Privacy Policy

Effective Date: February 23, 2026

1. Introduction and Scope

IBOHero ("IBOHero," "we," "us," or "our") operates a web and mobile application platform (the "Service") that enables Independent Business Owners ("IBOs") to create, manage, and share AI-generated blog content, connect with their audiences, and grow their businesses. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use our Service, including our website, mobile applications (iOS and Android), and related services.

This Privacy Policy applies to all users of the Service, including IBOs who create and publish content, visitors who view content, and any other individuals who interact with our platform. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

IBOHero operates as a multi-tenant software-as-a-service (SaaS) platform. In certain circumstances, we process personal data on behalf of our IBO users, who act as data controllers with respect to their own audience data. This Privacy Policy governs our own data practices; IBOs are responsible for maintaining their own privacy practices and compliance when collecting and using data from their audiences.

2. Information We Collect

We collect information in several ways, including directly from you, automatically through your use of the Service, and from third-party sources.

2.1 Information You Provide Directly

When you register for an account, use our Service, or communicate with us, you may provide the following types of information:

  • Name, email address, and contact information
  • Username, password, and account preferences
  • Profile information, including biography and profile pictures
  • Business information related to your IBO activities
  • Content you create, upload, or publish, including blog posts, product descriptions, images, and other media
  • Communications with us, including support requests and feedback
  • Survey responses and participation in promotions

2.2 Account and Authentication Information

When you create an account or authenticate with the Service, we collect information necessary to establish and secure your account:

  • Email address and password (encrypted)
  • Account verification information
  • Multi-factor authentication data, if enabled
  • Session and authentication tokens

2.3 Payment and Billing Information

If you subscribe to paid features or make purchases through the Service, we collect payment information through our third-party payment processors:

  • Billing name and address
  • Payment method details (processed by our payment provider; we do not store full payment card numbers)
  • Transaction history and invoices
  • Subscription and plan information

2.4 Content Created or Uploaded by Users

Our Service enables you to create, upload, and publish various types of content:

  • Blog posts and articles (including AI-generated content)
  • Product descriptions and listings
  • Images, videos, and other media files
  • Comments, replies, and engagement data
  • Memories, notes, and saved preferences used to personalize AI-generated content

2.5 Communications Data

We collect information related to communications sent through or facilitated by the Service:

  • Email content and metadata for transactional and marketing emails
  • Newsletter subscription preferences
  • Inbound email replies and correspondence
  • Push notification preferences and delivery data

2.6 Social Login and OAuth Data

If you choose to register or log in using a third-party social media or authentication provider (such as Facebook, Apple, X/Twitter, Google, or similar services), we may receive information from those providers in accordance with their privacy policies and your privacy settings:

  • Basic profile information (name, email, profile picture)
  • Unique identifier from the authentication provider
  • Access tokens for authorized integrations
  • Any additional permissions you grant when connecting your social accounts

2.7 Device and Usage Information

We automatically collect certain information about your device and how you interact with the Service:

  • Device type, operating system, and browser information
  • IP address and approximate geographic location
  • Unique device identifiers
  • Pages viewed, features used, and actions taken within the Service
  • Referring URLs and search terms
  • Date, time, and duration of visits
  • Error logs and performance data

2.8 Cookies and Tracking Technologies

We use cookies, pixels, local storage, and similar technologies to collect information about your browsing activities and to distinguish you from other users. For more details, see Section 14 (Cookies Policy Overview).

3. How We Use Information

We use the information we collect for the following purposes:

  • Providing and Improving the Service: To operate, maintain, and enhance the Service, including AI-powered content generation features
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support
  • Content Creation and Personalization: To generate personalized AI-assisted content based on your preferences, memories, and business context
  • Communications: To send transactional emails, newsletters, and service-related notifications; to facilitate IBO communications with their audiences
  • Analytics and Research: To analyze usage patterns, measure performance, and conduct research to improve our Service
  • Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, abuse, and violations of our terms
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Marketing: To send promotional communications about our Service, subject to your preferences and applicable law
  • Moderation and Safety: To review content for compliance with our terms of use and community guidelines

5. How We Share Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Cloud Infrastructure: We use Amazon Web Services (AWS) and other cloud providers for hosting, storage (including Amazon S3), computing (including AWS Lambda), and database services (including Amazon DynamoDB)
  • Email Delivery: We use email service providers, including Amazon Simple Email Service (SES), to send transactional and marketing emails
  • AI and Machine Learning Services: We use AI service providers, including large language model providers, to power content generation features
  • Payment Processing: We use payment processors to handle billing and transactions
  • Analytics: We use analytics providers to understand usage patterns and improve the Service
  • Push Notifications: We use notification services to deliver push notifications to mobile devices

Our service providers are contractually obligated to protect your information and may only use it for the purposes specified by us.

5.2 Legal Compliance and Protection

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from public authorities, including law enforcement
  • Protect the rights, property, or safety of IBOHero, our users, or the public
  • Enforce our terms of use and other agreements
  • Detect, prevent, or address fraud, security, or technical issues

5.3 Business Transfers

If IBOHero is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.5 Publicly Published Content

Content you choose to publish through the Service, including blog posts, profile information, and other public-facing content, may be visible to other users and the general public. You are responsible for the information you choose to make public.

6. AI and Automated Processing Disclosure

IBOHero uses artificial intelligence and machine learning technologies to provide certain features of the Service, including:

  • AI-assisted blog post and content generation
  • Content suggestions and optimization recommendations
  • Personalization based on user preferences and stored memories
  • Automated content moderation and safety screening

6.1 How AI Content Generation Works

When you use our AI content generation features, we send relevant context (which may include your preferences, business information, memories, and prompts) to AI service providers to generate suggested content. The AI-generated output is returned to you for review and editing before publication.

6.2 User Responsibility for Published Content

Important: While IBOHero provides AI-assisted content generation tools, you are solely responsible for reviewing, editing, and approving any content before publication. AI-generated content may contain errors, inaccuracies, or require modification. You must ensure that all content you publish complies with applicable laws, regulations, and our terms of use. IBOHero does not guarantee the accuracy, completeness, or appropriateness of AI-generated content.

6.3 AI Service Providers

We use third-party AI service providers to power our content generation features. These providers process data in accordance with their privacy policies and our data processing agreements. We select providers that maintain appropriate security and privacy standards.

7. Email and Communications Policy

IBOHero facilitates various types of email and electronic communications. This section describes our practices and your rights regarding these communications.

7.1 Transactional Emails

We send transactional emails necessary for the operation of your account and the Service, including:

  • Account verification and password reset emails
  • Payment confirmations and billing notifications
  • Service updates and important announcements
  • Security alerts and notifications

These communications are essential to the Service and cannot be opted out of while maintaining an active account.

7.2 Newsletters and Marketing

With your consent, we may send you newsletters and marketing communications about our Service, new features, and relevant content. You may unsubscribe from these communications at any time by clicking the unsubscribe link in any email or by updating your account preferences.

7.3 IBO-Initiated Communications

IBOHero enables IBOs to send email communications to their own audiences, including newsletters, updates, and promotional content. When you receive such communications:

  • The IBO who sends the communication is responsible for obtaining appropriate consent and complying with applicable email marketing laws (including CAN-SPAM, GDPR, and CASL)
  • IBOHero provides the technical infrastructure but does not control the content or recipient lists managed by IBOs
  • Each IBO-sent email includes an unsubscribe mechanism; unsubscribing removes you from that specific IBO's mailing list

7.4 Unsubscribe Rights

You have the right to unsubscribe from marketing communications at any time. To exercise this right:

  • Click the unsubscribe link in any marketing email
  • Update your communication preferences in your account settings
  • Contact us at the address provided in Section 17

Please note that unsubscribing from marketing communications does not affect transactional emails related to your account.

7.5 Inbound Email Handling

The Service may receive and process inbound email replies to facilitate communication between IBOs and their audiences. We process such emails in accordance with this Privacy Policy and our data processing obligations.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of data and the purpose for which it was collected:

  • Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations
  • Content: Published content is retained until you delete it or terminate your account; we may retain backups for a limited period
  • Usage Data: Generally retained in identifiable form for up to 24 months, then aggregated or anonymized
  • Communications: Retained as necessary for customer support and legal compliance
  • Legal and Compliance Records: Retained as required by applicable law

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
  • Encryption at Rest: Sensitive data stored in our databases and storage systems is encrypted at rest
  • Access Controls: We implement role-based access controls and authentication mechanisms to limit access to personal data
  • Infrastructure Security: Our cloud infrastructure includes firewalls, intrusion detection, and regular security assessments
  • Monitoring and Logging: We monitor our systems for security events and maintain logs for incident response
  • Vendor Security: We evaluate the security practices of our service providers and require appropriate contractual protections

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and promptly addressing any security incidents.

10. International Data Transfers

IBOHero is based in the United States, and our Service is hosted on infrastructure located primarily in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with appropriate security commitments
  • Other lawful transfer mechanisms as required by applicable law

By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

11. User Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable data protection laws.

11.1 Rights Under GDPR (EEA and UK Users)

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restriction: Request that we limit processing of your personal data
  • Right to Data Portability: Receive your personal data in a structured, commonly used format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

11.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share information
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information as defined by the CCPA/CPRA
  • Right to Limit Use of Sensitive Personal Information: Request limits on use of sensitive personal information
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

11.3 Exercising Your Rights

To exercise any of your rights, you may:

  • Access your account settings to update or delete your information
  • Contact us using the information provided in Section 17
  • Submit a verifiable consumer request through our designated channels

We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.

12. Children's Privacy

The Service is not intended for use by children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately using the information in Section 17.

If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13 in the United States.

13. Third-Party Links and Integrations

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through links on our Service.

The Service integrates with various third-party platforms and services, including:

  • Social media platforms (Facebook, X/Twitter, Instagram, and others)
  • Authentication providers (social login services)
  • Analytics and advertising platforms
  • Payment processors

When you connect your account with third-party services or share content to external platforms, those services may collect information in accordance with their own privacy policies. We are not responsible for the privacy practices of third parties.

14. Cookies Policy Overview

We use cookies and similar tracking technologies to collect and store information when you use our Service. Cookies are small text files stored on your device that help us provide and improve the Service.

14.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function properly, including authentication, security, and session management
  • Functional Cookies: Remember your preferences and settings to enhance your experience
  • Analytics Cookies: Help us understand how visitors interact with the Service, which pages are most popular, and how to improve performance
  • Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns

14.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of the Service.

For more detailed information about the cookies we use and how to manage your preferences, please refer to our separate Cookie Policy (if available) or contact us.

15. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no common understanding of how to interpret DNT signals, our Service does not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including cookie settings and account preferences.

We will continue to monitor developments related to DNT browser technology and update our practices as appropriate.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this Privacy Policy
  • Provide notice through the Service, by email, or through other appropriate channels
  • Where required by law, obtain your consent before implementing material changes

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

IBOHero

Email: info@ibohero.ai

Website: https://ibohero.ai

For data protection inquiries from users in the European Economic Area, you may also contact our designated representative or your local data protection authority.

We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and in accordance with applicable law.