Privacy Policy

Effective date: 8/25/2025

This Privacy Policy explains how Caboo Inc. ("Caboo", "we", "us", "our") collects, uses, and shares information when you use our websites, products (including Brand‑OS Core and AI‑Ready), and Studio subscription services (collectively, the "Services").

By using the Services, you consent to this Policy. If you do not agree, please do not use the Services.

Information We Collect

  • Account and Contact Data: name, email, workspace/company, role. Collected when you sign in (via Clerk) or interact with support.
  • Billing Data: payment method, billing address, and transaction details processed by Stripe. We do not store full card numbers.
  • Usage Data: device/browser data, IP address, pages viewed, actions in app, timestamps, error logs.
  • Content You Provide: briefs, design assets, reference links, attachments, and requests submitted in Studio.
  • Authentication Data: provided by Clerk (e.g., user IDs, session events).
  • Cookies and Similar Tech: necessary, functional, and analytics cookies. See "Cookies" below.

How We Use Information

  • Provide, maintain, and improve the Services and deliverables.
  • Process payments, subscriptions, and invoices (Stripe).
  • Authenticate users, secure accounts, and prevent fraud (Clerk).
  • Respond to requests, support tickets, and communications.
  • Analyze usage to improve UX, performance, and reliability.
  • Comply with legal obligations and enforce our Terms.

Legal Bases (EEA/UK only)

  • Contract performance (to provide the Services and deliverables).
  • Legitimate interests (e.g., securing services, improving UX).
  • Consent (e.g., certain cookies/marketing, where required).
  • Legal obligations (e.g., tax, accounting, request handling).

How We Share Information

  • Service Providers/Processors: authentication (Clerk), payments (Stripe), databases (Supabase), storage (Cloudflare R2/AWS S3), email (Resend/SendGrid), analytics/logging, and similar vendors under contracts.
  • Within Caboo: to operate, support, and improve the Services.
  • Legal & Safety: to comply with law, enforce terms, or protect rights.
  • Business Transactions: in mergers, acquisitions, or asset sales.

International Transfers

We may process data outside your country. Where required, we rely on appropriate safeguards (e.g., SCCs) for cross‑border transfers.

Data Retention

We retain data while your account is active and as needed to provide the Services. We may retain certain information to comply with legal obligations, resolve disputes, and enforce agreements. Project files and deliverables may be retained for backup/audit for a limited period after cancellation unless you request deletion (subject to legal limits).

Security

We implement technical and organizational measures appropriate to the risk (e.g., access controls, encryption in transit, least‑privilege, logging). No method is 100% secure; use the Services at your own risk.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your data; object to or restrict processing; and withdraw consent where applicable. To exercise rights, contact privacy@getcaboo.com.

Cookies

We use necessary cookies for core functionality and may use analytics cookies to improve the Services. You can control cookies in your browser settings; some features may not function without necessary cookies.

Children

The Services are not directed to children under 16, and we do not knowingly collect their personal information.

Changes to this Policy

We may update this Policy. Material changes will be posted here with an updated "Effective date."

Contact

Controller: Caboo Inc. • Email: privacy@getcaboo.com • Support: support@getcaboo.com