1. Introduction
USAP ("we," "us," "our," or "Company") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our customer support platform and services (the "Services").
This policy applies to all users worldwide, with specific provisions for residents of the European Economic Area (EEA), United Kingdom (UK), California, and the Philippines. We comply with:
- •General Data Protection Regulation (GDPR) - EU Regulation 2016/679
- •Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and IRR
- •California Consumer Privacy Act (CCPA) as amended by California Privacy Rights Act (CPRA)
- •ePrivacy Directive 2002/58/EC (Cookie Law)
- •Children's Online Privacy Protection Act (COPPA)
By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Services.
2. Information We Collect
2.1 Personal Information Collected Directly
We collect personal information that you voluntarily provide:
Account Information:
Full name, email address, company name, job title, phone number, billing address, payment information (processed through third-party processors - we do NOT store full credit card numbers)
Profile Information:
Profile photos, user preferences, language settings, time zone settings
Communications and Support Data:
Customer support messages (email, Facebook Messenger, Shopify, and other integrated platforms), conversation history, attachments (documents, images, files), support tickets, feedback and survey responses
Team Collaboration Data:
Team member roles and permissions, internal notes and tags, assignment information, performance metrics
Legal Basis (GDPR Articles 6(1)(a), 6(1)(b), 6(1)(f)):
- • Consent: When you voluntarily provide information
- • Contractual Necessity: To provide the Services you requested (Article 6(1)(b))
- • Legitimate Interests: To improve Services and customer experience (Article 6(1)(f))
2.2 Information Collected Automatically
Usage Data:
IP address, browser type and version, device information (type, operating system, device identifiers), pages visited and features used, time and date of access, referring/exit pages, click-stream data, session duration
Cookies and Tracking Technologies:
We use cookies, web beacons, pixel tags, and similar technologies. See our Cookie Policy and Section 9 below for detailed information.
Analytics Data (PostHog):
We use PostHog, a third-party analytics platform, to understand user behavior and improve our Services. PostHog collects:
- • User behavior patterns and feature usage statistics
- • Performance metrics and error logs
- • Aggregated usage data
- • Heatmaps and session recordings (only with explicit consent)
- • IP addresses (can be anonymized)
PostHog Data Location: EU (Frankfurt, Germany) and/or US data centers. Data Processing Agreement with Standard Contractual Clauses in place.
You can opt-out of PostHog tracking via Cookie Settings. PostHog Privacy Policy: https://posthog.com/privacy
Legal Basis (GDPR Article 6(1)(f), ePrivacy Directive Article 5(3)):
- • Legitimate Interests: To analyze and improve our Services
- • Consent: For non-essential cookies (required under ePrivacy Directive)
2.3 Information from Third-Party Sources
Integration Partners:
Facebook Messenger data (messages, user IDs, page information), Shopify data (customer inquiries, order information), email service providers, other integrated communication platforms
Payment Processors:
Transaction confirmation data, payment status, billing information verification
2.4 Sensitive Personal Information
Under Philippine Data Privacy Act (Section 3(l)) and GDPR (Article 9), certain categories require additional protection:
WE DO NOT INTENTIONALLY COLLECT SENSITIVE PERSONAL INFORMATION
If sensitive data is inadvertently received, we process it only:
- • With explicit consent (GDPR Article 9(2)(a))
- • When necessary for legal claims (GDPR Article 9(2)(f))
- • When manifestly made public by the data subject
Enhanced security measures, limited access, and expedited deletion apply to all sensitive data.
6. Data Security
Enterprise-Grade Security Measures
We implement comprehensive technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:
Security Limitations:
No method of transmission over the Internet or electronic storage is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security.
Your Responsibilities:
- • Maintain confidentiality of account credentials
- • Use strong, unique passwords
- • Enable multi-factor authentication
- • Report suspected security breaches immediately
8. Your Privacy Rights
8.1 GDPR Rights (EEA/UK Residents)
Right of Access (Article 15)
Obtain confirmation of processing and access your personal data
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data
Right to Erasure (Article 17)
Request deletion of personal data ("Right to be Forgotten")
Right to Restriction (Article 18)
Request limitation of processing in certain circumstances
Right to Data Portability (Article 20)
Receive data in machine-readable format
Right to Object (Article 21)
Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time where processing is based on consent
Right to Lodge Complaint (Article 77)
File complaint with supervisory authority
8.2 Philippine Data Privacy Act Rights
Right to Be Informed (Section 16)
Know before data collection: identity of controller, purposes, categories of data
Right to Access (Section 16(c))
Reasonable access to your personal data and dispute inaccuracy
Right to Object (Section 34)
Object to processing on grounds relating to particular situation
Right to Erasure or Blocking (Section 16(e))
Suspend, withdraw, or order blocking/removal of personal data
Right to Rectify (Section 34(c))
Correct, destroy, or block incomplete, outdated, or false data
Right to Data Portability (Section 34(h))
Obtain copy in electronic or structured format
Right to File Complaint
File complaints with National Privacy Commission (NPC)
Right to Damages (Section 26)
Claim compensation for damages from data misuse
8.3 California Privacy Rights (CCPA/CPRA)
Right to Know (§1798.100)
Request disclosure of personal information collected, sources, purposes, and third parties
Right to Delete (§1798.105)
Request deletion of personal information (exceptions apply)
Right to Correct (§1798.106)
Correct inaccurate personal information
Right to Opt-Out (§1798.120)
We do NOT sell or share personal information
Right to Limit Sensitive PI (§1798.121)
We do NOT use sensitive PI beyond permitted purposes
Right to Non-Discrimination (§1798.125)
No discrimination for exercising privacy rights
Authorized Agent
Designate authorized agent to make requests on your behalf
Response Timeline
We respond within 45 days (extendable by 45 days if necessary)
How to Exercise Your Rights
USAP - Data Privacy Team
[Company Address]
In-App
Access "Privacy Settings" in your account dashboard
Response Times:
- • GDPR: Within 1 month (extendable by 2 months for complex requests)
- • Philippine DPA: Within reasonable period (typically 30 days)
- • CCPA/CPRA: Within 45 days (extendable by 45 days with notice)
13. Contact Information
Questions? We're Here to Help
For questions about this Privacy Policy or to exercise your privacy rights, contact us: