SOCIALSUITE PRIVACY POLICY
Updated: January, 2026
1. About this Policy
At Socialsuite Holdings Inc (Coral Harbour Pty Ltd t/as Socialsuite), we care deeply about your privacy.
We collect and use personal information responsibly and in line with:
● The Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
● The EU General Data Protection Regulation (GDPR)
● The UK Data Protection Act 2018
● The California Consumer Privacy Act (CCPA)
This policy explains how we handle your personal data—what we collect, why we collect it, and how we keep it safe.
By using our website or services, you agree to the terms of this Privacy Policy.
2. What Information We May Collect
We only collect what’s needed to deliver and improve our products and services. This may include:
- Name, email, and contact details
- Job title, company, and workplace information
- Account login details and credentials
- Technical information such as IP address, browser type, and device data
- Payment details (for billing and transactions)
- Survey and feedback data you provide
We may also collect limited sensitive information, such as gender identity, but only with explicit consent.
Our services are not directed to children under 16, and we do not knowingly collect their personal information.
3. How We Collect and Store Information
We collect personal information in several ways:
- Directly from you – when you sign up, create an account, contact us, or use our platform.
- Automatically – when you browse our website or use our products, we collect limited technical and usage data (such as IP address, browser type, and device information) through cookies and analytics tools.
- From trusted third parties – where necessary to deliver our services or support business operations.
All personal information is stored securely within trusted systems and cloud environments that comply with our internal Access Control, Data Management, and Third-Party Management policies. These policies ensure that any third-party application or service provider handling Socialsuite data meets our security, privacy, and compliance standards, including encryption, access controls, and regulatory obligations under GDPR, the Australian Privacy Act, and SOC 2.
Data Controller and Data Processor Roles
Socialsuite acts as a data controller for personal information collected through our website, marketing activities, communications, and business operations. For information processed within the Socialsuite platform on behalf of customers, Socialsuite acts as a data processor, handling that data only under customer instruction and in line with our contractual, security, and regulatory obligations.
4. How We Use Your Information
We use your personal information to:
- Provide and support our platform and services
- Improve user experience and functionality
- Communicate updates, support messages, and marketing (if you’ve opted in)
- Monitor security, detect fraud, and maintain compliance
- Meet legal or regulatory obligations
We process your data only where we have a lawful basis, such as consent, legitimate interest, contract performance, or legal obligation.
The lawful basis depends on the specific purpose—for example, billing (contract), marketing (consent/legitimate interest), and support (legitimate interest).
You also have the right to lodge acomplaint with your local data protection authority if you believe your privacy rights have been infringed. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
Individuals in the EU, UK, have the right to access, correct, or delete their personal data transferred to the U.S. under the DPF.
We share personal data with service providers (e.g., hosting, analytics, CRM, marketing) solely to perform services on our behalf and in compliance with the DPF Principles. Socialsuite remains responsible for any processing of personal data it transfers to third parties under the Onward Transfer Principle.
5. Sharing and International Transfers
We may share personal information with trusted service providers who help us operate, secure, and support ourbusiness. These providers may include cloud hosting, analytics, customer support, and marketing services.
All third-party service providers are vetted and managed under Socialsuite’s Third-Party Management Policy and Data Management Policy, which require them to maintain appropriate security, privacy, and compliance controls in line with SOC 2, GDPR, and the Australian Privacy Principles.
Where personal information is transferred or accessed outside of Australia, the United Kingdom, or the European Economic Area, Socialsuite ensures that such transfers comply with applicable data protection laws and that appropriate safeguards are maintainedby approved service providers.
Socialsuite conducts periodic self-assessments of our third-party risk management practices to ensure suppliers continue to meet our security, privacy, and compliance requirements.
Socialsuite only engages third parties that can demonstrate adequate protection of personal information, consistent with our contractual, regulatory, and risk management requirements.
Socialsuite complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Socialsuite has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework Program (DPF Program), and to view our certification, please visit https://www.dataprivacyframework.gov/.
Socialsuite is subject to the investigatory and enforcement powers of the U.S.Federal Trade Commission (FTC).
Pursuant to the DPF Program, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance onthe DPF Program should direct their query to privacy@socialsuitehq.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@socialsuitehq.com.
We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national securityor law enforcement requirements.
We can provide a current list of our subprocessors on request to our customers.
Socialsuite remains liable under the DPF Principles for onward transfers of personal data to third parties unless it proves that it was not responsible for the event giving rise to the damage.
In compliance with the DPF Principles, Socialsuite commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union and United Kingdom individuals with inquiries or complaints regarding our handling of personal data inreliance on the DPF should first contact Socialsuite at privacy@socialsuitehq.com
Socialsuite has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.
6. Data Security
We apply strict technical and organizational controls to protect personal information processed through our core platform (including our Salesforce-hosted application and primary cloud infrastructure). These controls include:
- Encryption of data in transit (HTTPS/TLS) and at rest
- Role-based access controls to limit access to authorized users only
- Support for multi-factor authentication for administrative and customer access
- Security logging and monitoring to detect unusual activity
- Regular security reviews, testing, and improvements to our controls
Our systems and processes are designed to align with recognized security frameworks such as SOC 2 and ISO 27001.
We also use carefully selected third-party service providers (for example, hosting, analytics, and marketing tools). These providers are required to implement appropriate security measures and data protection commitments. However, their specific security certifications and controls may differ from those applied to our core platform and are governed by their own published policies and agreements.
If we learn of a security incident affecting your personal data, we will notify you and regulators as required by law.
7. Data Retention
We retain personal information only for as long as necessary to:
- Provide our services
- Meet legal or contractual obligations
- Resolve disputes and enforce our agreements
For systems we control (such as our Salesforce-hosted application and core cloud services), we apply retention rules and securely delete or anonymize personal information in line with our Data Management Policy.
Where we use third-party service providers (for example, marketing, analytics, or communication tools), we configure available retention and deletion settings and rely on the provider’s own data handling processes and contractual commitments to ensure data is not kept longer than necessary.
8. Your Rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Request correction or deletion
- Object to certain types of processing
- Withdraw consent (where processing is based on consent)
- Request a copy of your data (data portability)
To exercise your rights, contact us at privacy@socialsuitehq.com or via your usual Socialsuite contact.
If you are based in the U.S., you may appeal any denied request by replying to our response or emailing privacy@socialsuitehq.com.
9. Cookies and Analytics
We use cookies to make our website work better and to help us understand how it’s used.
Cookies may be used for analytics, personalization, and advertising.
You can manage or disable cookies in your browser settings, but some features may not work as intended.
For analytics, we use tools like Google Analytics, Amplitude, and LinkedIn Insights.
No personal data is used for automated decision-making or profiling.
We use a regional consent banner. In the EEA/UK, non-essential cookies (analytics/ads) are opt-in. See our Cookie Notice for details.
10. Marketing Preferences
We may contact you about Socialsuiteproducts or updates if you’ve opted in or if we have a legitimate businessreason.
You can unsubscribe at any time byclicking the “unsubscribe” link in our emails or emailing us directly.
Individuals may opt out of having their personal data disclosed to a third party or used for a materially different purpose than originally collected by contacting privacy@socialsuitehq.com. Where sensitive data is involved, we will obtain explicit opt-in consent before sharing.
11. Artificial Intelligence (AI) and Data Privacy
Socialsuite uses AI responsibly and transparently in accordance with our AI Ethics and Governance Policy and AI Use and Governance Statement.
Our AI systems and those of third party providers do not use customer or personal data for training, inference, or automated decision-making. All AI insights are reviewed by humans before use.
12. Updates to this Policy
We may update this Privacy Policy toreflect new features, regulatory changes, or operational updates. The latest version will always be available here. If the changes are significant, we’ll notify you directly.
Socialsuite will annually reaffirm its adherence to the DPF Principles and update its certification with the U.S. Department of Commerce.
13. Contact Us
If you have any questions, concerns, or complaints about this policy or how we handle your data, please contact:
Privacy Officer: Gareth Boothby
Email: privacy@socialsuitehq.com
Address: 601 Congress Avenue, Suite 700, Austin, TX 78701
