1. Introduction
Privacto ("we," "our," or "us") provides privacy audit services to help users identify GDPR violations in their email accounts. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service at privacto.com.
2. Information We Collect
Email Account Data
When you authorize Privacto to access your Gmail account, we temporarily access:
- Email headers (subject lines, sender information, dates)
- Email content for privacy violation analysis
- Email metadata (labels, folders, read status)
Account Information
- Email address (from Google OAuth)
- Name (if provided by Google)
- Google account ID for authentication
Payment Information
Payment processing is handled by Stripe. We do not store your payment details. We only receive confirmation of successful payments.
3. How We Use Your Information
Privacy Audit Analysis: We analyze your email data to identify potential GDPR violations and privacy issues.
Report Generation: We create detailed reports of privacy violations found in your email account.
Service Delivery: We use your email address to deliver your privacy audit results.
Legal Compliance: We may use your information to comply with legal obligations.
Important: We Do NOT Use Your Data For:
- Advertising or marketing purposes
- Selling or transferring to third parties for their commercial use
- Training AI models or machine learning systems
- Any purpose other than providing you with privacy audit services
4. Data Retention and Deletion
24-Hour Data Deletion Policy
Email Data: All email content and metadata is permanently deleted within 24 hours of your scan completion.
Analysis Results: Your privacy audit results are available for 24 hours, then automatically deleted.
Account Data: Basic account information (email address) is retained only for service delivery and is deleted after 30 days of inactivity.
Payment Records: Payment confirmation records are retained for 7 years for tax and accounting purposes, as required by law.
Google User Data: All data obtained from Google APIs is subject to the same 24-hour deletion policy and is never stored permanently.
Deletion Process: We use secure deletion methods that make data unrecoverable and implement automated deletion systems to ensure compliance.
5. Data Security
We implement industry-standard security measures to protect your data:
- End-to-end encryption for all data transmission
- Secure database storage with encryption at rest
- Regular security audits and monitoring
- Limited access controls and employee training
- Secure deletion processes for data removal
6. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right to Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Request transfer of your data
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent for data processing
To exercise these rights, contact us at privacy@privacto.com
7. Google User Data Usage
How Privacto Uses Google User Data
Data Collection: Privacto accesses your Gmail account data solely to analyze emails for GDPR privacy violations and generate privacy audit reports.
Data Usage: We use Google user data exclusively for providing privacy audit services. We do not use your data for advertising, marketing to third parties, or any purpose unrelated to privacy analysis.
Data Sharing: We do not sell, rent, or share your Google user data with third parties except as required by law or to provide the core privacy audit service.
Data Retention: All Google user data is automatically deleted within 24 hours of scan completion. We do not store your emails or personal information beyond the minimum necessary to deliver your privacy report.
Data Protection: We implement industry-standard security measures including encryption in transit and at rest to protect your Google user data.
Limited Access: Only authorized personnel have access to Google user data, and only for the specific purpose of providing privacy audit services.
No Human Review: Your email content is analyzed by automated systems only. Human reviewers do not access your personal email content unless specifically required for technical support and with your explicit consent.
Google API Limited Use Compliance
Privacto's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
This means we comply with all restrictions on how user data obtained through Google APIs can be used, ensuring your Gmail data is handled with the highest standards of privacy and security as required by Google's policies.
Sensitive Data Protection
We recognize that email data may contain sensitive information. Privacto implements enhanced security measures for handling potentially sensitive data including financial information, medical records, legal communications, and personal correspondence. All data is processed with the highest level of security and is automatically deleted within 24 hours.
8. Third-Party Services
Google Services: We use Google OAuth for secure authentication and Gmail API for email access. Your use of Google services is subject to Google's Privacy Policy.
Stripe: Payment processing is handled by Stripe, subject to their privacy policy.
Hosting: Our service is hosted on secure cloud infrastructure with appropriate data protection measures.
9. International Data Transfers
Your data may be processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your data in accordance with GDPR requirements.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the service after changes become effective constitutes acceptance of the new terms.
11. Contact Information
Data Controller: Yannis Karagiannidis
Email: contact@privacto.com
Address: PrintPigeon LTD (16236878). 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
DPO Contact: contact@privacto.com
12. Supervisory Authority
If you have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.