Criteria used to determine retention periods.
    We determine the appropriate retention period for personal data based on:
    • the amount, nature, and sensitivity of the data;
    • the potential risk of harm from unauthorized use or disclosure;
    • the purposes for which the data is processed and whether those purposes can be achieved through other means;
    • applicable legal, regulatory, tax, accounting, or reporting obligations.

    9.8 Deletion, anonymization, and backup copies.
    Where deletion is required, we will delete or securely anonymize personal data so that it can no longer be associated with an identifiable individual. Residual copies may remain temporarily in backup systems, which are maintained for disaster-recovery and security purposes and are automatically overwritten on a rolling basis.

  10. International Data Transfers

     

    10.1 Transfers from the EEA, UK, or Switzerland.
    If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, we will protect personal data transferred outside those regions in accordance with applicable data protection laws, including by implementing one or more of the following safeguards:

    • Standard Contractual Clauses (“SCCs”) adopted by the European Commission;
    • the UK Addendum or UK International Data Transfer Agreement;
    • adequacy decisions issued by the European Commission or UK authorities;
    • other legally recognized transfer mechanisms under GDPR or UK GDPR.

    Copies of applicable SCCs or other transfer mechanisms may be made available upon request, subject to redactions for commercial confidentiality.

    10.2 Transfers initiated by users.
    When you upload or send personal data (such as prospect contact information) via the Services, or when you choose to integrate the Services with third-party platforms, you acknowledge that such actions may result in the transfer of personal data across international borders. You are responsible for ensuring that such transfers comply with applicable law.

    10.3 Third-party service providers.
    We may transfer your personal data to third-party service providers located outside your jurisdiction, including cloud hosting providers, analytics vendors, email infrastructure providers, and customer support tools. We require such providers to maintain appropriate safeguards for personal data and to process it only as instructed by us.

    10.4 Consent to international transfers.
    Where required by law, by using the Services, you expressly consent to the transfer, processing, and storage of your personal data in countries outside your own, including the United States, which may have different data protection rules than those in your country.

  11. Your Privacy Rights

     

    Depending on your location and the applicable privacy laws, you may have certain rights regarding your personal data. These rights may include the rights described below. We will honor such rights to the extent required by applicable law.

    11.1 Right to access.
    You may request confirmation of whether we process your personal data and may request a copy of such personal data.

    11.2 Right to correct.
    You may request that we correct or update inaccurate or incomplete personal data about you.

    11.3 Right to delete.
    You may request that we delete your personal data, subject to applicable exceptions, including where retention is necessary for legal compliance, fraud prevention, or the establishment, exercise, or defense of legal claims.

    11.4 Right to restrict processing.
    You may request that we restrict the processing of your personal data under certain circumstances, such as where you contest its accuracy or where processing is unlawful.

    11.5 Right to object.
    You may object to the processing of your personal data in certain situations, including processing based on legitimate interests or for direct marketing purposes.

    11.6 Right to data portability.
    You may request to receive your personal data in a structured, commonly used, and machine-readable format and may request that we transfer such data to another controller where technically feasible.

    11.7 Right to withdraw consent.
    Where the processing of your personal data is based on your consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

    11.8 Rights related to automated decision-making.
    You have the right to request meaningful information about automated decision-making, including profiling, and to request human review where such decisions produce legal or similarly significant effects. We do not engage in automated decisions that produce such effects without human involvement.

    11.9 Right to opt out of marketing communications.
    You may opt out of receiving marketing or promotional emails by following the unsubscribe instructions included in such communications or by contacting us. You will continue to receive transactional or service-related communications.

    11.10 Right to lodge a complaint.

    If you believe that we have violated your privacy rights or applicable data protection laws, you may file a complaint with your local supervisory authority. We encourage you to contact us first so we may attempt to resolve your concerns directly.

    11.11 Exercising your rights.

    To exercise any of the rights described in this Section, please contact us using the methods described in Section 21 (Contact Information). We may request certain information to verify your identity before processing your request. We will respond to your request within the timeframe required by applicable law.

  12. Notice to California Residents (CCPA/CPRA)

     

    This Section 12 applies solely to individuals residing in California and supplements the rest of this Privacy Policy. It is provided in accordance with the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Capitalized terms used in this section that are not otherwise defined have the meanings assigned to them under the CCPA/CPRA.

    12.1 Categories of personal information we collect.
    In the preceding twelve (12) months, we may have collected the following categories of personal information as defined by the CCPA/CPRA:

    • Identifiers (such as name, email address, IP address, account credentials).
    • Customer records (such as billing details and payment transaction information).
    • Commercial information (such as Services purchased, usage patterns, or campaign metrics).
    • Internet or network activity (such as analytics, logs, and interactions with our Platform).
    • Geolocation information (approximate location derived from IP).
    • Professional or employment-related information (such as prospect titles uploaded by Users).
    • Inferred information derived from the above categories to personalize or improve the Services.

    We do not collect or process “sensitive personal information” for the purpose of inferring characteristics, nor do we sell or share personal data for targeted advertising.

    12.2 Sources of personal information.
    We collect personal information from:

    • You directly (account creation, communications, billing).
    • Your use of the Services (usage data, device information, analytics).
    • Third-party platforms at your direction (e.g., CRMs, Google APIs).
    • Publicly available sources or authorized data partners when performing DFY outreach services.
    • Prospects whose data you upload into the Platform (see Section 13).

    12.3 Purposes for collection and use.
    We collect and use personal information for the business and commercial purposes described in Sections 2–7, including:

    • Operating, securing, and improving the Services.
    • Fulfilling service requests and providing customer support.
    • Billing, payment processing, and account management.
    • Conducting analytics, troubleshooting, and platform optimization.
    • Complying with law and responding to legal requests.
    • Conducting outreach and link-building activities when directed by Users or under the DFY product.

    We do not use personal information for automated decision-making that produces legal or significant effects.

    12.4 Disclosure of personal information.
    We may disclose personal information to:

    • Service providers and contractors who provide hosting, analytics, email infrastructure, customer support tools, billing, or security-related services.
    • Affiliates and subsidiaries, where necessary to operate the Services.
    • Professional advisors, regulators, and law enforcement where legally required.

    These disclosures are made only for business purposes and under written agreements requiring confidentiality and restricted use.

    12.5 No sale or sharing of personal information.
    We do not sell personal information, share personal information for cross-context behavioral advertising, or permit third parties to use personal data for their own marketing purposes.

    12.6 Your California privacy rights.
    California residents have the right to:

    • Right to Know what categories and specific pieces of personal information we have collected.
    • Right to Delete personal information, subject to applicable legal exceptions.
    • Right to Correct inaccurate personal information.
    • Right to Opt Out of Sale or Sharing, although we do not sell or share personal data.
    • Right to Limit Use of Sensitive Personal Information, although we do not process such data for restricted purposes.
    • Right to Non-Discrimination for exercising any privacy rights.

    12.7 Submitting requests.
    California residents may submit a request to exercise the rights above by contacting us through the methods in Section 21. We may require identity verification before fulfilling a request. If a request is made by an authorized agent, additional evidence of authorization may be required.

  13. Prospect Data Uploaded by Users

     

    13.1 User responsibility for Prospect Data.
    Users are solely responsible for ensuring that Prospect Data is collected and processed lawfully before it is uploaded to the Platform. This includes obtaining all necessary consents, providing appropriate privacy notices, and ensuring that the use of Prospect Data within the Services complies with applicable laws such as CAN-SPAM, GDPR, and regional outreach or marketing regulations. Users must not upload personal data that they are not legally permitted to process or disclose.

    13.2 Our role as a processor.
    When we process Prospect Data on behalf of a User, whether through the Platform or the DFY Product, we act as a data processor (or service provider under U.S. privacy laws). We will only process Prospect Data in accordance with the User’s instructions and the Terms of Service, and we will not use Prospect Data for any purpose other than providing and securing the Services. This includes storing, transmitting, delivering outreach messages, identifying replies, and enabling analytics features.

    13.3 Security of Prospect Data.
    We use reasonable administrative, technical, and physical safeguards to protect Prospect Data from unauthorized access, loss, misuse, or disclosure. While no platform can guarantee absolute security, we maintain procedures designed to prevent unauthorized use and limit internal access to only those personnel who require it to support the Services.

    13.4 Prohibited uses by Users.
    Users agree not to upload or transmit Prospect Data that:

    • was obtained unlawfully or without proper notice;
    • ontains sensitive personal data (e.g., health data, financial account numbers, government IDs) unless required for the Services and permitted by law;
    • violates spam, outreach, or anti-harassment laws; or
    • infringes on the rights of any third party.

    We reserve the right to suspend account features or access if we believe Prospect Data is being processed in violation of applicable law or our Terms.

    13.5 Retention and deletion of Prospect Data.
    Prospect Data is retained according to the User’s activity within the Platform and Section 9 (Data Retention). Users may delete Prospect Data at any time, and we will remove or anonymize such data within a reasonable period. Upon account closure, Prospect Data will be deleted in accordance with our standard retention schedule unless we are legally required to retain it.

    13.6 Subprocessors.
    We may engage third-party service providers (e.g., hosting providers, email delivery services, analytics tools) to process Prospect Data on our behalf. These subprocessors are bound by obligations to use the data only as directed by us and to maintain appropriate security measures. A current list of subprocessors is available upon request or through our public listing, where applicable.

    13.7 Legal disclosures.
    We may disclose Prospect Data only where required by law, such as in response to a lawful subpoena, court order, or regulatory request. Where permitted, we will attempt to notify the User before disclosure so they may respond or seek protective measures.

    13.8 Relationship to our Data Processing Addendum.
    Where required under applicable privacy laws, our processing of Prospect Data in a processor or service-provider capacity is further governed by our Data Processing Addendum (“DPA”). The DPA sets out additional obligations regarding subprocessing, data rights, cross-border transfers, and deletion upon termination. The DPA forms part of our agreement with customers and is available at https://respona.com/dpa/.

  14. When We Act as a Processor & Customer Instructions

     

    14.1 Scope of processing.
    When acting as a processor, we will process personal data solely for the purpose of providing, maintaining, securing, and supporting the Services, including enabling outreach functionality, detecting replies, generating analytics, troubleshooting issues, and improving core system performance. We will not process such personal data for any purpose other than those expressly permitted by the Terms of Service, this Privacy Policy, or your documented instructions.

    14.2 Your instructions.
    By uploading or transmitting personal data to the Platform or by using the DFY Product, you instruct us to process such personal data:

    • in accordance with the configuration of your account and campaigns;
    • to enable outreach, link-building, and communication activities as you direct;
    • to store, transmit, and analyze such data in connection with Platform features; and
    • as otherwise necessary to fulfill our contractual obligations to you.
    • We will follow your instructions unless we reasonably believe they violate applicable law or would cause harm to the Platform, other users, or data subjects. If we believe an instruction is unlawful, we may suspend the processing at issue and request clarification.

    14.3 Customer obligations.
    You are solely responsible for ensuring that your instructions are lawful and that personal data you provide has been collected and disclosed in compliance with applicable privacy, marketing, and outreach laws. This includes ensuring compliance with GDPR, CAN-SPAM, CPRA, and other regulations that may apply. You represent and warrant that:

    • you have all lawful rights necessary to provide and instruct us to process personal data;
    • your instructions will not cause us to violate any applicable laws; and
    • you will not instruct us to process categories of data that are prohibited or unnecessary for the Services.

    14.4 Restrictions on our processing.
    When acting as a processor, we will not:

    • sell personal data;
    • share personal data for cross-context behavioral advertising;
    • use personal data for our own marketing or analytics unrelated to your account;
    • combine personal data across customers except in an aggregated or de-identified manner that does not identify individuals.

    14.5 Confidentiality.
    We ensure that all personnel authorized to process personal data are subject to confidentiality obligations and are trained in data-protection requirements relevant to their roles.

    14.6 Assistance with data rights.
    To the extent legally required and technically feasible, we will assist you in responding to data-subject rights requests (such as deletion, access, or correction requests) directed at personal data you control. You are responsible for authenticating and validating such requests.

    14.7 Deletion upon termination.
    Upon termination of the Services or upon your request, and subject to any legal retention obligations, we will delete or return personal data processed on your behalf within a reasonable period, consistent with Section 9 (Data Retention).

  15. Subprocessors

     

    15.1 Use of Subprocessors
    To operate, secure, and improve the Services, we may engage third-party service providers that process personal data on our behalf. These subprocessors assist with functions such as cloud hosting, email delivery, infrastructure support, analytics, customer-support tools, and operational systems used in connection with the DFY Product. Each subprocessor processes personal data only to the extent necessary to perform the services for which it has been engaged.

    15.2 Requirements Imposed on Subprocessors
    We require all subprocessors to enter into written agreements that include confidentiality obligations and data-protection commitments consistent with the requirements imposed on us under this Privacy Policy and applicable law. Subprocessors may access personal data only as instructed by us and solely for service-related purposes. They must implement appropriate technical and organizational measures to safeguard the data and must notify us of any actual or suspected security incident affecting personal data. We remain responsible for the performance of our subprocessors and for ensuring their compliance with applicable obligations.

    15.3 Subprocessor List and Notifications
    We maintain a current list of subprocessors, which may be made available upon request or published by us. This list identifies the nature of the service each subprocessor provides and, where relevant, the geographic region in which personal data may be processed. Because our technology stack and operational requirements evolve, we may add, replace, or remove subprocessors over time. Where required by law or by contract, we will provide notice of material changes to our subprocessor list. Customers who reasonably believe that a new subprocessor presents an undue privacy or security risk may object in writing. If an objection cannot be resolved through alternative measures, we may suspend or modify the affected portion of the Services, or allow the customer to terminate the impacted Services without penalty.

    15.4 International Processing by Subprocessors
    Some subprocessors may process personal data outside the jurisdiction in which you are located. When this occurs, we ensure that data transfers comply with applicable cross-border transfer requirements, as described in Section 10 of this Privacy Policy. This may include reliance on adequacy determinations, standard contractual clauses, or other legally recognized transfer mechanisms designed to ensure that personal data receives appropriate protection regardless of where it is processed.

  16. Automated Processing & AI-Generated Output

     

    16.1 Use of Automated Technologies
    We may use automated technologies, including rules-based systems, machine-learning tools, and AI-assisted features, to support the functionality, efficiency, and performance of the Services. These technologies may analyze patterns, classify data, identify engagement trends, or generate suggested outreach content. The purpose of these tools is to enhance the Services and assist Users in carrying out tasks more effectively. Automated processing is not intended to replace qualitative human judgment, and Users should treat all automated recommendations as informational rather than authoritative.

    16.2 User Responsibility for Reviewing Outputs
    Any automated or AI-generated output that you receive through the Services may contain inaccuracies, omissions, or content that is not suited for your specific context. You are solely responsible for reviewing, editing, validating, and approving all automated or AI-generated text, insights, or recommendations before using them in campaigns or relying on them for business decisions. We do not assume liability for actions taken in reliance on AI-generated output without adequate human review.

    16.3 How Personal Data Is Used in Automated Systems
    Personal data may be processed by automated technologies to support the functionality of the Services, including to classify data, route communications, or identify system issues. When personal data is processed in this manner, we do so only to the extent necessary to operate the Services and in compliance with this Privacy Policy and applicable law. AI-driven features do not train on identifiable prospect data uploaded by Users. When machine-learning optimization is used, it relies exclusively on aggregated, anonymized, or synthetic data that cannot be linked back to an identifiable individual.

    16.4 No Solely Automated Decisions With Legal or Significant Effects
    We do not make decisions that produce legal, financial, or similarly significant effects about individuals solely through automated means. Any system actions that could meaningfully affect a User or a data subject, such as account actions or campaign-related decisions, will include appropriate human involvement or oversight.

  17. Marketing Communications

     

    17.1 Types of Communications We Send
    We may send marketing communications that relate to new features, product updates, educational materials, webinars, best practices, promotional offers, or other content intended to help Users maximize their use of the Services. These communications may be delivered by email, through the Platform interface, or through other communication channels supported by the Services.

    17.2 How You Can Manage Preferences
    You may opt out of receiving marketing communications at any time by using the “unsubscribe” link provided in our emails or by contacting us directly. Even if you opt out of marketing messages, you will continue receiving operational or transactional communications that are necessary to provide the Services, including notices related to account activity, security events, service updates, and billing.

    17.3 Compliance With Applicable Laws
    We maintain internal procedures to ensure that our outreach and marketing practices comply with applicable laws governing electronic communications, including consent requirements, opt-out rights, and anti-spam regulations. Where affirmative consent is required before sending promotional communications, we will obtain that consent prior to sending such messages.

    17.4 No Sale or Transfer of Data for Third-Party Marketing
    We do not sell personal data for advertising purposes and we do not transfer personal data to third parties for their independent marketing activities. Any marketing conducted in connection with the DFY Product is performed solely on your behalf and in accordance with your instructions, and does not authorize any third party to use personal data for unrelated marketing purposes.

  18. Children’s Privacy

     

    18.1 No Use by Children Under Thirteen
    The Services are not directed to, and are not intended for use by, children under the age of thirteen. We do not knowingly collect, maintain, or process personal data from children under thirteen. If we learn that personal data has been collected from a child under thirteen without verified parental consent, we will take reasonable steps to delete that information as quickly as possible and to disable the associated account, if applicable.

    18.2 Responsibility of Parents and Guardians
    If you are a parent or legal guardian and believe that your child has provided personal data to us without your authorization, you should contact us promptly. Upon receiving such a request, we will take appropriate steps to verify your identity and to remove the data from our systems in compliance with applicable laws.

    18.3 Compliance With International Child Privacy Laws
    Where laws impose higher age thresholds or additional requirements for the collection or processing of children’s data, such as the GDPR or similar regional legislation, we adhere to those obligations. We do not knowingly engage in any processing activities involving minors unless such processing is expressly permitted under applicable law and accompanied by the requisite consent from a verified parent or guardian.

  19. Third-Party Links & Integrations

     

    19.1 External Websites and Resources
    The Services may contain links to third-party websites, applications, tools, or resources that are not owned or controlled by us. These links are provided for convenience and informational purposes. We do not endorse, monitor, or assume responsibility for the privacy practices, content, accuracy, or security of any third-party sites or services. Your use of such third-party resources is entirely at your own risk and subject to the terms and policies of those third parties.

    19.2 Integrations and Data Sharing With Third-Party Tools
    You may choose to integrate your account with certain third-party platforms, such as email providers, analytics tools, or CRM systems. When you enable a third-party integration, we may share or receive limited information as necessary to enable the integration and to provide the functionality you request. Such sharing is performed solely for the purpose of operating the integration and will occur only to the extent authorized by you or required to support the Services.

    19.3 Independent Third-Party Responsibilities
    Third-party providers are responsible for their own privacy practices and compliance with applicable laws. We do not control how those third parties collect, use, disclose, secure, or otherwise handle personal data. We encourage you to review the privacy policies and terms of any third-party services you connect to or interact with through the Platform to understand how your data will be handled.

    19.4 Disconnection of Integrations
    You may disable or remove certain third-party integrations through your account settings or support request. Upon disconnection, we will cease the exchange of data with the third-party provider, except to the extent necessary to comply with law or maintain system security. Any data previously transmitted to or from a third party will continue to be governed by that provider’s terms unless deletion is requested directly from the third party.

  20. Changes to This Privacy Policy

     

    20.1 Right to Update or Modify
    We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. Any modifications will be made at our sole discretion and will be effective when posted unless a later effective date is stated.

    20.2 Notice of Material Changes
    If we make changes that materially affect your rights or how we process personal data, we will provide additional notice as required by applicable law. Such notice may be provided through email, a prominent notice on the Site, in-product notifications, or other appropriate mechanisms. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.

    20.3 Responsibility to Review Updates
    It is your responsibility to review this Privacy Policy periodically. The “Last Updated” date at the top of this document indicates when the most recent modifications were made. If you do not agree with any changes, you must discontinue use of the Services and, where applicable, close your account.

  21. Contact Information

     

    21.1 Submitting Privacy Requests or Questions
    If you have questions about this Privacy Policy, our privacy practices, or wish to submit a request regarding your personal data, you may contact us using the information below. We will respond in accordance with applicable data protection laws and may take steps to verify your identity before responding to certain types of requests.

    21.2 Contact Details
    Respona, LLC
    Attn: Privacy Office
    9211 Corporate BLVD. Suite 308, Rockville, MD 20850
    Email: [email protected]
    Website: www.respona.com

    21.3 Additional Contact Rights Under Certain Laws
    Residents of regions with enhanced privacy protections, such as California, the European Economic Area, the United Kingdom, and others, may have additional rights regarding how to submit concerns or escalate unresolved privacy complaints to supervisory authorities. Instructions for exercising those rights are included in the relevant sections of this Privacy Policy.