Privacy Policy for itogai

Effective Date: August 1st, 2025
Last Updated: August 1st, 2025

Itogai LLC (“itogai,” “we,” “our,” or “us”) is committed to protecting your privacy and maintaining the trust of our users. This Privacy Policy explains how we collect, use, share, store, and safeguard your personal data when you interact with our websites, applications, services, products, and related offerings (collectively, the “Services”).
This policy applies to users globally, and we adhere to applicable privacy laws including the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and other relevant data protection frameworks.

1. Scope of This Privacy Policy
This Privacy Policy applies to:

  • The itogai.com website and subdomains
  • All mobile or web-based apps, extensions, tools, and platforms owned or operated by itogai
  • Interactions with our support, marketing, and communication channels
  • All personal data collected through third-party tools, integrations, or services used in delivering itogai

2. Categories of Information We Collect
We only collect the minimum data necessary to operate and improve our Services.
This includes:
a. Information You Provide to Us

  • Account information: Full name, business email address, phone number, job title, company name, password (hashed), region
  • Billing information (if applicable): Payment details via PCI-compliant providers (we do not store card details)
  • Support or survey responses: Messages or input submitted via support, forms, or feedback
  • Partner submissions: Data submitted via forms for warm intro requests, meeting confirmations, or partner enrollments

b. Information Collected Automatically

  • Device and usage information: IP address, browser type/version, OS, time zone, language, device IDs
  • Log data: Date/time of access, referring/exit pages, error logs, system performance metrics
  • Cookies and similar technologies: Authentication tokens, preferences, session data, traffic analytics

c. Information from Third Parties

  • Enrichment partners (e.g., People Data Labs): Business data enrichment for better GTM mapping
  • AI processing tools (e.g., OpenAI): For metadata processing and insight generation (never full personal datasets)
  • Authentication providers (e.g., Auth0): Identity validation
  • Email services (e.g., Brevo): Transactional and product-related communications
  • CRM/ERP integrations (e.g., HubSpot, Konvex): For customer success and usage analysis

We do not collect:

  • Government-issued ID numbers
  • Biometric identifiers
  • Health or genetic data
  • Data on race, religion, sexual orientation, or other sensitive personal characteristics (unless explicitly required by law or user choice)

3. How We Use Your Information
We process your information only for specific, lawful purposes including:

  • Service delivery: Provide core itogai features, including account creation, authentication, dashboard access, and referral flows
  • Product improvement: Enhance functionality, usability, and personalization of the itogai platform
  • Customer support: Respond to inquiries, resolve disputes, and provide helpdesk assistance
  • Security and fraud prevention: Detect suspicious activity, protect our systems and users
  • Marketing and communication: Send product updates, onboarding guidance, and usage-related communications (with opt-out options)
  • Legal compliance: Meet regulatory, contractual, and law enforcement obligations

4. Lawful Basis for Processing (GDPR/UK GDPR)
We rely on the following legal bases to process your data:

  • Contractual necessity: When data is required to fulfill a contract with you
  • Legitimate interest: For fraud prevention, product development, and secure platform operations
  • Consent: For optional communications and non-essential cookies (you may withdraw consent at any time)
  • Legal obligations: When processing is necessary to comply with the law

5. How We Share or Disclose Information
We never sell your personal data. We only share your data with trusted service providers or under legal obligation:
a. With Third-Party Service Providers

  • Hosting & Infrastructure: AWS, Google Cloud Platform
  • Authentication & Identity Management: Auth0
  • AI & Data Enrichment: OpenAI, People Data Labs
  • Email & Communication: Brevo
  • Analytics: Google Analytics, PostHog (pseudonymized data)
  •  All third parties are bound by strict data protection terms.

b. For Legal & Regulatory Compliance
We may disclose information to:

  • Law enforcement, government agencies, or regulators where legally required
  • Legal counsel or auditors under NDAs

c. In Business Transfers
In case of a merger, acquisition, or sale of assets, personal data may be transferred under confidentiality obligations.

6. Cookies, Tracking, and Analytics
We use cookies and similar technologies to:

  • Maintain sessions and authentication
  • Personalize user experience
  • Measure platform performance and behavior

You can control or disable cookies via browser settings. For detailed information, refer to our Cookie Policy (to be linked if applicable).

7. Data Retention
We retain personal data only as long as needed:

  • Account-related data: As long as your account is active and for up to 5 years post-deletion (for audit and fraud detection)
  • Transaction metadata and referral logs: For tax, legal, and performance analytics
  • Support tickets and communications: Retained for quality assurance and compliance

We anonymize or securely delete data when no longer required.

8. International Data Transfers
Your data may be processed outside your country of residence, including in the United States.
Where data is transferred internationally, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (if applicable)
  • Other lawful safeguards under applicable data protection laws

9. Data Security
We implement a comprehensive security program including:

  • Encryption (TLS in transit, AES at rest)
  • Access control with RBAC and MFA for staff and admins
  • Continuous monitoring, vulnerability scanning, and incident response
  • Annual penetration testing and third-party audits

If a breach affecting your personal data occurs, we will notify you and relevant authorities in accordance with applicable laws.

10. Your Privacy Rights
You may have the following rights under local law:

  • Right Description
  • Access Request a copy of the data we hold about you 
  • Rectification Correct inaccurate or incomplete information 
  • Erasure (“Right to be forgotten”) Request deletion of personal data
  • Restriction of processing Ask us to pause certain data uses
  • Portability Receive your data in a machine-readable format
  • Objection Object to data processing based on legitimate interest or direct marketing
  • Withdraw consent Revoke consent for optional processing activities

To exercise these rights, contact us at privacy@itogai.com. We will respond within the legally mandated timeframe.

11. CCPA/CPRA Notice for California Residents
In addition to the above rights, California users have the right to:

  • Know what categories of personal information are collected and disclosed
  • Request deletion or correction of data
  • Opt out of data “sales” (we do not sell personal data)
  • Limit use of sensitive personal data (not applicable as we do not collect such data)

You may submit your request via email: privacy@itogai.com

12. Children’s Privacy (COPPA)
Our Services are not intended for or directed to children under the age of 13 (or 16 in jurisdictions requiring higher thresholds). We do not knowingly collect data from minors. If you believe we’ve collected such data, please contact us and we will promptly delete it.

13. Changes to This Privacy Policy
We may update this policy periodically. Material changes will be communicated via:

  • Updated date at the top of this document
  • Request deletion or correction of data

We recommend reviewing this Policy regularly to stay informed.

14. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy, please contact us at: Itogai LLC

If you are in the EU/UK and have concerns about how we handle your data, you may contact your local Data Protection Authority.