SOCIALSUITE PRIVACY POLICY
Updated: November 2025
1. About this Policy
At Socialsuite Holdings Inc (Coral Harbour Pty Ltd t/as Socialsuite), we care deeply about your privacy.
We collect and use personal information responsibly and in line with:
- The Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
- The EU General Data Protection Regulation (GDPR)
- The UK Data Protection Act 2018
- The California Consumer Privacy Act (CCPA)
This policy explains how we handle your personal data—what we collect, why we collect it, and how we keep it safe.
By using our website or services, you agree to the terms of this Privacy Policy.
2. What Information We May Collect
We only collect what’s needed to deliver and improve our products and services. This may include:
- Name, email, and contact details
- Job title, company, and workplace information
- Account login details and credentials
- Technical information such as IP address, browser type, and device data
- Payment details (for billing and transactions)
- Survey and feedback data you provide
We may also collect limited sensitive information, such as gender identity, but only with explicit consent.
Our services are not directed to children under 16, and we do not knowingly collect their personal information.
3. How We Collect and Store Information
We collect personal information in several ways:
- Directly from you – when you sign up, create an account, contact us, or use our platform.
- Automatically – when you browse our website or use our products, we collect limited technical and usage data (such as IP address, browser type, and device information) through cookies and analytics tools.
- From trusted third parties – where necessary to deliver our services or support business operations.
All personal information is stored securely within trusted systems and cloud environments that comply with our internal Access Control, Data Management, and Third-Party Management policies. These policies ensure that any third-party application or service provider handling Socialsuite data meets our security, privacy, and compliance standards, including encryption, access controls, and regulatory obligations under GDPR, the Australian Privacy Act, and SOC 2.
Data Controller and Data Processor Roles
Socialsuite acts as a data controller for personal information collected through our website, marketing activities, communications, and business operations. For information processed within the Socialsuite platform on behalf of customers, Socialsuite acts as a data processor, handling that data only under customer instruction and in line with our contractual, security, and regulatory obligations.
4. How We Use Your Information
We use your personal information to:
- Provide and support our platform and services
- Improve user experience and functionality
- Communicate updates, support messages, and marketing (if you’ve opted in)
- Monitor security, detect fraud, and maintain compliance
- Meet legal or regulatory obligations
We process your data only where we have a lawful basis, such as consent, legitimate interest, contract performance, or legal obligation.
The lawful basis depends on the specific purpose—for example, billing (contract), marketing (consent/legitimate interest), and support (legitimate interest).
You also have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been infringed.
5. Sharing and International Transfers
We may share personal information with trusted service providers who help us operate, secure, and support our business. These providers may include cloud hosting, analytics, customer support, and marketing services.
All third-party service providers are vetted and managed under Socialsuite’s Third-Party Management Policy and Data Management Policy, which require them to maintain appropriate security, privacy, and compliance controls in line with SOC 2, GDPR, and the Australian Privacy Principles.
Where personal information is transferred or accessed outside of Australia, the United Kingdom, or the European Economic Area, Socialsuite ensures that such transfers comply with applicable data protection laws and that appropriate safeguards are maintained by approved service providers.
Socialsuite conducts periodic self-assessments of our third-party risk management practices to ensure suppliers continue to meet our security, privacy, and compliance requirements.
Socialsuite only engages third parties that can demonstrate adequate protection of personal information, consistent with our contractual, regulatory, and risk management requirements.
Socialsuite relies on the EU–U.S. Data Privacy Framework (DPF) (and the UK Extension DPF) for data transfers to the U.S. Once our certification is approved, our listing will appear on the DPF List.
Socialsuite is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and designates BBB National Programs as its independent recourse mechanism (free to individuals) via https://bbbprograms.org/complaints Individuals may, in some cases, invoke binding arbitration before the DPF Panel.
We can provide a current list of our subprocessors on request to our customers.
6. Data Security
We apply strict technical and organizational controls to protect personal information processed through our core platform (including our Salesforce-hosted application and primary cloud infrastructure). These controls include:
- Encryption of data in transit (HTTPS/TLS) and at rest
- Role-based access controls to limit access to authorized users only
- Support for multi-factor authentication for administrative and customer access
- Security logging and monitoring to detect unusual activity
- Regular security reviews, testing, and improvements to our controls
Our systems and processes are designed to align with recognized security frameworks such as SOC 2 and ISO 27001.
We also use carefully selected third-party service providers (for example, hosting, analytics, and marketing tools). These providers are required to implement appropriate security measures and data protection commitments. However, their specific security certifications and controls may differ from those applied to our core platform and are governed by their own published policies and agreements.
If we learn of a security incident affecting your personal data, we will notify you and regulators as required by law.
7. Data Retention
We retain personal information only for as long as necessary to:
- Provide our services
- Meet legal or contractual obligations
- Resolve disputes and enforce our agreements
For systems we control (such as our Salesforce-hosted application and core cloud services), we apply retention rules and securely delete or anonymize personal information in line with our Data Management Policy.
Where we use third-party service providers (for example, marketing, analytics, or communication tools), we configure available retention and deletion settings and rely on the provider’s own data handling processes and contractual commitments to ensure data is not kept longer than necessary.
8. Your Rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Request correction or deletion
- Object to certain types of processing
- Withdraw consent (where processing is based on consent)
- Request a copy of your data (data portability)
To exercise your rights, contact us at privacy@socialsuitehq.com or via your usual Socialsuite contact.
If you are based in the U.S., you may appeal any denied request by replying to our response or emailing privacy@socialsuitehq.com.
9. Cookies and Analytics
We use cookies to make our website work better and to help us understand how it’s used.
Cookies may be used for analytics, personalization, and advertising.
You can manage or disable cookies in your browser settings, but some features may not work as intended.
For analytics, we use tools like Google Analytics, Amplitude, and LinkedIn Insights.
No personal data is used for automated decision-making or profiling.
We use a regional consent banner. In the EEA/UK, non-essential cookies (analytics/ads) are opt-in. See our Cookie Notice for details.
10. Marketing Preferences
We may contact you about Socialsuite products or updates if you’ve opted in or if we have a legitimate business reason.
You can unsubscribe at any time by clicking the “unsubscribe” link in our emails or emailing us directly.
11. Artificial Intelligence (AI) and Data Privacy
Socialsuite uses AI responsibly and transparently in accordance with our AI Ethics and Governance Policy and AI Use and Governance Statement.
Our AI systems and those of third party providers do not use customer or personal data for training, inference, or automated decision-making. All AI insights are reviewed by humans before use.
12. Updates to this Policy
We may update this Privacy Policy to reflect new features, regulatory changes, or operational updates. The latest version will always be available here. If the changes are significant, we’ll notify you directly.
13. Contact Us
If you have any questions, concerns, or complaints about this policy or how we handle your data, please contact:
Privacy Officer: Gareth Boothby
Email: privacy@socialsuitehq.com
Address: 601 Congress Avenue, Suite 700, Austin, TX 78701
