Upspring Privacy Policy

1. Information We Collect

We collect various types of information from or about you (and, in some cases, from your customers or end-users if you integrate Upspring with your systems). This includes:

1.1 Information You Provide Directly

Account Registration Information: When you sign up for Upspring, we may collect personal details such as your name, business or company name, email address, phone number, job title, and a password. If you register using a third-party account (for example, signing in via Google or another service), we will receive basic profile information from those accounts as needed (such as your name and email).

Profile and Organization Data: If you create a user profile or provide additional information within the platform, we collect that data. This may include a profile photo, timezone, roles or team affiliations, and any preferences you set.

Payment and Billing Information: If you subscribe to a paid plan, our payment processor (a third-party service) will collect your payment card details or other billing information. We may also collect billing contact name, billing address, and tax identification (e.g., VAT number) if relevant. Note: Upspring itself does not store your full credit card information; that is handled by our PCI-compliant payment processor.

Communications with Us: If you contact Upspring support or communicate with us via email, chat, or phone, we will collect the information you provide in those communications. This can include your contact details and the content of your inquiry or feedback.

Survey, Contest, or Feedback Information: If you participate in a survey, contest, user research, or respond to our request for feedback, we collect any information you choose to provide, which might include your email, opinions, or testimonial.

1.2 Information We Collect from Your Use of the Service

Store and Marketing Data (User-Provided Integration Data): Upspring is designed to integrate with your e-commerce platforms, advertising accounts, and other marketing tools to gather data and automate campaigns. When you connect these services (such as connecting your Shopify store, Facebook/Meta Ads account, Google Analytics, email marketing platform, etc.), we collect data from those sources as needed to provide our Service. This may include:

• E-commerce Data: Product information, inventory levels, sales and order data, customer purchase history, and other store performance metrics.
• Advertising and Campaign Data: Information about your advertising campaigns and marketing activities, such as ads run, budgets, impressions, clicks, conversions, and associated performance metrics.
• Customer Engagement Data: If you use Upspring to manage customer communications, we will process relevant customer contact info and engagement data.
• Inspiration & Competitor Data: If you utilize features like the Inspiration Library or Competitor Analysis, we may collect or store data related to ads or content from third-party libraries or public sources.

Usage Data: We automatically collect information about how you and your users interact with Upspring. This includes log data (IP address, date and time of access, pages viewed, actions taken), device and software data (operating system, browser type, device identifiers), and any errors encountered.

Cookies and Similar Technologies: We and our service providers use cookies, web beacons, pixels, and similar tracking technologies on our website and within the app to collect information about your usage and to recognize you across different services and devices.

Analytics Data: We use internal and third-party analytics tools to collect information about user behavior and demographics to help us improve the user experience and the Service's functionality.

AI Recommendation Data: When Upspring's AI features analyze your store data to provide proactive campaign suggestions or performance insights, we collect the input data and the output for your use.

1.3 Information from Third Parties

Third-Party Integrations: If you link or integrate third-party services with Upspring, those services may send us information about you or your end-customers.

Partners and Referrals: We may receive your information from business partners or referral programs.

Publicly Available Sources: We might collect business contact information from public sources for outreach and marketing purposes in compliance with applicable laws.

1.4 Children's Data

Upspring is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Service or send us any personal information. If we learn that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly. (If you believe we might have any information from or about a minor, please contact us at info@upspring.ai.)

2. How We Use Your Information

Upspring uses the collected information for various purposes in order to provide, maintain, and improve our Service, and to support our business operations. The main uses of information are:

2.1 To Provide and Maintain the Service

Operate the Platform: We use your information to allow you to log in, use the features, and generally to perform the contract with you.

Personalize Your Experience: We use data to customize the Service for you, such as remembering your dashboard layout, recommending content relevant to your industry, or pre-filling settings based on your past usage.

Processing Transactions: For paid users, we use billing information to process subscription payments and any other transactions, and to manage your subscription.

Account Management: We may use your information to send you important account notifications, such as registration confirmation, subscription renewal, payment issues, or security updates.

2.2 To Improve and Develop the Service

Service Improvement: We analyze usage data and feedback to understand how our product is being used and how it can be improved.

New Features and AI Training: We may use aggregated, anonymized data derived from user content and behavior to develop new features or improve our AI algorithms. If we ever use your data for machine learning training that goes beyond providing the Service to you, we will do so either with your consent or in a manner that ensures personal or proprietary identifiers are removed.

Research and Analytics: We might use certain data for internal research, such as evaluating the effectiveness of a new feature or understanding the demographics of our user base.

2.3 To Communicate with You

Service and Account Communications: We will contact you to send transactional or relationship messages, such as welcoming you to Upspring, informing you of important account information, notifying you of product updates, and responding to your inquiries.

User Guides and Tips: We might send emails or in-app messages to help you better use Upspring.

Marketing and Promotional Communications: If you have subscribed to our newsletter or agreed to receive marketing communications, we will send you emails about new features, special offers, webinars, newsletters, or events. You will always have the option to opt out.

Push Notifications: With your consent, we may send push notifications or alerts to your device. You can control these via your device or app settings.

2.4 To Facilitate Marketing Campaigns on Your Behalf

Campaign Content and Automation: We use the store data and customer data you provide to create and execute marketing campaigns as directed by you.

Personalization: Our AI and automation features may personalize communications to your end-customers using their purchase history or browsing behavior.

Ad Management: If you connect advertising accounts, we use the data from those accounts to inform campaign strategies and may assist in creating or adjusting ad campaigns with your instruction.

2.5 For Security and Legal Compliance

Security and Fraud Detection: We use information to monitor for suspicious or fraudulent activity on our platform, to detect potential threats, and to verify accounts.

Enforcing Terms and Policies: Information may be used to investigate and enforce our Terms of Service and other legal terms.

Legal Obligations: We may process personal data to comply with applicable laws or regulations.

Protecting Rights and Interests: We may use or disclose information as we believe necessary to protect the rights, property, or safety of Upspring, our users, or others.

2.6 Other Purposes with Consent

If we intend to use your personal information for a purpose that is not covered in this Privacy Policy or that is materially different from the purposes we collected it for, we will seek your consent.

3. How We Share Your Information

We do not sell your personal information to third parties. We only share your information in limited circumstances, described below, and always with appropriate safeguards and only as necessary.

3.1 Service Providers and Partners

We employ trusted third-party companies and individuals to help us provide, analyze, and improve the Service. These service providers include:

• Hosting and Infrastructure: Cloud hosting providers (such as AWS, Google Cloud, or Azure) to store data and run our application.
• Payment Processors: Third-party payment gateways (like Stripe, PayPal) to handle billing securely.
• Email and Communication Tools: Services to send emails, app notifications, or chat communications.
• Analytics and Monitoring: Analytics providers (e.g., Google Analytics) and error-tracking tools to maintain service quality.
• Customer Support Systems: CRM or support platform partners to handle support requests.
• Marketing and Advertising Partners: Partners to help promote Upspring in a privacy-conscious way.

3.2 Within Our Corporate Group

If Spring AI Tech Ltd. has affiliates, subsidiaries, or parent companies, we may share your information within that corporate group. Any such entity will follow this Privacy Policy.

3.3 Business Transfers

If Upspring is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We would contractually require the new owner to continue honoring this Privacy Policy.

3.4 Legal Compliance and Protection

We may disclose your information if required to do so by law or if we have a good faith belief that such action is necessary to:

• Comply with legal obligations (subpoenas, warrants, court orders)
• Regulatory compliance
• Protect rights and safety of our company, users, or the public
• Enforce our agreements

3.5 Your Sharing and Directions

With Other Users at Your Direction: If you invite team members or connect multiple user accounts under an organization, certain information will be shared among those users.

Third-Party Integrations at Your Request: When you integrate or share data between Upspring and third-party services, you are directing us to share certain information with that service.

Social Media or Public Posting: If you choose to link Upspring with a social media account or publish content publicly, that information will be viewable by those networks or the public.

3.6 Aggregated or De-Identified Data

We may share information that has been aggregated or anonymized in such a way that it cannot reasonably be used to identify you. This data will not include anything that could be linked back to any individual person or a specific organization.

4. Cookies and Tracking Technologies

Cookies are small data files stored on your browser or device. Upspring and our analytics or advertising partners use cookies and similar technologies (like pixels, web beacons, and local storage) to provide our Service and gather information.

4.1 How We Use Cookies

• Essential Cookies: Necessary for the website or app to function (login sessions, form inputs).
• Performance and Analytics Cookies: Collect information about how users interact with our Service to improve performance and design.
• Functionality Cookies: Remember preferences you set and improve your experience.
• Advertising and Marketing Cookies: Help us measure the effectiveness of our ads and reach interested people.

4.2 Third-Party Tracking

Some third-party services that integrate with our site may set their own cookies. We do not have control over those cookies except to choose which partners we implement.

4.3 Your Choices Regarding Cookies

Browser Controls: Most web browsers allow you to modify settings to decline cookies or clear existing cookies. Disabling cookies may affect the functionality of our Service.

Do Not Track Signals: Our site currently does not respond to "Do Not Track" (DNT) signals from browsers because there is not yet a common standard for interpreting them.

Analytics Opt-Out: For Google Analytics, you can install the Google Analytics Opt-out Browser Add-on.

Advertising Choices: You can opt-out of some third-party vendors' cookies via the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative.

5. Data Retention and Security

5.1 Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this policy, or for as long as required by law or legitimate business purposes.

• Account Data: We keep your account information while your account is active and for a reasonable period thereafter.
• Content and Campaign Data: Removed content may remain in backups for a short period until cycled.
• Legal and Compliance: We may retain information as needed to comply with legal obligations, resolve disputes, and enforce agreements.
• Aggregated/Anonymized Data: May be retained indefinitely for analytics purposes.

5.2 Data Security

We implement a variety of security measures to protect your personal information:

• Encryption: All data is encrypted in transit using HTTPS/TLS protocols and at rest for sensitive data.
• Access Controls: Personal data is accessible only to those who need access to perform their job functions with strict confidentiality obligations.
• Network Security: Infrastructure protected by firewalls, network monitoring, intrusion detection and prevention systems.
• Testing and Assessments: Periodic security audits, vulnerability assessments, and penetration testing.
• Training: Team members are trained on data security and privacy best practices.

5.3 Data Breach Procedures

In the event of a data breach that involves your personal information, Upspring will act promptly to identify, contain, and mitigate the incident. We will notify affected users and relevant authorities as required by law, outlining the nature of the breach, what data might be involved, steps taken, and recommended precautions.

6. Your Rights and Choices

Depending on your jurisdiction and as provided by applicable data protection laws (such as the GDPR for EU/EEA residents or the CCPA/CPRA for California residents), you have certain rights regarding your personal information.

6.1 General Rights for Users (including GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, Switzerland or another jurisdiction with similar data rights, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Ask us to correct inaccurate or incomplete information.
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: Request that we limit processing of your data.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to our processing of your personal data in certain cases.
• Right not to be subject to Automated Decision-Making: Right not to be subject to a decision based solely on automated processing which produces legal or similarly significant effects.

To exercise any of these rights, contact us at info@upspring.ai. We will respond within the timeframes required by law (typically within 30 days for GDPR).

6.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, USA, you have specific privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of personal information with certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Share: Opt out of the "sale" or "sharing" of personal information. Note: Upspring does not sell your personal information for money.
• Right to Limit Use of Sensitive Personal Information: Request to limit use of sensitive personal information beyond what's allowed by law.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a request under CCPA/CPRA, contact us at info@upspring.ai with the subject line "CCPA Request".

6.3 Communication Preferences and Opt-Out

• Opt-Out of Marketing Emails: Unsubscribe via the link at the bottom of promotional emails or adjust your email preferences in account settings.
• Opt-Out of Push Notifications: Turn off in your device settings or browser settings.
• Opt-Out of Interest-Based Advertising: Use browser and device mechanisms to block cookies, use industry opt-out tools (DAA, NAI websites), or contact us.
• Analytics: Use the Google opt-out browser add-on or similar mechanisms.

6.4 Accessing and Updating Your Information

You can review and update certain personal information within Upspring by logging into your account and editing your profile or settings. For assistance with information not editable through the platform, contact support.

7. International Data Transfers

Upspring is based in Israel (with certain operations possibly in the United States) and we operate a global service. This means your personal information may be transferred to, processed, and stored in countries other than your own. Servers or databases for Upspring may be located in the United States, the European Union, or other jurisdictions.

Israel is recognized by the European Commission as providing an adequate level of data protection. When we transfer personal data from the EEA/UK to other countries that are not deemed adequate, we rely on lawful transfer mechanisms:

• Standard Contractual Clauses (SCCs): We have in place standard data protection clauses as approved by the EU Commission.
• International Agreements: Where applicable, we may rely on the UK International Data Transfer Agreement or similar frameworks.
• Other Safeguards: We may rely on your consent for cross-border transfers in certain cases.

If you have questions about our international data handling or want more information about transfer safeguards, contact us at info@upspring.ai.

8. Third-Party Websites and Services

Our Service may contain links to other websites, or you may engage with third-party services in connection with Upspring (such as logging in via a third-party, or using plugins). This Privacy Policy does not apply to information processed by third-party websites or services. We are not responsible for the privacy practices of those third parties.

For example:

• If you click a link to a blog or article on our site that leads to another company's site, any data you provide to that site is governed by their policies.
• If you use a third-party integration through Upspring, the information is handled by that third party under their policies once it leaves Upspring.
• Our site might include social media features. Interacting with those features might allow the third-party social media platform to collect information.

We encourage you to review the privacy policies of any third-party services or sites that you interact with.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do update it, we will:

• Post the revised policy on our website with a new "Last Updated" date.
• If the changes are significant, we will also provide a more prominent notice, such as an email notification or a banner on the site/app.

We encourage you to review this Privacy Policy periodically. If you continue to use Upspring after any Privacy Policy changes take effect, you will be deemed to have accepted the updated policy.

If you do not agree with the changes, you should deactivate your account or reach out to us with any concerns before the changes take effect.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us using the information below:

Spring AI Tech Ltd. (Upspring)
Email: info@upspring.ai
Mailing Address: Hatashah 2 Street, Floor 4, Tel Aviv, Israel.
Data Protection Officer (DPO): If required by applicable law, you may also reach our designated Data Protection Officer at info@upspring.ai.