Privacy Policy
Effective Date: January 25, 2026
Last Updated: January 25, 2026
PurpleOwl LLC ("PurpleOwl," "we," "us," or "our") operates purpleowl.io and provides software products, web applications, development tools, and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Services.
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
We collect information you voluntarily provide, including:
- Account Information: Name, email address, company name, job title, profile photo, phone number, and professional biography
- Payment Information: Billing address and payment details (processed by Stripe; we do not store complete card numbers)
- Content: Posts, messages, notes, files, documents, and other materials you submit through our Services
- Communications: Correspondence when you contact us for support or feedback
1.2 Information from Authentication Providers
Our Services may offer authentication through third-party providers. Depending on your chosen method, we may receive:
- Email (Magic Link): Your email address
- Google Sign-In: Name, email, and profile photo from your Google account
- Microsoft Sign-In: Name, email, and profile photo from your Microsoft account
- Other OAuth Providers: Basic profile information as authorized
We do not receive or store your passwords from these providers.
1.3 Information from Connected Services
When you connect third-party accounts to enable features, we may access:
- Email Providers (Google/Microsoft): Permission to send emails on your behalf using OAuth-authorized access
- Video Conferencing (Zoom, GoToMeeting): Permission to create meeting links
- Cloud Platforms (Google Cloud, Firebase): Temporary access to provision resources on your behalf
OAuth tokens are stored securely and used only for their stated purpose. You may revoke access at any time.
1.4 Automatically Collected Information
When you access our Services, we automatically collect:
- IP address, browser type, device type, and operating system
- Pages viewed, features used, and interactions
- Date, time, and duration of visits
- Referring URLs and search terms
- Performance metrics and error logs
1.5 Cookies and Similar Technologies
We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage. You can control cookies through your browser settings, though disabling them may limit functionality.
2. How We Use Your Information
We use collected information to:
- Provide Services: Create accounts, authenticate users, deliver features, and process transactions
- Process Payments: Manage subscriptions, process payments via Stripe, and send receipts
- Communicate: Send transactional notifications, support responses, and service updates
- Improve: Analyze usage patterns, fix issues, and develop new features
- Secure: Detect fraud, prevent abuse, and protect users and systems
- Comply: Meet legal obligations and respond to lawful requests
We do not sell your personal information to third parties.
3. How We Share Your Information
3.1 Within Your Organization or Group
If you use a collaborative Service, information you provide may be visible to other authorized users (e.g., group members, administrators) according to the Service's design and your role.
3.2 With Service Providers
We share information with third-party providers who help operate our Services:
| Provider | Purpose |
|---|---|
| Google Cloud / Firebase | Infrastructure, authentication, database, storage |
| Stripe | Payment processing |
| Google / Microsoft APIs | Email delivery (when connected) |
| Zoom / GoToMeeting | Video conferencing links (when connected) |
| Analytics providers | Usage analysis |
These providers are contractually required to protect your information.
3.3 For Legal Reasons
We may disclose information if required by law or to:
- Comply with legal process or government requests
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our terms and policies
3.4 Business Transfers
In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
3.5 With Your Consent
We may share information for other purposes with your explicit consent.
4. OAuth and Temporary Access
Some Services use OAuth to perform actions in your accounts (e.g., provisioning Firebase projects, sending emails). This access is:
- Temporary: Tokens are used only for the authorized purpose
- Limited: We request only necessary permissions
- Revocable: You can revoke access anytime via your account settings or the provider's permissions page
For setup wizards and similar tools, we programmatically revoke access tokens immediately upon completion.
5. Data Retention
- Active Accounts: Information retained while your account is active
- Application Data: Retained according to each Service's design (some Services retain historical data indefinitely for continuity)
- Cancelled Accounts: Data preserved in read-only form; deletion available upon request
- Payment Records: Retained as required by tax and accounting regulations
- Logs: Retained for security and debugging purposes, typically 90 days
Upon deletion request, we remove or anonymize personal information within 30 days, except where retention is legally required.
6. Data Security
We implement reasonable security measures including:
- Encryption in transit (TLS/SSL) and at rest
- Access controls and authentication
- Secure credential storage for OAuth tokens
- Infrastructure security via Google Cloud Platform
- Regular security reviews
No system is completely secure. We cannot guarantee absolute security of your information.
7. Your Rights and Choices
7.1 Access and Portability
Access your information through account settings. Export features are available where applicable.
7.2 Correction
Update your profile and account information at any time.
7.3 Deletion
Request account deletion by contacting us. Some information may be retained for legal or legitimate business purposes.
7.4 Communication Preferences
Manage notification preferences in account settings. Transactional communications cannot be disabled while your account is active.
7.5 Connected Accounts
Disconnect third-party integrations through account settings or the provider's permissions page.
8. Regional Privacy Rights
8.1 California Residents (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect and how it's used
- Request deletion of personal information
- Opt out of sale of personal information (we do not sell personal information)
- Non-discrimination for exercising privacy rights
Contact privacy@purpleowl.com to exercise these rights.
8.2 European Economic Area and UK (GDPR)
EEA and UK residents have the right to:
- Access, rectify, or erase personal data
- Restrict or object to processing
- Data portability
- Withdraw consent
Legal Bases: We process data based on contract performance, legitimate interests, consent, or legal obligation.
International Transfers: Data may be transferred to the United States. We use Standard Contractual Clauses and other safeguards.
Contact privacy@purpleowl.com for privacy inquiries. You may lodge complaints with your local data protection authority.
9. Children's Privacy
Our Services are intended for business professionals and are not directed at individuals under 18. We do not knowingly collect information from children.
10. Third-Party Links
Our Services may link to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by posting the updated policy and updating the effective date. Continued use after changes constitutes acceptance.
12. Contact Us
PurpleOwl LLC
Email: privacy@purpleowl.com
Location: Scottsdale, Arizona, United States