Privacy Policy

1. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or deletion.
• “Data Controller” means vBridge Technologies Inc., which determines the purposes and means of Processing Personal Data.
• “Data Processor” means any person or entity that Processes Personal Data on behalf of the Data Controller.
• “Services” means the ContentBridge platform, website, mobile applications, and all related services.
• “User,” “you,” or “your” means the individual accessing or using the Services.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Name, email address, organization name, job title, department, password
• Profile Information: Profile picture, bio, user preferences, notification settings, team roles and permissions
• Content Data: Social media posts (text, images, videos, links), drafts, scheduled content, comments, hashtags, mentions
• Approval Workflow Data: Approval requests, approver assignments, approval decisions, feedback comments, revision history
• Communication Data: Support tickets, live chat messages, feedback forms, email correspondence, survey responses
• Billing Information: Payment method details, billing address, tax information (processed through secure third-party payment processors – we do not store complete credit card numbers)
• Organization Data: Company name, industry, organization size, team structure, department hierarchy

2.2 Information We Collect Automatically

• Usage Data: Pages viewed, features accessed, buttons clicked, time spent on platform, search queries, content creation patterns, approval workflow analytics
• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers, screen resolution
• Location Data: General geographic location based on IP address (country, region, city)
• Log Data: Access times, referring URLs, exit pages, error logs, crash reports
• Performance Data: Platform response times, feature usage statistics, error rates
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies, authentication tokens

2.3 Information from Third Parties

• Social Media Platforms: When you connect social media accounts (Facebook, Twitter/X, Instagram, LinkedIn, TikTok), we collect:
  • Account profile information (name, username, profile picture)
  • Publishing permissions and access tokens
  • Social media analytics data (post performance, engagement metrics)
  • Follower/audience demographics (as provided by the platform)
• Single Sign-On (SSO): Basic profile information from Google Workspace, Microsoft 365, or other SSO providers
• Payment Processors: Transaction confirmation, payment status, billing verification
• Analytics Providers: Aggregated usage statistics and trends

2.4 Information You Provide About Others

When you invite team members or assign approval workflows, you may provide:

• Email addresses of team members
• Names and roles of approvers
• Department and organizational hierarchy information

Important: You represent and warrant that you have obtained all necessary consents from individuals whose Personal Data you provide to us.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision and Operation

• Provide, maintain, and improve the ContentBridge platform
• Enable content creation, editing, approval workflows, scheduling, and publishing
• Facilitate team collaboration and communication
• Process social media account connections and manage publishing permissions
• Generate analytics and performance reports
• Provide customer support and respond to inquiries

3.2 Account and Access Management

• Create and manage user accounts
• Authenticate users and maintain account security
• Manage role-based access controls and permissions
• Process team invitations and user onboarding

3.3 Communication

• Send transactional emails (account notifications, password resets, approval notifications)
• Provide technical support and customer service
• Send service updates, security alerts, and system notifications
• With your consent, send marketing communications, newsletters, and product updates
• Conduct surveys and collect feedback

3.4 Analytics and Improvement

• Analyze usage patterns and user behavior
• Improve platform features and user experience
• Develop new features and services
• Conduct research and development
• Monitor platform performance and troubleshoot issues

3.5 Security and Fraud Prevention

• Detect, prevent, and respond to security incidents
• Identify and prevent fraudulent activities
• Protect against unauthorized access or misuse
• Maintain audit logs for security monitoring

3.6 Legal Compliance and Protection

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety
• Respond to legal requests and prevent illegal activities

3.7 Marketing (With Consent)

• Send promotional materials and special offers
• Conduct marketing campaigns and measure effectiveness
• Personalize marketing content based on your interests

You can opt-out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us at contentbridge.canada@gmail.com.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes.

We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so, such as when you:

• Publish content to connected social media platforms
• Share content with team members or external collaborators
• Grant access to third-party integrations

4.2 Service Providers and Business Partners

We share information with carefully selected third-party service providers who perform services on our behalf:

• Cloud Infrastructure: AWS, Google Cloud, or other hosting providers
• Payment Processing: Stripe, PayPal, or other payment gateways
• Analytics Services: Google Analytics, Mixpanel, or similar tools
• Email Delivery: SendGrid, Mailchimp, or other email service providers
• Customer Support: Zendesk, Intercom, or other support platforms
• Authentication: Auth0, Firebase, or other identity providers
• Monitoring and Security: Security and performance monitoring tools

These service providers are contractually obligated to protect your information and may only use it for the purposes we specify.

4.3 Social Media Platforms

When you publish content through ContentBridge, we share that content with the connected social media platforms (Facebook, Twitter/X, Instagram, LinkedIn, TikTok) according to your publishing instructions and the permissions you grant.

4.4 Within Your Organization

Content, approval workflows, and collaboration data are shared with team members within your organization based on role-based access controls and permissions you configure.

4.5 Legal Requirements and Protection

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect and defend our rights, property, or safety
• Protect the safety and security of users or the public
• Detect, prevent, or address fraud, security, or technical issues
• Investigate potential violations of our policies

4.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

4.7 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify you personally for research, marketing, analytics, or other purposes.

5. Social Media Account Integration

5.1 Third-Party Social Media Platforms

ContentBridge integrates with third-party social media platforms including Facebook, Twitter/X, Instagram, LinkedIn, and TikTok. When you connect your social media accounts:

• You authorize us to access and retrieve information from your connected accounts
• We collect authentication tokens and access permissions
• We may access profile information, posting permissions, and analytics data
• We publish content on your behalf according to your instructions

5.2 Social Media Platform Policies

Your use of social media platforms through ContentBridge is subject to each platform’s terms of service and privacy policies. We are not responsible for the privacy practices of these third-party platforms.

5.3 Revoking Access

You can revoke ContentBridge’s access to your social media accounts at any time through your ContentBridge account settings or directly through each social media platform’s app permissions settings.

5.4 Google API Services

If you connect Google-related services (Google My Business, YouTube), ContentBridge’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

• Encryption in Transit: All data transmission is encrypted using TLS 1.2+ protocols
• Encryption at Rest: Sensitive data is encrypted in our databases using AES-256 encryption
• Secure Authentication: Password hashing using industry-standard algorithms (bcrypt)
• Multi-Factor Authentication (MFA): Optional MFA for enhanced account security
• Secure APIs: API authentication using OAuth 2.0 and JWT tokens
• Network Security: Firewalls, intrusion detection systems, and DDoS protection

6.2 Administrative Safeguards

• Access Controls: Role-based access controls (RBAC) limiting employee access to data
• Employee Training: Regular security awareness and privacy training
• Background Checks: Background verification for employees with access to sensitive data
• Confidentiality Agreements: All employees sign confidentiality agreements
• Incident Response: Documented incident response procedures

6.3 Physical Safeguards

• Secure data centers with 24/7 monitoring and access controls
• Redundant systems and regular backups
• Disaster recovery and business continuity plans

6.4 Monitoring and Testing

• Continuous security monitoring and vulnerability scanning
• Regular security audits and penetration testing
• Automated threat detection systems
• Security logging and audit trails

7. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Active Accounts

While your account is active, we retain your information to provide the Services and comply with legal obligations.

7.2 Account Deletion

When you request account deletion:

• We delete or anonymize your Personal Data within 90 days
• Published social media content remains on connected platforms according to their policies
• We may retain certain data for legal compliance, dispute resolution, or enforcement of agreements
• Backup copies may be retained for an additional 90 days before being permanently deleted

7.3 Specific Retention Periods

• Account Information: Duration of account + 90 days
• Content and Drafts: Duration of account + 90 days
• Billing Records: 7 years (for tax and accounting purposes)
• Support Tickets: 3 years
• Usage Logs: 12 months
• Security Logs: 24 months
• Marketing Data: Until you withdraw consent

7.4 Legal Holds

We may retain data beyond standard retention periods when required by law, court order, or ongoing litigation.

8. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your Personal Data:

8.1 Access and Portability

• Right to Access: Request a copy of your Personal Data
• Right to Data Portability: Receive your data in a structured, machine-readable format (CSV, JSON)

8.2 Correction and Update

• Right to Rectification: Update or correct inaccurate or incomplete information
• You can update most information directly in your account settings

8.3 Deletion

• Right to Erasure (“Right to be Forgotten”): Request deletion of your Personal Data
• Note: We may retain certain information for legal compliance or legitimate business purposes

8.4 Restriction and Objection

• Right to Restriction: Request limitation of how we process your data
• Right to Object: Object to processing based on legitimate interests or direct marketing

8.5 Withdrawal of Consent

• Withdraw consent for processing where we rely on consent as the legal basis
• Opt-out of marketing communications at any time

8.6 Automated Decision-Making

• Right not to be subject to automated decision-making, including profiling
• Note: We do not make automated decisions that significantly affect you

8.7 Exercising Your Rights

To exercise any of these rights:

• Email us at: contentbridge.canada@gmail.com
• Include your full name, email address, and specific request
• We will verify your identity before processing your request
• We will respond within 30 days (or as required by applicable law)

8.8 Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device by your web browser. We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content.

9.2 Types of Cookies We Use

9.3 Third-Party Cookies

We use cookies from third-party service providers including:

• Google Analytics – Analytics and reporting
• Facebook Pixel – Marketing and analytics
• LinkedIn Insight Tag – Marketing analytics
• Stripe – Payment processing

Important: This Privacy Policy does not cover third-party cookies. Please review third-party privacy policies for information about their tracking practices.

9.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Cookie Consent Banner: Manage preferences through our cookie consent tool
• Opt-Out Tools: Use industry opt-out tools like NAI Opt-Out or DAA Opt-Out

Note: Disabling essential cookies may affect platform functionality.

9.5 Local Storage and Similar Technologies

We also use HTML5 local storage, session storage, and IndexedDB for storing preferences, cached data, and offline functionality.

10. Do Not Track Signals

Some browsers have “Do Not Track” (DNT) features that signal websites not to track users. Currently, there is no uniform standard for how DNT signals should be interpreted. We do not currently respond to DNT signals, but we honor opt-out preferences expressed through cookie consent tools and browser settings.

11. International Data Transfers

ContentBridge is based in Canada. Your information may be transferred to, stored, and processed in Canada, the United States, or other countries where our service providers operate.

11.1 Adequate Protection

When transferring data internationally, we ensure appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing countries with adequate data protection
• Data Processing Agreements with service providers
• Privacy Shield principles (where applicable)

11.2 Your Rights

By using our Services, you acknowledge and consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules.

12. Children’s Privacy

ContentBridge is not intended for use by individuals under the age of 16 (“Children”). We do not knowingly collect Personal Data from Children.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at contentbridge.canada@gmail.com. We will take steps to delete such information from our systems.

If we become aware that we have collected Personal Data from a child without parental consent, we will take immediate steps to delete that information.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, and services not operated by us. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

Examples of third-party services that may be linked or integrated:

• Social media platforms (Facebook, Twitter/X, Instagram, LinkedIn, TikTok)
• Payment processors (Stripe, PayPal)
• Authentication providers (Google, Microsoft)
• Analytics services (Google Analytics)
• Customer support platforms

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your Personal Information.

14.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of Personal Information:

• Identifiers (name, email, IP address)
• Commercial information (purchase history, billing information)
• Internet/network activity (usage data, browsing history)
• Geolocation data (approximate location based on IP)
• Professional information (job title, organization)
• Inferences (preferences, characteristics, behavior)

14.2 Your California Rights

• Right to Know: Request disclosure of Personal Information collected, used, shared, or sold
• Right to Delete: Request deletion of Personal Information
• Right to Opt-Out: Opt-out of sale/sharing of Personal Information (we do not sell Personal Information)
• Right to Correct: Request correction of inaccurate Personal Information
• Right to Limit: Limit use of sensitive Personal Information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

14.3 Do We Sell Personal Information?

No, we do not sell your Personal Information.

We do not and will not sell your Personal Information to third parties for monetary or other valuable consideration.

14.4 Exercising Your California Rights

To exercise your California privacy rights:

• Email: contentbridge.canada@gmail.com
• We will verify your identity using information you provided during account registration
• We will respond within 45 days (may be extended by 45 days with notice)
• You may designate an authorized agent to make requests on your behalf

14.5 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of Personal Information to third parties for direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with specific rights.

15.1 Legal Basis for Processing

We process your Personal Data under the following legal bases:

• Contractual Necessity: Processing necessary to perform our contract with you (providing Services)
• Legitimate Interests: Processing for our legitimate business interests (improving Services, fraud prevention)
• Consent: Processing based on your explicit consent (marketing communications)
• Legal Obligation: Processing to comply with legal requirements
• Vital Interests: Processing to protect vital interests of you or others

15.2 Your GDPR Rights

• Right of Access: Obtain confirmation of whether we process your Personal Data and access to such data
• Right to Rectification: Correct inaccurate or incomplete Personal Data
• Right to Erasure: Request deletion of your Personal Data (“right to be forgotten”)
• Right to Restriction: Restrict processing of your Personal Data
• Right to Data Portability: Receive your Personal Data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
• Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority

15.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: contentbridge.canada@gmail.com

15.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe our processing of your Personal Data violates GDPR.

15.5 International Data Transfers from EEA

When transferring Personal Data from the EEA to countries outside the EEA, we use:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries deemed to provide adequate protection
• Other legally compliant transfer mechanisms

16. Data Breach Notification

In the event of a data breach that affects your Personal Data, we will:

• Assess the breach and take immediate steps to contain and remediate it
• Notify affected users via email within 72 hours of discovering the breach (or as required by applicable law)
• Provide information about what data was affected and what steps you should take
• Notify relevant data protection authorities as required by law
• Conduct a thorough investigation and implement measures to prevent future breaches

We maintain an incident response plan and conduct regular security assessments to minimize the risk of data breaches.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

17.1 Notification of Changes

When we make material changes to this Privacy Policy:

• We will update the “Last Updated” date at the top of this policy
• We will notify you via email (to the email address associated with your account)
• We may display a prominent notice on our platform
• For significant changes, we may require you to re-accept the updated policy

17.2 Your Continued Use

Your continued use of the Services after we post or notify you of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you must discontinue use of the Services.

17.3 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.