Interpretation
Capitalized terms have the meanings defined below, regardless of whether they appear in singular or plural form.
Privacy Policy & Data Processing Addendum (DPA)
Retention Systems
Last Updated:
Introduction
This Privacy Policy and Data Processing Addendum (“Policy”) describes how Gingivital LLC d/b/a Retention Systems (“Retention Systems,” “Company,” “we,” “us,” or “our”) collects, uses, processes, and discloses information when you access or use our website, software platform, and related services (collectively, the “Service”).
By using the Service, you agree to the practices described in this Policy.
1. Interpretation and Definitions
Definitions
- Account
- A unique account created to access the Service.
- Affiliate
- An entity controlling, controlled by, or under common control with another entity.
- Client
- Any individual or legal entity using the Service.
- Client Customer Data
- Personal Data uploaded by Clients relating to their customers, leads, or contacts.
- Company
- Gingivital LLC, 128 North Division St., New York, United States.
- Cookies
- Small files placed on your Device to enable functionality and analytics.
- Country
- United States (New York).
- Controller
- The entity determining the purposes and means of processing Personal Data.
- Device
- Any device capable of accessing the Service.
- Personal Data
- Information relating to an identified or identifiable individual.
- Processor
- The entity processing Personal Data on behalf of a Controller.
- Service
- The Retention Systems website and software platform.
- Service Provider
- Third parties that process data on behalf of the Company.
- Usage Data
- Data collected automatically through use of the Service.
- You
- The individual or entity using the Service.
2. Scope of This Policy
This Policy applies to:
- Website visitors
- Account holders
- Clients using messaging, CRM, and automation features
This Policy does not govern how Clients collect or use their own customers’ data outside the Service.
3. Roles of the Parties (CRITICAL)
- Clients are Data Controllers of Client Customer Data.
- Retention Systems is a Data Processor.
- Retention Systems does not own, sell, or independently use Client Customer Data.
- Clients determine who is contacted, why, how, and what content is sent.
4. Information We Collect
4.1 Personal Data (Account & Platform Data)
We may collect:
- Name
- Email address
- Phone number
- Business name
- Address and billing details
- Login credentials
- Support communications
4.2 Client Customer Data
Clients may upload:
- Customer phone numbers
- Email addresses
- Names
- Message content
- CRM notes and metadata
This data is processed solely on Client instructions.
4.3 Usage Data
Collected automatically:
- IP address
- Browser type
- Pages visited
- Device identifiers
- Session data
- Diagnostic and performance logs
5. Cookies and Tracking Technologies
We use:
- Essential cookies (authentication, security)
- Functionality cookies (preferences)
- Analytics cookies (performance, diagnostics)
You may disable cookies via your browser, but some features may not function properly.
6. How We Use Data
We use Personal Data to:
- Provide and maintain the Service
- Authenticate users
- Process subscriptions and payments
- Enable SMS, MMS, email, and automation delivery
- Provide customer support
- Monitor abuse, fraud, and compliance
- Improve reliability and performance
- Comply with legal obligations
7. Messaging, SMS, Email, and Automation Processing
Retention Systems enables Clients to send SMS, MMS, email, and automated communications to their own customers.
- We act solely as a technical platform
- We do not initiate messages
- We do not obtain consent on behalf of Clients
- We do not determine campaign purpose or content
Clients are solely responsible for compliance with applicable laws and requirements, including TCPA, CAN-SPAM, CASL, GDPR (where applicable), and A2P 10DLC and carrier requirements.
8. Data Sharing
We may share Personal Data with:
- Infrastructure providers (hosting, messaging, email delivery)
- Payment processors
- Customer support platforms
- Legal authorities when required by law
- Affiliates under common control
We do not sell Personal Data.
9. Data Retention
- Personal Data is retained only as long as necessary to provide the Service or comply with law.
- Client Customer Data is retained according to Client instructions and platform retention settings.
- Backup data may persist temporarily for disaster recovery purposes.
10. International Data Transfers
Data may be processed outside your jurisdiction. Appropriate safeguards are used, including contractual protections.
11. Your Data Rights
Depending on jurisdiction, you may have rights to access your Personal Data, request correction or deletion, or restrict processing.
Requests relating to Client Customer Data should be directed to the Client who collected the data.
12. Security
We implement commercially reasonable safeguards, including access controls, secure infrastructure providers, and monitoring and abuse prevention. No system is 100% secure.
13. Third-Party Service Providers
We may use providers such as cloud hosting providers, messaging and email delivery services, payment processors, and support platforms. Each provider processes data under its own privacy obligations.
14. Children’s Privacy
The Service is not intended for individuals under 13. We do not knowingly collect data from children.
15. Links to Third-Party Sites
We are not responsible for the privacy practices of third-party websites.
16. Changes to This Policy
We may update this Policy periodically. Changes take effect when posted with a revised “Last Updated” date.
17. Contact Information
Email: greg.ss1000@gmail.com
Phone: (315) 857-4934
Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the agreement between Retention Systems and the Client. This DPA applies to Retention Systems’ Processing of Personal Data on behalf of the Client in connection with the Service.
A. Scope and Purpose
Retention Systems processes Personal Data solely to provide the Service, including CRM, messaging, automation, analytics, and support.
B. Client Obligations
The Client represents and warrants that:
- All data is lawfully collected.
- Proper consent and/or legal basis has been obtained where required.
- Processing instructions comply with applicable laws.
- Messaging complies with applicable laws and requirements, including TCPA, CAN-SPAM, GDPR (where applicable), and carrier rules such as A2P 10DLC.
C. Processor Obligations
- Process Personal Data only on documented instructions from the Client.
- Ensure personnel authorized to process Personal Data are bound by confidentiality obligations.
- Implement commercially reasonable technical and organizational security measures.
- Assist the Client with lawful data subject requests where feasible and appropriate.
D. Sub-processors
The Client authorizes Retention Systems to engage Sub-processors to support delivery of the Service (e.g., hosting, messaging delivery, email delivery, payment processing, analytics, and customer support).
Retention Systems will impose data protection obligations on Sub-processors consistent with this DPA.
E. Data Breach Notification
Retention Systems will notify the Client without undue delay after becoming aware of a Personal Data breach affecting Client Customer Data.
F. Data Deletion
Upon termination of the Service, Personal Data will be deleted or returned upon Client request, subject to legal retention requirements and limited backup retention for disaster recovery.
G. Liability
Liability under this DPA is subject to the limitations set forth in the Terms of Service.
H. Governing Law
This DPA is governed by the laws specified in the Terms of Service.
I. Order of Precedence
- This DPA
- Terms of Service
- Privacy Policy