Legal

Privacy Policy

Last Updated: April 2026  |  Applies to all Splocket products including Echo, Aegis, Nexus, and Kinetic.

Contents

Introduction Information We Collect How We Use Your Data Data Sharing Google API Disclosure Data Security Data Retention Data Deletion Your Rights Cookies International Transfers Children's Privacy Policy Changes Contact Us GDPR CCPA

Introduction

Welcome to Splocket ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use any Splocket product, including Echo (review management), Aegis (risk management), Nexus (quality assurance), and Kinetic (customer intelligence).

By using any Splocket product, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, phone number
  • Billing Information: Payment details processed securely through Stripe
  • Profile Data: User preferences, settings, profile pictures
  • Business Information: Company details, locations, products, team structure

1.2 Information We Collect Automatically

  • Usage Data: Features used, actions taken, time spent on platform
  • Device Information: IP address, browser type, operating system
  • Cookies: Session and preference cookies to enhance your experience

1.3 Information from Third Parties

  • Review Data (Echo): Customer reviews from Google, Facebook, Trustpilot, Shopify, Apple App Store, Google Play Store
  • CRM Data (Echo): Customer records from connected CRM systems
  • OAuth Data: Basic profile information when you connect third-party integrations

2. How We Use Your Information

We use your data to:

  • Provide and improve our products and services
  • Aggregate and display data from connected platforms
  • Generate AI-powered insights and response suggestions
  • Send transactional emails and notifications
  • Process payments and prevent fraud
  • Provide customer support
  • Comply with legal obligations

3. Data Sharing

3.1 We Share Data With:

  • Supabase: Database and infrastructure provider for secure data storage
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • OpenAI: AI-powered features (review response generation, sentiment analysis)
  • Review Platforms: Only when you respond to reviews through our platform
  • Your CRM: When you enable CRM sync features

3.2 We Do NOT:

  • Sell your personal data to any third party
  • Share your data for advertising purposes
  • Use your review data to train AI models for other customers
  • Transfer Platform Data received from Meta beyond what is necessary to provide our services

4. Google API Disclosure

🔍 Google API Services — Limited Use Disclosure

Echo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Our platform (Echo), a product of Splocket, accesses Google Business Profile data to provide the following user-facing features:

  • Review Aggregation: Collecting and displaying your Google reviews within the Echo dashboard for centralized management.
  • Response Management: Allowing you to draft and publish responses to Google reviews directly through our interface.
  • Analytics: Providing insights into your business's reputation and customer sentiment.

We do not sell your Google user data to third parties, and we do not use your data for advertising purposes. Your data is used strictly to provide the review management services you have authorized.

5. Data Security

  • Encryption: All data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based permissions limit who can access data within your organization
  • OAuth Tokens: Stored encrypted, never exposed to browsers, revoked immediately upon disconnection
  • Infrastructure: Hosted on SOC 2 compliant servers (Supabase/AWS)

6. Data Retention

  • Account Data: Retained while your account is active
  • Review Data: Retained indefinitely — there is no storage cap on reviews
  • OAuth Tokens: Retained only while integration is active, deleted immediately upon disconnection
  • Deleted Accounts: Personal data deleted within 30 days of account closure
  • Backups: Retained for 90 days for disaster recovery, then permanently deleted

7. Data Deletion

7.1 User-Initiated Deletion

  • Within Echo: Dashboard → Settings → Account → Delete Account
  • By Email: Request deletion at privacy@splocket.com
  • Processing Time: Within 30 days of request

7.2 What Gets Deleted

Upon account deletion we permanently delete: account credentials, profile information, all review data, CRM integration data, email templates, OAuth tokens, and usage analytics tied to your account.

7.3 What We Retain (Legally Required)

  • Billing Records: Transaction history for 7 years (tax compliance)
  • Anonymized Analytics: Aggregate statistics with no personal identifiers
  • Security Logs: Audit logs for fraud prevention (90 days)

8. Your Rights

You have the right to access, correct, delete, or export your personal data at any time. To exercise these rights contact us at privacy@splocket.com. We will respond within 30 days.

9. Cookies

  • Essential: Authentication, security, session management — cannot be disabled
  • Analytics: Understanding platform usage (Google Analytics)
  • Functionality: Remembering preferences and settings

10. International Data Transfers

Your data may be processed in the United States. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission where applicable.

11. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we discover we have done so, we will delete it immediately.

12. Policy Changes

We may update this policy periodically. We'll notify you of significant changes via email or platform notification at least 30 days before changes take effect.

13. Contact Us

14. GDPR Compliance (EU Users)

Legal bases for processing: Contract (to provide our services), Consent (marketing communications), Legitimate Interest (platform improvement, fraud prevention). EU users may lodge complaints with their local supervisory authority.

15. CCPA Compliance (California Users)

California residents have the right to know what data is collected, request deletion, and opt out of sale of personal information (we do not sell your data). To exercise CCPA rights email privacy@splocket.com.

Splocket  |  Casselberry, Florida  |  Effective April 2026