buzz logotype

BUZZ INC. PRIVACY POLICY

Effective Date: February 19, 2026

Last Updated: February 19, 2026

1. INTRODUCTION

Buzz Inc. ("Buzz," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you visit our websites at https://www.buzz.ai and https://dash.buzz.ai (the "Website") and use our social automation platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our practices, please do not use our Services.

This Privacy Policy is incorporated into and forms part of our Terms & Conditions. Capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms & Conditions.

1.1 Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Buzz Inc.

701 Tillery St 12 #2573

Austin, TX 78702

USA

Email: [email protected]

General Inquiries: [email protected]

2. INFORMATION WE COLLECT

We collect several categories of information from and about users of our Services. The categories of personal information we collect depend on how you interact with us and the Services.

2.1 Information You Provide Directly

Account Information:

  • Name, email address, phone number
  • Company name and business information
  • Job title and role
  • Username and password
  • Billing address and payment information

Contact Data You Upload:

  • Contact lists, names, email addresses, phone numbers, and other contact information you upload to use the Services
  • Social media profile information and connections
  • Custom fields and notes associated with your contacts

Communications:

  • Information you provide when contacting customer support
  • Feedback, survey responses, and testimonials
  • Messages sent through the Services
  • Email campaign content, SMS message content, voicemail scripts

User Content:

  • Campaign data, templates, and configurations
  • Analytics and reporting data
  • Custom workflows and automation rules
  • Any other content, files, or information you upload, submit, or transmit through the Services

2.2 Information Collected Automatically

Usage Data:

  • Pages visited, features used, time spent on the Services
  • Campaign performance metrics and analytics
  • Search queries and interactions with the Services
  • Referring and exit pages
  • Date and time stamps of activities

Device and Technical Information:

  • IP address and location data (city, state, country based on IP)
  • Browser type and version
  • Operating system and platform
  • Device identifiers and device type
  • Internet service provider
  • Connection information and network data

Cookies and Similar Technologies:

  • Session cookies to maintain your login state
  • Preference cookies to remember your settings
  • Analytics cookies to understand how you use the Services
  • Advertising and targeting cookies (with your consent where required)

See Section 10 for detailed information about our use of cookies and tracking technologies.

2.3 Information from Third-Party Sources

Third-Party Platform Data: When you connect third-party platforms (LinkedIn, Facebook, X/Twitter, Instagram, etc.) to our Services, we may collect:

  • Profile information (name, photo, connections)
  • Connection lists and network information
  • Messaging and engagement data
  • Analytics and performance metrics

Data Enrichment Services:

  • Contact information enrichment from third-party data providers
  • Firmographic and demographic data
  • Social media profile information
  • Professional information and employment history

Payment Processors:

  • Transaction confirmation and payment status
  • Billing information and payment method details (we do not store full credit card numbers)

Business Partners and Referral Sources:

  • Lead information from marketing partners
  • Referral source information

2.4 Categories of Personal Information (CCPA/CPRA)

For California residents, we collect the following categories of personal information as defined by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Category

Examples

Collected

A. Identifiers

Name, alias, email address, phone number, IP address, online identifier

YES

B. Personal Information Categories (Cal. Civ. Code § 1798.80(e))

Name, address, telephone number, credit card number

YES

C. Protected Classification Characteristics

Age, gender, nationality

NO

D. Commercial Information

Purchase history, purchasing tendencies

YES

E. Biometric Information

Fingerprints, facial recognition

NO

F. Internet or Network Activity

Browsing history, search history, interaction with websites/apps

YES

G. Geolocation Data

Physical location (approximate based on IP)

YES

H. Sensory Data

Audio, electronic, visual information

NO

I. Professional or Employment Information

Job title, employer, work history

YES

J. Non-Public Education Information

Education records

NO

K. Inferences

Profiles reflecting preferences, characteristics, behavior

YES

L. Sensitive Personal Information

Account credentials, precise geolocation

YES (limited)

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Providing and Managing the Services

  • Creating and managing your account
  • Processing payments and billing
  • Delivering the Services you request
  • Providing customer support and responding to inquiries
  • Sending transactional emails and service-related communications
  • Authenticating users and maintaining account security

3.2 Improving and Developing the Services

  • Analyzing usage patterns and trends
  • Conducting research and development
  • Testing new features and functionality
  • Monitoring and improving Service performance
  • Troubleshooting technical issues
  • Developing new products and services

3.3 Marketing and Communications

  • Sending promotional emails and newsletters (with your consent or as permitted by law)
  • Communicating about new features, updates, and offers
  • Conducting marketing research and surveys
  • Displaying personalized advertisements (with your consent where required)
  • Analyzing marketing campaign effectiveness

3.4 Legal Compliance and Protection

  • Complying with legal obligations and regulatory requirements
  • Enforcing our Terms & Conditions and other policies
  • Protecting against fraud, security threats, and illegal activities
  • Investigating and preventing violations of our policies
  • Responding to legal process (subpoenas, court orders)
  • Protecting the rights, property, and safety of Buzz, our users, and others

3.5 Business Operations

  • Managing vendor and partner relationships
  • Conducting corporate transactions (mergers, acquisitions, sales)
  • Maintaining business records and compliance documentation
  • Performing accounting, auditing, and financial reporting

3.6 With Your Consent

We may use your information for other purposes with your explicit consent.

3.7 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, our legal bases for processing personal information include:

  • Contract Performance: Processing necessary to provide the Services you've requested
  • Legitimate Interests: Processing for our business interests, such as improving the Services, fraud prevention, and security
  • Legal Obligation: Processing required to comply with applicable laws
  • Consent: Processing based on your explicit consent (which you may withdraw at any time)

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We share your information only in the limited circumstances described below:

4.1 Service Providers and Subprocessors

We share information with third-party service providers who perform services on our behalf, including:

Infrastructure and Hosting:

  • Cloud hosting providers (AWS, Google Cloud, Microsoft Azure)
  • Content delivery networks (CDNs)
  • Database and storage providers

Communication Services:

  • Email service providers
  • SMS/text messaging providers
  • Voice and telephony service providers
  • Customer support platforms

Analytics and Performance:

  • Analytics providers (Google Analytics, Mixpanel, etc.)
  • Performance monitoring and error tracking services
  • A/B testing and optimization tools

Payment Processing:

  • Payment gateways and processors (Stripe, PayPal, etc.)
  • Fraud detection and prevention services

Marketing and Advertising:

  • Email marketing platforms
  • Advertising networks (with your consent where required)
  • Marketing analytics providers

Security and Compliance:

  • Security monitoring services
  • Compliance and audit services
  • Identity verification providers

All service providers are contractually required to:

  • Use your information only for the purposes we specify
  • Implement appropriate security measures
  • Comply with applicable data protection laws

For a current list of our subprocessors, please contact [email protected].

4.2 Third-Party Platform Integrations

When you connect third-party platforms (LinkedIn, Facebook, X/Twitter, Instagram, etc.) to our Services, we may share information with those platforms in accordance with their terms of service and your authorization. You are responsible for reviewing and complying with third-party platform terms.

4.3 Business Transfers

If Buzz is involved in a merger, acquisition, asset sale, reorganization, bankruptcy, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Website before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements and Protection

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, subpoenas, or government requests
  • Enforce our Terms & Conditions and other agreements
  • Protect against fraud, security threats, and illegal activities
  • Protect the rights, property, and safety of Buzz, our users, and the public
  • Respond to claims that content violates third-party rights

4.5 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include:

  • Usage statistics and trends
  • Industry benchmarks and reports
  • Marketing and research data

4.6 With Your Consent

We may share your information with third parties when you provide explicit consent for specific purposes.

4.7 No Sale of Personal Information

We do not sell your personal information as defined by the CCPA/CPRA or other applicable privacy laws. We have not sold personal information in the preceding 12 months.

5. DATA RETENTION

5.1 Retention Principles

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

5.2 Retention Periods by Category

Account Information:

  • Duration: Retained for the duration of your account plus 90 days after termination
  • Purpose: Service provision, billing, legal compliance
  • Deletion: Deleted 90 days after account termination unless legal obligation requires longer retention

Contact Data and User Content:

  • Duration: Retained while your account is active plus 30 days after termination
  • Purpose: Service provision, campaign execution
  • Deletion: You may export your data within 30 days of termination; data is permanently deleted thereafter

Payment and Billing Records:

  • Duration: Retained for 7 years after last transaction
  • Purpose: Accounting, tax compliance, legal obligations
  • Deletion: Securely deleted after retention period expires

Marketing Communications:

  • Duration: Retained until you opt out or for 3 years of inactivity
  • Purpose: Marketing communications, preferences management
  • Deletion: Removed from marketing lists immediately upon opt-out; data deleted after 3 years of inactivity

Usage Data and Analytics:

  • Duration: Retained in identifiable form for 24 months; aggregated data retained indefinitely
  • Purpose: Service improvement, analytics, research
  • Deletion: Identifying information removed after 24 months; aggregated data retained

Cookies and Device Data:

  • Duration: Varies by cookie type (session cookies to 24 months)
  • Purpose: Authentication, preferences, analytics, advertising
  • Deletion: Automatically deleted when cookies expire or can be deleted via browser settings

Customer Support Records:

  • Duration: Retained for 3 years after last interaction
  • Purpose: Support provision, quality assurance, dispute resolution
  • Deletion: Deleted after 3 years unless needed for ongoing legal matters

Legal and Compliance Records:

  • Duration: Retained as required by law (typically 7+ years)
  • Purpose: Legal compliance, litigation, regulatory requirements
  • Deletion: Securely deleted when legal retention obligations expire

5.3 Exceptions to Deletion

We may retain information beyond the stated periods when:

  • Required by applicable law or regulation
  • Necessary for ongoing legal proceedings or investigations
  • Needed to protect our legal rights or defend against claims
  • Required for legitimate business purposes (e.g., fraud prevention)
  • You request extended retention for your business purposes

5.4 Secure Deletion

When we delete information, we use secure deletion methods to ensure information cannot be reconstructed or recovered, including:

  • Cryptographic erasure of encrypted data
  • Overwriting of storage media
  • Physical destruction when appropriate
  • Permanent deletion from backups within 90 days

6. YOUR PRIVACY RIGHTS

6.1 Rights Under GDPR (EEA, UK, Switzerland Residents)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right to Access: Request a copy of the personal information we hold about you

Right to Rectification: Request correction of inaccurate or incomplete personal information

Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal information in certain circumstances

Right to Restriction of Processing: Request that we limit how we use your personal information

Right to Data Portability: Receive your personal information in a structured, machine-readable format and transmit it to another controller

Right to Object: Object to our processing of your personal information based on legitimate interests or for direct marketing purposes

Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent as the legal basis for processing

Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, email us at [email protected] with your request. We will respond within 30 days.

6.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell (if any)

Right to Delete: Request deletion of your personal information, subject to certain exceptions

Right to Correct: Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of your personal information (Note: We do not sell or share personal information)

Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

Right to Opt-Out of Automated Decision-Making: Opt out of automated profiling that produces legal or similarly significant effects

To exercise these rights:

We will verify your identity before processing requests and respond within 45 days (extendable by 45 days if needed).

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

Appeal Rights: If we deny your request, you have the right to appeal by contacting [email protected].

6.3 Rights Under Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to California residents. To exercise these rights, contact us at [email protected].

6.4 Right to Opt-Out of Marketing

You may opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Emailing [email protected]

Even if you opt out of marketing, we may still send you transactional and service-related communications.

6.5 Cookie Controls

You can control cookies through:

  • Browser settings (block all cookies, third-party cookies, or specific cookies)
  • Our cookie consent manager (available on first visit to the Website)
  • Opt-out tools provided by advertising networks

See Section 10 for detailed cookie information.

7. DATA SECURITY

7.1 Security Measures

We implement commercially reasonable technical, administrative, and physical security measures to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction, including:

Technical Safeguards:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Secure authentication and password requirements
  • Multi-factor authentication options
  • Regular security testing and vulnerability assessments
  • Intrusion detection and prevention systems

Administrative Safeguards:

  • Employee background checks and security training
  • Access controls and least-privilege principles
  • Regular security audits and assessments
  • Incident response and breach notification procedures
  • Vendor security assessments

Physical Safeguards:

  • Secure data centers with physical access controls
  • Environmental controls and disaster recovery
  • Redundant systems and regular backups

7.2 Limitations and Disclaimers

Despite our security measures:

  • No security is perfect: No method of electronic transmission or storage is 100% secure
  • Internet transmission risks: Data transmitted over the Internet is subject to interception and unauthorized access
  • You are responsible: You must maintain the confidentiality of your account credentials and notify us immediately of any unauthorized access

WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. You transmit information to us at your own risk.

7.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you without undue delay as required by applicable law
  • Notify relevant regulatory authorities as required
  • Take appropriate steps to remediate the breach
  • Cooperate with investigations and enforcement actions

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

We are based in the United States and our servers and service providers are located primarily in the United States. If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

8.2 EEA, UK, and Switzerland Transfers

For transfers of personal information from the EEA, UK, or Switzerland to the United States or other countries that do not provide an adequate level of data protection, we rely on the following mechanisms:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions

UK International Data Transfer Agreement (IDTA): For transfers from the UK, we use the UK IDTA or EU SCCs with UK Addendum

Supplementary Measures: We implement additional technical, organizational, and contractual measures to ensure appropriate protection

Your Consent: In some cases, we may rely on your explicit consent for specific transfers

To obtain a copy of the safeguards we use for international transfers, contact [email protected].

8.3 Data Processing Addendum (DPA)

For customers who are data controllers under GDPR, we offer a Data Processing Addendum (DPA) that includes:

  • Description of processing activities
  • Technical and organizational security measures
  • Subprocessor lists and notification procedures
  • Data subject rights assistance
  • Standard Contractual Clauses

To request a DPA, contact [email protected].

9. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. Cookies help websites recognize your device and remember information about your visit.

10.2 Types of Cookies We Use

Strictly Necessary Cookies (Always Active):

  • Purpose: Enable core functionality like authentication, security, and account access
  • Examples: Session cookies, security tokens, load balancing
  • Duration: Session or up to 12 months
  • Legal Basis: Necessary for contract performance

Performance and Analytics Cookies (Requires Consent in some regions):

  • Purpose: Understand how visitors use our Services to improve performance
  • Examples: Google Analytics, Mixpanel, Hotjar
  • Duration: Up to 24 months
  • Legal Basis: Legitimate interest or consent

Functional Cookies (Requires Consent in some regions):

  • Purpose: Remember your preferences and settings
  • Examples: Language preferences, interface customization
  • Duration: Up to 12 months
  • Legal Basis: Legitimate interest or consent

Advertising and Targeting Cookies (Requires Consent):

  • Purpose: Deliver personalized advertisements and measure campaign effectiveness
  • Examples: Google Ads, Facebook Pixel, LinkedIn Insight Tag
  • Duration: Up to 24 months
  • Legal Basis: Consent

10.3 Third-Party Cookies

We use third-party cookies from:

10.4 Managing Cookies

Browser Controls: You can control cookies through your browser settings:

  • Block all cookies
  • Block third-party cookies
  • Delete cookies when you close your browser
  • Alert you when cookies are being sent

Opt-Out Tools:

Note: Blocking or deleting cookies may affect your ability to use certain features of the Services.

10.5 Do Not Track

Our Services do not currently respond to "Do Not Track" (DNT) browser signals. However, we honor Global Privacy Control (GPC) signals for California residents as an opt-out of sale/sharing.

10.6 Other Tracking Technologies

In addition to cookies, we may use:

  • Web beacons (pixels): Small graphics used to track email opens and website visits
  • Local storage: HTML5 local storage for caching and preferences
  • SDKs and APIs: Third-party software development kits in our applications

11. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, services, and platforms (including LinkedIn, Facebook, X/Twitter, Instagram, and others). This Privacy Policy does not apply to third-party sites or services.

We are not responsible for:

  • The privacy practices of third-party websites or platforms
  • Content, products, or services offered by third parties
  • How third parties collect, use, or share your information

You should review the privacy policies and terms of service of any third-party websites or platforms you visit or connect to our Services.

12. GOOGLE API SERVICES

Our Services use Google API Services to provide certain functionality. When you connect Google services (such as Google Drive, Gmail, or Google Contacts) to our Services, we access and use your Google user data solely in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

Specific Google API Use:

 

  • We access only the Google user data necessary to provide the features you request
  • We do not use Google user data for serving advertisements
  • We do not transfer Google user data to third parties except as necessary to provide the Services, comply with law, or with your consent
  • We do not use Google user data for determining creditworthiness or lending purposes

Google OAuth Scopes: When you authorize our access to your Google account, we request only the minimum scopes necessary for functionality, which may include:

 

  • Read access to contacts
  • Send email on your behalf
  • Read and write access to Google Drive files you authorize

You may revoke our access to your Google account at any time by visiting your Google Account permissions: https://myaccount.google.com/permissions

For more information about Google's privacy practices, visit: https://policies.google.com/privacy

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Provide notice through the Services or via email
  • For material changes, provide at least 30 days' advance notice (60 days for changes to payment terms)
  • Obtain your consent where required by law

13.2 Continued Use

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the Services and may terminate your account.

13.3 Previous Versions

We maintain an archive of previous versions of this Privacy Policy. To request a previous version, contact [email protected].

14. CALIFORNIA "SHINE THE LIGHT" LAW

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

15. NEVADA PRIVACY RIGHTS

Nevada residents have the right to opt out of the sale of certain covered information. We do not sell covered information as defined by Nevada law. If you are a Nevada resident and have questions, contact [email protected].

16. ACCESSIBILITY

We are committed to making our Privacy Policy accessible to individuals with disabilities. If you have difficulty accessing this Privacy Policy or need it in an alternative format, please contact [email protected].

17. CONTACT US

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Buzz Inc.

Privacy Team

701 Tillery St 12 #2573

Austin, TX 78702

USA

Email: [email protected]

General Support: [email protected]

Data Protection Officer (for GDPR inquiries): [email protected]

Response Times:

  • GDPR requests: 30 days
  • CCPA/CPRA requests: 45 days
  • General inquiries: 5 business days

18. SUPERVISORY AUTHORITY

If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

APPENDIX A: DATA PROCESSING DETAILS

Purpose of Processing

Purpose

Data Categories

Legal Basis (GDPR)

Retention Period

Account creation and management

Name, email, password, billing info

Contract performance

Account duration + 90 days

Service provision

Contact data, usage data, campaign data

Contract performance

Account duration + 30 days

Payment processing

Billing information, transaction records

Contract performance, legal obligation

7 years

Customer support

Name, email, support tickets

Contract performance, legitimate interest

3 years

Marketing communications

Name, email, preferences

Consent or legitimate interest

Until opt-out + 3 years

Analytics and improvement

Usage data, device data

Legitimate interest

24 months (identifiable)

Legal compliance

All relevant data

Legal obligation

As required by law

Fraud prevention and security

Account data, usage patterns, IP address

Legitimate interest, legal obligation

7 years

Data Categories

Identifiers: Name, alias, email, phone, postal address, IP address, account name, online identifier

Financial Data: Payment method, billing address, transaction history

Commercial Information: Purchase history, service usage

Internet Activity: Browsing history (on our Services), search history, interaction data

Professional Information: Job title, company name, industry

Inferences: Preferences, characteristics, behavior patterns