IBOHero ("IBOHero," "we," "us," or "our") operates a web and mobile application platform (the "Service") that enables Independent Business Owners ("IBOs") to create, manage, and share AI-generated blog content, connect with their audiences, and grow their businesses. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use our Service, including our website, mobile applications (iOS and Android), and related services.
This Privacy Policy applies to all users of the Service, including IBOs who create and publish content, visitors who view content, and any other individuals who interact with our platform. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
IBOHero operates as a multi-tenant software-as-a-service (SaaS) platform. In certain circumstances, we process personal data on behalf of our IBO users, who act as data controllers with respect to their own audience data. This Privacy Policy governs our own data practices; IBOs are responsible for maintaining their own privacy practices and compliance when collecting and using data from their audiences.
2. Information We Collect
We collect information in several ways, including directly from you, automatically through your use of the Service, and from third-party sources.
2.1 Information You Provide Directly
When you register for an account, use our Service, or communicate with us, you may provide the following types of information:
Name, email address, and contact information
Username, password, and account preferences
Profile information, including biography and profile pictures
Business information related to your IBO activities
Content you create, upload, or publish, including blog posts, product descriptions, images, and other media
Communications with us, including support requests and feedback
Survey responses and participation in promotions
2.2 Account and Authentication Information
When you create an account or authenticate with the Service, we collect information necessary to establish and secure your account:
Email address and password (encrypted)
Account verification information
Multi-factor authentication data, if enabled
Session and authentication tokens
2.3 Payment and Billing Information
If you subscribe to paid features or make purchases through the Service, we collect payment information through our third-party payment processors:
Billing name and address
Payment method details (processed by our payment provider; we do not store full payment card numbers)
Transaction history and invoices
Subscription and plan information
2.4 Content Created or Uploaded by Users
Our Service enables you to create, upload, and publish various types of content:
Blog posts and articles (including AI-generated content)
Product descriptions and listings
Images, videos, and other media files
Comments, replies, and engagement data
Memories, notes, and saved preferences used to personalize AI-generated content
2.5 Communications Data
We collect information related to communications sent through or facilitated by the Service:
Email content and metadata for transactional and marketing emails
Newsletter subscription preferences
Inbound email replies and correspondence
Push notification preferences and delivery data
2.6 Social Login and OAuth Data
If you choose to register or log in using a third-party social media or authentication provider (such as Facebook, Apple, X/Twitter, Google, or similar services), we may receive information from those providers in accordance with their privacy policies and your privacy settings:
Basic profile information (name, email, profile picture)
Unique identifier from the authentication provider
Access tokens for authorized integrations
Any additional permissions you grant when connecting your social accounts
2.7 Device and Usage Information
We automatically collect certain information about your device and how you interact with the Service:
Device type, operating system, and browser information
IP address and approximate geographic location
Unique device identifiers
Pages viewed, features used, and actions taken within the Service
Referring URLs and search terms
Date, time, and duration of visits
Error logs and performance data
2.8 Cookies and Tracking Technologies
We use cookies, pixels, local storage, and similar technologies to collect information about your browsing activities and to distinguish you from other users. For more details, see Section 14 (Cookies Policy Overview).
3. How We Use Information
We use the information we collect for the following purposes:
Providing and Improving the Service: To operate, maintain, and enhance the Service, including AI-powered content generation features
Account Management: To create and manage your account, authenticate your identity, and provide customer support
Content Creation and Personalization: To generate personalized AI-assisted content based on your preferences, memories, and business context
Communications: To send transactional emails, newsletters, and service-related notifications; to facilitate IBO communications with their audiences
Analytics and Research: To analyze usage patterns, measure performance, and conduct research to improve our Service
Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, abuse, and violations of our terms
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Marketing: To send promotional communications about our Service, subject to your preferences and applicable law
Moderation and Safety: To review content for compliance with our terms of use and community guidelines
4. Legal Bases for Processing
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following legal bases:
Performance of Contract: Processing necessary to provide the Service and fulfill our contractual obligations to you
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and marketing, provided these interests are not overridden by your rights
Consent: Processing based on your explicit consent, which you may withdraw at any time
Legal Obligation: Processing necessary to comply with applicable laws and regulations
5. How We Share Information
We do not sell your personal information. We may share your information in the following circumstances:
5.1 Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
Cloud Infrastructure: We use Amazon Web Services (AWS) and other cloud providers for hosting, storage (including Amazon S3), computing (including AWS Lambda), and database services (including Amazon DynamoDB)
Email Delivery: We use email service providers, including Amazon Simple Email Service (SES), to send transactional and marketing emails
AI and Machine Learning Services: We use AI service providers, including large language model providers, to power content generation features
Payment Processing: We use payment processors to handle billing and transactions
Analytics: We use analytics providers to understand usage patterns and improve the Service
Push Notifications: We use notification services to deliver push notifications to mobile devices
Our service providers are contractually obligated to protect your information and may only use it for the purposes specified by us.
5.2 Legal Compliance and Protection
We may disclose information when we believe in good faith that disclosure is necessary to:
Comply with applicable laws, regulations, or legal processes
Respond to lawful requests from public authorities, including law enforcement
Protect the rights, property, or safety of IBOHero, our users, or the public
Enforce our terms of use and other agreements
Detect, prevent, or address fraud, security, or technical issues
5.3 Business Transfers
If IBOHero is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
5.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5.5 Publicly Published Content
Content you choose to publish through the Service, including blog posts, profile information, and other public-facing content, may be visible to other users and the general public. You are responsible for the information you choose to make public.
6. AI and Automated Processing Disclosure
IBOHero uses artificial intelligence and machine learning technologies to provide certain features of the Service, including:
AI-assisted blog post and content generation
Content suggestions and optimization recommendations
Personalization based on user preferences and stored memories
Automated content moderation and safety screening
6.1 How AI Content Generation Works
When you use our AI content generation features, we send relevant context (which may include your preferences, business information, memories, and prompts) to AI service providers to generate suggested content. The AI-generated output is returned to you for review and editing before publication.
6.2 User Responsibility for Published Content
Important: While IBOHero provides AI-assisted content generation tools, you are solely responsible for reviewing, editing, and approving any content before publication. AI-generated content may contain errors, inaccuracies, or require modification. You must ensure that all content you publish complies with applicable laws, regulations, and our terms of use. IBOHero does not guarantee the accuracy, completeness, or appropriateness of AI-generated content.
6.3 AI Service Providers
We use third-party AI service providers to power our content generation features. These providers process data in accordance with their privacy policies and our data processing agreements. We select providers that maintain appropriate security and privacy standards.
7. Email and Communications Policy
IBOHero facilitates various types of email and electronic communications. This section describes our practices and your rights regarding these communications.
7.1 Transactional Emails
We send transactional emails necessary for the operation of your account and the Service, including:
Account verification and password reset emails
Payment confirmations and billing notifications
Service updates and important announcements
Security alerts and notifications
These communications are essential to the Service and cannot be opted out of while maintaining an active account.
7.2 Newsletters and Marketing
With your consent, we may send you newsletters and marketing communications about our Service, new features, and relevant content. You may unsubscribe from these communications at any time by clicking the unsubscribe link in any email or by updating your account preferences.
7.3 IBO-Initiated Communications
IBOHero enables IBOs to send email communications to their own audiences, including newsletters, updates, and promotional content. When you receive such communications:
The IBO who sends the communication is responsible for obtaining appropriate consent and complying with applicable email marketing laws (including CAN-SPAM, GDPR, and CASL)
IBOHero provides the technical infrastructure but does not control the content or recipient lists managed by IBOs
Each IBO-sent email includes an unsubscribe mechanism; unsubscribing removes you from that specific IBO's mailing list
7.4 Unsubscribe Rights
You have the right to unsubscribe from marketing communications at any time. To exercise this right:
Click the unsubscribe link in any marketing email
Update your communication preferences in your account settings
Contact us at the address provided in Section 17
Please note that unsubscribing from marketing communications does not affect transactional emails related to your account.
7.5 Inbound Email Handling
The Service may receive and process inbound email replies to facilitate communication between IBOs and their audiences. We process such emails in accordance with this Privacy Policy and our data processing obligations.
8. Data Retention
We retain your personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of data and the purpose for which it was collected:
Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations
Content: Published content is retained until you delete it or terminate your account; we may retain backups for a limited period
Usage Data: Generally retained in identifiable form for up to 24 months, then aggregated or anonymized
Communications: Retained as necessary for customer support and legal compliance
Legal and Compliance Records: Retained as required by applicable law
When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
Encryption at Rest: Sensitive data stored in our databases and storage systems is encrypted at rest
Access Controls: We implement role-based access controls and authentication mechanisms to limit access to personal data
Infrastructure Security: Our cloud infrastructure includes firewalls, intrusion detection, and regular security assessments
Monitoring and Logging: We monitor our systems for security events and maintain logs for incident response
Vendor Security: We evaluate the security practices of our service providers and require appropriate contractual protections
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and promptly addressing any security incidents.
10. International Data Transfers
IBOHero is based in the United States, and our Service is hosted on infrastructure located primarily in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, which may include:
Standard Contractual Clauses approved by the European Commission
Data Processing Agreements with appropriate security commitments
Other lawful transfer mechanisms as required by applicable law
By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.
11. User Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable data protection laws.
11.1 Rights Under GDPR (EEA and UK Users)
If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):
Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data in certain circumstances
Right to Restriction: Request that we limit processing of your personal data
Right to Data Portability: Receive your personal data in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority
11.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share information
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do not sell personal information as defined by the CCPA/CPRA
Right to Limit Use of Sensitive Personal Information: Request limits on use of sensitive personal information
Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights
11.3 Exercising Your Rights
To exercise any of your rights, you may:
Access your account settings to update or delete your information
Contact us using the information provided in Section 17
Submit a verifiable consumer request through our designated channels
We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.
12. Children's Privacy
The Service is not intended for use by children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately using the information in Section 17.
If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly.
In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13 in the United States.
13. Third-Party Links and Integrations
The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through links on our Service.
The Service integrates with various third-party platforms and services, including:
Social media platforms (Facebook, X/Twitter, Instagram, and others)
Authentication providers (social login services)
Analytics and advertising platforms
Payment processors
When you connect your account with third-party services or share content to external platforms, those services may collect information in accordance with their own privacy policies. We are not responsible for the privacy practices of third parties.
14. Cookies Policy Overview
We use cookies and similar tracking technologies to collect and store information when you use our Service. Cookies are small text files stored on your device that help us provide and improve the Service.
14.1 Types of Cookies We Use
Essential Cookies: Required for the Service to function properly, including authentication, security, and session management
Functional Cookies: Remember your preferences and settings to enhance your experience
Analytics Cookies: Help us understand how visitors interact with the Service, which pages are most popular, and how to improve performance
Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns
14.2 Managing Cookies
Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of the Service.
For more detailed information about the cookies we use and how to manage your preferences, please refer to our separate Cookie Policy (if available) or contact us.
15. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no common understanding of how to interpret DNT signals, our Service does not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including cookie settings and account preferences.
We will continue to monitor developments related to DNT browser technology and update our practices as appropriate.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the "Effective Date" at the top of this Privacy Policy
Provide notice through the Service, by email, or through other appropriate channels
Where required by law, obtain your consent before implementing material changes
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
17. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For data protection inquiries from users in the European Economic Area, you may also contact our designated representative or your local data protection authority.
We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and in accordance with applicable law.