Privacy Policy

1. Scope

This Privacy Policy applies to information we process when you:

• visit our website;
• sign up for, purchase, or use the Services; or
• receive analytics reports, dashboards, or recommendations from us.

This Policy does not apply to third-party websites, platforms, or services (including social platforms, streaming platforms, ad platforms, and data vendors). Those third parties have their own privacy policies and terms.

2. Definitions

• Client: the business entity purchasing the Services.
• Authorized Users: Client personnel/contractors authorized to access reports or our portal.
• Client Data: information Client provides to us or authorizes us to access (including connected channel identifiers and imported datasets).
• Third-Party Data: performance metrics and related data obtained from third-party platforms and vendors that we access via subscriptions, APIs, or client authorization.
• Personal Information: information that identifies, relates to, describes, or could reasonably be linked with an individual.

3. Information We Collect

A. Information you provide

• Business contact information (name, email, phone, title, company, mailing address).
• Account information for our portal (username, authentication logs).
• Payment and billing details (invoices, payment status; payment card data is typically processed by a payment processor).
• Support communications (emails, call notes, tickets).

B. Information collected automatically

• Device and usage data (IP address, browser/device type, pages visited, timestamps, referring URLs).
• Cookies and similar technologies (see Section 10).

C. Information obtained from third parties and client-authorized sources

Depending on the engagement, we may process:

• Social media metrics (followers, reach, impressions, views, engagement, content performance).
• Streaming metrics (e.g., Spotify: streams, listeners, saves, playlist adds, territory splits).
• Advertising data (spend, impressions, clicks, conversions, audiences, creative performance).
• Audience demographics (age ranges, regions, gender, interest categories).
• Sentiment and public web insights (reviews, articles, public posts, mentions, trend signals).
• Other datasets the Client requests we analyze, if provided or authorized.

Credential handling note: Clients authenticate directly with third-party systems; we do not use client passwords to log in as them.

4. How We Use Information

• Provide the Services (retrieve/receive metrics, analyze performance, generate reports and recommendations).
• Operate and support the Services (account management, support, communications).
• Billing and administration (invoicing, collections, fraud prevention).
• Improve and secure the Services (debugging, quality assurance, analytics, security monitoring).
• Compliance and enforcement (legal obligations, dispute resolution, enforce agreements).

5. How We Share Information

We do not sell Personal Information.

We may disclose information to:

• Service Providers / Processors under contractual confidentiality and security obligations.
• Third-Party Data Sources to retrieve or receive metrics at the Client’s direction.
• Professional advisors (lawyers, accountants) as necessary.
• Legal and safety recipients when required by law or to protect rights/safety.
• Corporate transactions (merger, acquisition, financing, asset sale) subject to standard protections.

6. Data Ownership and Use Limitations

6a.

• Client retains rights to Client Data and their content.
• Third parties retain rights to Third-Party Data subject to their terms.
• We do not claim ownership of Client Data or Third-Party Data.
• We use such data only to provide the Services, improve the Services, and meet legal/security obligations.

6b. Acceptable Use. Client and its Authorized Users will not:

1. use the Services in violation of any applicable law;
2. violate or circumvent third-party platform terms;
3. interfere with or gain unauthorized access to the Services;
4. introduce malware or harmful code;
5. reverse engineer any portion of the Services;
6. use the Services to develop a competing product;
7. misrepresent the Reports or remove proprietary notices; or
8. process Sensitive Personal Information unless expressly agreed in writing.

Sensitive Personal Information. Unless expressly agreed in writing, Client will not provide government identifiers, precise geolocation, biometric identifiers, health/medical information, or other “sensitive” data as defined by applicable law.

Enforcement. Company may suspend or terminate Services for violations.

7. Data Retention

We retain information as needed to:

• provide the Services and maintain records,
• comply with legal/tax obligations,
• resolve disputes and enforce agreements.

Unless otherwise stated, upon termination we will delete or de-identify Client Data within a commercially reasonable period, except where retention is required or permitted by law.

8. Data Processing

To the extent Company processes Personal Information on behalf of Client, the parties agree that Client is the “business” or “controller” and Company is a “service provider” or “processor.” Company will process such Personal Information only to provide the Services. If required by applicable law, the parties will enter into Company’s Data Processing Addendum.

9. Security

We maintain reasonable administrative, technical, and physical safeguards appropriate to the nature of the information processed. No system can be guaranteed 100% secure.

10. Security Incident Notification

• Security Incident: a breach leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Client Data.
• Notice: Company will notify Client without undue delay.
• Mitigation: Company will take reasonable steps to contain, investigate, and remediate.
• No Admission: notices are not an admission of fault or liability.
• Client Cooperation: Client will cooperate with investigation and remediation.
• Client Systems: Company is not responsible for incidents originating from Client systems or third-party platforms.

11. International Transfers (Canada + cross-border)

We may store or process information in the United States or other jurisdictions where we or our service providers operate. We take steps to protect information consistent with this Policy and applicable law.

12. Cookies and Analytics

We may use cookies and similar tools for:

• essential site functionality,
• performance and analytics,
• preferences.

You may control cookies through browser settings. Disabling cookies may reduce site functionality.

13. Your Privacy Rights

A. California (CPRA)

If you are a California resident, you may have rights to:

• request access to Personal Information,
• request deletion,
• request correction,
• request information about disclosures,
• opt out of certain “sharing” for cross-context behavioral advertising.

We will not discriminate against you for exercising your rights.

B. Canada (PIPEDA and provincial laws)

Individuals in Canada may request access to and correction of their Personal Information and may withdraw consent subject to legal/contractual restrictions.

C. How to exercise rights

Email: contact@whitecupblacklid.com with “Privacy Request” in the subject line. We may verify identity/authority before fulfilling requests.

14. Children

Our Services are not directed to children, and we do not knowingly collect Personal Information from children.

15. Marketing and Client List

Unless the Client opts out in writing, we may identify the Client as a customer and use their name/logo in our marketing materials. We do not publish non-public performance metrics without permission.

16. Changes

We may update this Policy. We will post the updated version and revise the Effective Date.