Puno
Get Early Access

Privacy Policy

Your privacy is important to us. This policy explains how PUNO collects, uses, and protects your information in compliance with data protection laws and platform requirements.

Last updated: January 2025

Important: PUNO complies with applicable data protection laws including GDPR, CCPA, and Meta's Platform Terms. We process personal data both for our own purposes and under instructions from our customers who use PUNO's services.

1. Data Controller and Processor Roles

PUNO Inc. acts as both a data controller and data processor depending on the context:

  • As Data Controller: When we determine the purposes and means of processing your personal data for our own business purposes (account management, service provision, marketing)
  • As Data Processor: When we process personal data on behalf of our customers (your conversation data, automation rules, customer interactions)

Our customers remain the data controller for any personal data they collect through our platform and are responsible for obtaining appropriate consent and providing privacy notices to their end users.

2. Information We Collect

Information You Provide Directly

  • Account registration information (name, email address, password)
  • Profile information and business details
  • Social media account connection data (Facebook, Instagram, WhatsApp page details)
  • Payment and billing information
  • Customer support communications
  • Automation rules, conversation flows, and messaging templates you create

Information from Social Media Platforms

  • Page information and metadata from connected social media accounts
  • Message content and conversation history (processed on your behalf)
  • User interaction data (comments, likes, message timestamps)
  • Platform-specific identifiers and access tokens

Automatically Collected Information

  • Usage analytics and platform interaction data
  • Device information (IP address, browser type, operating system)
  • Log files and performance metrics
  • Cookies and similar tracking technologies

Customer Data: When you use our services to interact with your customers, we process conversation data solely on your behalf. You are responsible for obtaining appropriate consent from your customers and complying with applicable privacy laws.

3. How We Use Your Information

We use your information for the following purposes:

Service Provision

  • Create and manage your PUNO account
  • Provide conversation automation services
  • Process social media platform integrations
  • Deliver automated responses and manage conversations
  • Generate analytics and reporting

Business Operations

  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Send service updates and important notifications
  • Improve our platform and develop new features
  • Ensure platform security and prevent fraud

Marketing and Communications

  • Send promotional materials and product updates (with consent)
  • Conduct market research and user surveys
  • Personalize your platform experience

Legal and Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and protect our legal rights
  • Enforce our Terms of Service and prevent misuse

4. Social Media Platform Integration

PUNO integrates with various social media platforms to provide automation services. When you connect your accounts:

  • We access only the permissions you explicitly grant through platform authorization flows
  • We process data from your connected accounts solely to provide our automation services
  • We maintain separate data handling for each platform according to their respective requirements
  • You can revoke platform connections at any time through your account settings

Supported Platforms

  • Facebook/Meta: Pages, Messenger conversations, post comments
  • Instagram: Business accounts, direct messages, comment responses
  • WhatsApp Business: Business account messaging

5. Facebook Platform Compliance

PUNO complies with Meta's Platform Terms and Developer Policies. Specifically:

Data Processing Principles

  • We do not sell, license, or purchase Facebook Platform Data
  • We only process Platform Data for permitted purposes as defined in Meta's Developer Documentation
  • We do not use Platform Data to build or augment user profiles for unauthorized purposes
  • We implement appropriate data security measures as required by Meta's standards

Prohibited Practices

  • We do not use Platform Data for surveillance purposes
  • We do not make eligibility determinations based on protected characteristics
  • We do not attempt to re-identify anonymized data
  • We comply with all data retention and deletion requirements

User Rights

  • You can disconnect your Facebook/Instagram accounts at any time
  • We provide accessible ways to request data modification or deletion
  • We respond promptly to user requests regarding their Platform Data

Platform Data Sharing: We only share Platform Data as permitted by Meta's Platform Terms, including when required by law, with your consent, or with service providers under appropriate agreements.

6. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

Service Providers

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Customer support platforms
  • Analytics and monitoring services

Legal Requirements

  • When required by law or legal process
  • To protect our rights, property, or safety
  • To prevent fraud or investigate security incidents
  • In connection with business transfers or acquisitions

With Your Consent

  • When you explicitly direct us to share information
  • For specific integrations you authorize
  • In other circumstances with your clear consent

7. Data Security and Protection

We implement comprehensive security measures to protect your data:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Monitoring and incident response procedures

Organizational Measures

  • Employee training on data protection
  • Access controls and principle of least privilege
  • Data processing agreements with service providers
  • Regular policy and procedure reviews

Incident Response

In the event of a security incident affecting your personal data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the incident.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Account Data

  • Account information: Until account deletion plus up to 30 days for operational purposes
  • Billing records: As required by tax and accounting laws (typically 7 years)
  • Customer support records: Up to 3 years after resolution

Platform Data

  • Conversation data: Deleted promptly when no longer needed for service provision
  • Platform tokens: Refreshed or deleted according to platform requirements
  • Analytics data: Aggregated and anonymized after processing

Deletion Procedures

  • Automated deletion processes for expired data
  • Manual review for legal hold requirements
  • Secure deletion methods that prevent data recovery

9. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

Universal Rights

  • Access: Request information about the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal limitations)
  • Opt-out: Unsubscribe from marketing communications

Enhanced Rights (GDPR, CCPA, etc.)

  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing under certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Consent Withdrawal: Withdraw consent for consent-based processing

Exercising Your Rights

To exercise these rights, contact us at privacy@puno.ai. We will respond within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing your request.

Complaints

If you believe we have not properly handled your personal data, you have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

PUNO may transfer your personal data internationally. We ensure appropriate safeguards are in place:

Transfer Mechanisms

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate protection
  • Other appropriate safeguards as recognized by applicable law

Data Locations

  • Primary data processing occurs in the United States
  • Service providers may be located in various countries
  • We maintain records of all international transfers

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Types of Cookies

  • Essential: Required for basic platform functionality
  • Analytics: Help us understand how you use our platform
  • Preference: Remember your settings and preferences
  • Marketing: Deliver relevant advertisements and measure campaign effectiveness

Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect platform functionality.

12. Children's Privacy

PUNO is not intended for use by children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.

Parents who believe their child has provided personal data to us should contact us at privacy@puno.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Notify you by email (if you have provided your email address)
  • Post a notice on our platform
  • Update the "Last updated" date at the top of this policy

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@puno.ai

Data Protection Officer: dpo@puno.ai

Address: PUNO Inc., Privacy Department

Platform Compliance: compliance@puno.ai

← Back to HomeTerms of Service →