Privacy Policy

This Privacy Policy describes how Conectamos, Inc. ("Conectamos," "we," "us," or "our") collects, uses, discloses, and protects information about you when you visit our website at conectamos.org (the "Site"), use our operations automation platform and related services (collectively, the "Services"), or otherwise interact with us. Please read this policy carefully. By using the Services, you agree to the practices described in this Privacy Policy.

If you are using our Services on behalf of a company or other legal entity ("Organization"), you represent that you have the authority to bind that Organization to this Privacy Policy. In that case, "you" and "your" refers to both you individually and the Organization.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide to us when you:

• Create an account: Name, work email address, job title, company name, phone number, and password.
• Fill out forms: Contact forms, demo request forms, or any other forms on our Site or within our Services.
• Communicate with us: Information you provide when you contact our support team, sales team, or through any other communication channel.
• Subscribe to marketing: Email address and communication preferences when you subscribe to our newsletter or marketing communications.
• Make purchases: Billing address, payment card information (processed by our payment processor — we do not store full card numbers), and transaction history.
• Integrate your tools: Credentials and configuration data required to connect third-party services (such as WhatsApp Business API credentials, CRM API keys) to the Conectamos platform. These credentials are encrypted at rest and in transit.

1.2 Information We Collect Automatically

When you access our Site or Services, we automatically collect certain technical and usage information:

• Log data: IP address, browser type and version, operating system, referring URLs, pages viewed, time and date of visits, and clickstream data.
• Device information: Device type, screen resolution, hardware model, and unique device identifiers.
• Usage data: Features used, workflows created, messages processed, integration configurations, automation run history, and other interactions with the platform.
• Performance data: Response times, error logs, crash reports, and diagnostic data to help us identify and fix issues.
• Cookies and similar technologies: We use cookies, web beacons, pixel tags, and similar tracking technologies. See Section 5 (Cookies) for details.

1.3 Information From Third Parties

We may receive information about you from third parties, including:

• Integration partners: When you connect third-party services (Salesforce, HubSpot, Shopify, etc.) to Conectamos, we receive data from those platforms as authorized by you and governed by your configurations.
• Business partners: Referral partners or resellers who refer customers to us may share your business contact information.
• Publicly available sources: We may collect professional information about business contacts from public sources such as company websites and professional directories.
• Analytics providers: We receive aggregated and anonymized analytics data from third-party analytics services.

1.4 Customer Data (Data You Process Through the Platform)

When you use Conectamos to automate your operations, you may submit or process data belonging to your own customers, employees, or business contacts ("Customer Data"). Conectamos processes Customer Data on your behalf as a data processor according to your instructions. You remain the data controller for Customer Data and are responsible for ensuring you have the appropriate legal basis to collect and process such data and to share it with Conectamos.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Services

• Creating and maintaining your account
• Processing transactions and billing
• Delivering the features and functionality of the platform
• Executing automation workflows you configure
• Providing customer support and responding to inquiries
• Diagnosing and fixing technical problems
• Improving existing features and developing new ones
• Conducting research and analytics to understand how the Services are used

2.2 Communications

• Sending transactional communications: account confirmations, invoices, security alerts, and service updates
• Responding to your requests, questions, and feedback
• Sending marketing communications about our products, features, and events (you can opt out at any time)
• Sending product tips, tutorials, and best practice guides to help you get more value from the platform

2.3 Security and Fraud Prevention

• Monitoring for suspicious or unauthorized access attempts
• Detecting and preventing fraud, abuse, and violations of our Terms of Service
• Verifying identity when required
• Maintaining audit logs for security and compliance purposes

2.4 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Protecting our rights, privacy, safety, or property
• Responding to legal requests and governmental inquiries

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

We engage trusted third-party vendors to perform functions on our behalf. These service providers have access to personal information only as needed to perform their functions and are contractually prohibited from using it for other purposes. Categories of service providers include:

• Cloud infrastructure: Amazon Web Services (AWS) for hosting, storage, and computing
• Payment processing: Stripe for billing and payment card processing
• Customer support: Help desk software providers
• Email delivery: Transactional email and marketing email providers
• Analytics: Product analytics and website analytics providers
• Security monitoring: Security operations and threat detection services

3.2 Business Transfers

If Conectamos is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Site before your information becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process, including responding to lawful subpoenas, court orders, or governmental requests; (b) protect the rights, property, or safety of Conectamos, our customers, or others; or (c) detect, prevent, or address fraud, security, or technical issues.

3.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

4. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account data: Retained for the duration of your account and for up to 90 days after account closure, then deleted or anonymized.
• Customer Data (processed through workflows): Retained per the data retention settings you configure in your account. You can adjust or delete this data at any time through the platform.
• Usage and log data: Generally retained for 12 months for security, analytics, and compliance purposes.
• Financial records: Retained for 7 years as required by applicable accounting and tax laws.
• Marketing data: Retained until you unsubscribe or request deletion.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Site and Services. Cookies are small data files stored in your browser. We use:

• Strictly necessary cookies: Required for the Site and platform to function. Cannot be disabled without breaking functionality (e.g., session authentication, CSRF protection).
• Analytics cookies: Help us understand how visitors use the Site (pages visited, time spent, navigation paths). Data is aggregated and anonymized.
• Functional cookies: Remember your preferences and settings (language, UI layout, notification preferences).
• Marketing cookies: Used to deliver relevant advertising on third-party platforms and measure campaign performance.

You can manage your cookie preferences through our cookie consent banner or through your browser settings. Note that disabling cookies may affect the functionality of the Site and Services. For more details, see our Cookie Policy.

6. Data Security

We implement industry-standard security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction:

• Encryption in transit: All data transmitted between your browser/application and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Personal data and Customer Data stored in our systems is encrypted using AES-256.
• Access controls: Role-based access controls limit employee access to personal data on a need-to-know basis. All access is logged and audited.
• Security certifications: We maintain SOC 2 Type II certification, which requires annual third-party audits of our security controls.
• Vulnerability management: We conduct regular penetration testing, vulnerability scanning, and security code reviews.
• Incident response: We maintain a documented incident response plan and will notify affected users within 72 hours of discovering a significant data breach, consistent with applicable law.

While we take these precautions, no security system is impenetrable. We cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by breach of our security measures.

7. International Data Transfers

Conectamos is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your home country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission when transferring personal data outside the EEA. You may request a copy of the applicable transfer mechanisms by contacting us at [email protected].

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention obligations.
• Opt-out of marketing: Unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
• Data portability: Request your personal data in a structured, machine-readable format where technically feasible.

8.2 Additional Rights for EEA/UK Users (GDPR)

• Right to object: Object to processing of your personal data based on legitimate interests.
• Right to restrict processing: Request that we limit how we use your personal data in certain circumstances.
• Right to withdraw consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: File a complaint with your local supervisory authority (e.g., the ICO in the UK, or the relevant EU Data Protection Authority).

8.3 Rights for California Residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to opt out of the sale or sharing of personal information (we do not sell personal information); and the right to non-discrimination for exercising these rights.

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] or submit a request through your account settings. We will respond to verified requests within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

9. Children's Privacy

The Services are designed for business use and are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will promptly delete it. If you believe we have inadvertently collected such information, please contact us at [email protected].

10. Third-Party Links and Services

Our Site and Services may contain links to third-party websites, products, or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our platform or website.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to the primary email address associated with your account (for significant changes)
• Displaying a prominent notice on the Site or within the platform

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you should discontinue use of the Services.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

If you are located in the EEA or UK and have concerns about our data processing practices that we have not adequately addressed, you have the right to contact your local supervisory authority.