Privacy Policy

This Privacy Policy explains how Catchavo ("Catchavo," "we," "us") collects, uses, discloses, and protects personal information in connection with our websites, dashboard, APIs, and related services (collectively, the "Service").

Two audiences. (1) Business users who create accounts to use Catchavo for their company. (2) Leads and customers of those businesses who interact with chat, SMS, forms, or ads that flow into Catchavo. This policy covers both, with different roles described below.

Controllers and processors. Catchavo generally acts as a data controller for information we collect about business users and about visitors to our marketing sites. For Lead Data that businesses submit or that originates from their ad/lead sources, the business is typically the controller and Catchavo processes that information as a processor on their instructions to provide the Service. Where laws treat us differently, we comply accordingly.

From business users

• Identity and contact: name, email, phone, company name, role.
• Account and billing: credentials (password hashed), subscription and payment-related data processed by our payment provider.
• Configuration: business profile, services, service area, AI persona settings, webhook secrets, integration tokens (e.g., calendar) where you connect them.

From leads and customers (via businesses and integrations)

• Contact and inquiry: name, phone, email, message content, job type, location, source platform metadata.
• Conversation and SMS logs: chat transcripts, SMS text, delivery status, timestamps, opt-out requests.

Automatically collected

• Device and log data: IP address, browser type, approximate location derived from IP, pages viewed, referring URL, diagnostics.
• Cookies and similar technologies (see Section 10).

• Provide, operate, and secure the Service and accounts.
• Deliver AI-assisted and human-handled conversations, scheduling flows, and notifications.
• Send SMS on behalf of businesses—including initial handoff messages and, where configured, follow-up or reminder texts when a conversation stalls—consistent with consent obtained at collection.
• Improve reliability, debug, and develop features (including using aggregated or de-identified data where appropriate).
• Comply with law, enforce terms, and respond to lawful requests.
• Send service and administrative messages to business users (not marketing unless permitted and opted in).

Where the UK GDPR or EU GDPR applies, we rely on: performance of a contract (providing the Service to business users); legitimate interests (security, product improvement, fraud prevention—balanced against your rights); consent where required (e.g., non-essential cookies, certain marketing, or SMS where consent is the appropriate basis); and legal obligation where we must retain or disclose data. Leads' data is typically processed on the business customer's instructions; they should provide you their lawful basis (often contract or legitimate interests for service messages, or consent for marketing).

If you are a lead or customer, your number may be used to send SMS from Catchavo on behalf of the business you contacted—including a message that identifies them and links to chat, and, where the business has enabled it, limited follow-up or reminder texts about the same inquiry if you have not responded or completed next steps.

Consent. Businesses should obtain consent or another lawful basis consistent with the disclosures you saw when you provided your number (including that follow-ups may occur). Message frequency varies. Message and data rates may apply.

Opt-out. Reply STOP where supported to end SMS from that program. Reply HELP for help. Carriers are not liable for delayed or undelivered messages. You may also contact the business directly.

We use AI models to generate or suggest replies. This involves automated processing of conversation content. Outputs are not guaranteed accurate. For UK/EEA users, where decisions with legal or similarly significant effects are made solely by automated means, applicable law may give you rights to human review; our Service is designed for business lead conversations rather than solely automated legal decisions—contact us if you believe a specific scenario applies.

We share personal information with vendors who assist us (hosting, database, authentication, email, SMS delivery, AI inference, analytics on our own site, payment processing). They are bound by contractual obligations. We may disclose information if required by law, to protect rights and safety, or in connection with a merger or asset sale (with notice where required).

We are based in the United States. If we transfer personal information from the UK, EEA, or Switzerland to the U.S. or other countries, we use appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, EU Standard Contractual Clauses, or other mechanisms approved by regulators, unless an adequacy decision applies.

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Business accounts may be deleted or anonymized after closure subject to legal holds. Lead and message data retention may follow business customer settings or defaults we publish; SMS logs may be kept longer where carriers or regulations require proof of consent and opt-out.

We use cookies and similar technologies for essential operation (e.g., session, security), preferences, and, where allowed, analytics or marketing on our own marketing pages. You can control cookies through browser settings; some features may not work without essential cookies. Where required, we will obtain consent before non-essential cookies on applicable sites.

We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, vendor review). No system is perfectly secure. We will notify you and regulators where required when a breach affects personal data subject to notification laws.

The Service is not directed to children under 13 (U.S.) or under the digital consent age in your jurisdiction. We do not knowingly collect personal information from children for those audiences. If you believe we have, contact us to delete it.

California residents may have the following rights subject to exceptions: to know what personal information we collect, use, and disclose; to delete personal information; to correct inaccurate information; to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising (we do not sell personal information in the traditional sense; update this sentence if you begin selling or sharing for ads); to limit use of sensitive personal information to what is necessary to provide the Service; and non-discrimination for exercising rights. You may designate an authorized agent. We will verify requests as permitted by law.

California Shine the Light: California residents may request certain information about disclosure of personal information to third parties for direct marketing (where that law applies).

To submit a request: support@catchavo.com.

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt out of certain processing (including targeted advertising or profiling in some states). Contact us at the address below; we will respond in line with applicable law.

If you are in the UK or EEA, you may have the right to: access your personal data; rectify inaccuracies; erase data in certain cases; restrict processing; data portability; object to processing based on legitimate interests or for direct marketing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority (e.g., ICO in the UK, or your local DPA in the EEA).

To exercise rights: support@catchavo.com. You may also contact the business that collected your data—they may be the controller for much of your personal data as a lead or customer.

In the preceding twelve months, we may have collected: identifiers (name, email, phone, account ID); commercial information (subscription); internet or network activity; geolocation (approximate from IP); and professional information. Sources include you, business customers, integrations, and automatic collection. Purposes are described in Section 3. Disclosures are described in Section 7.

We may update this Privacy Policy. We will post the new version and revise the "Last updated" date. For material changes, we will provide additional notice where required (e.g., email or in-product).

Data protection / privacy inquiries: support@catchavo.com

Postal address (if required in your jurisdiction): [legal entity name and address]

UK/EEA representative (if you appoint one): [optional — name and contact]