SharpSpring Privacy Policy Framework for GDPR Compliance

Note: Check out what we submitted to become Privacy Shield certified.

  1. Overview.

    This document outlines some of the updates that will be appear in a forthcoming update to our Privacy Policy. This document omits many details that will be present in our updated Privacy Policy and is meant to convey a general policy framework. This is not a legal document and should not be considered to be any kind of binding agreement.

    Our updated Privacy Policy will strengthen SharpSpring’s commitment to the following principles:

    1. Accountability
      We are responsible for the protection of personal data entrusted to us.
    2. Transparency
      We inform users about the collection and processing of their personal data and use it fairly.
    3. Proportionality
      We collect and use personal data for specific legitimate purposes. We collect what we need to get our job done.
    4. Control
      We offer users choices regarding the use of their personal data and honor their preferences for contacting them.
    5. Data Protection by Design and by Default
      We apply data protection by design and by default principles when structuring and providing our services and designing our applications.
    6. Security & Retention
      We apply technical, physical and organizational measures to ensure an appropriate level of security for the personal data in our custody. We retain it as needed for its intended purposes.
    7. Third Parties
      We carefully choose vendors, service providers and other third parties with whom we share personal data and require them to commit to standards that we consider adequate.
  2. Introduction.
    1. Purpose
      Our Privacy Policy applies to the handling of personal data of visitors, leads, and customers of the SharpSpring website, the SharpSpring service, and any software applications made available by SharpSpring, such as any mobile device application, as well as any other information that we may collect when we interact with individuals, such as in responding to emails or phone call inquiries, or when we receive information from an individual at a tradeshow or other marketing event (collectively, “Service“).
    2. Visitors, Leads, Customers and Users
      For the purpose of our Privacy Policy,

      1. “Visitor” means an individual who visits the Service, seeks information about, or interacts with us in any manner, for example in emails, phone calls or through in-person interaction;
      2. “Lead” means a visitor who has expressed interest in our or our customers’ products or services, for example by filling out a form or providing a business card to request information, a white paper, or a demo of the Service;
      3. “Customer” means an individual who has purchased – or whose employer has purchased – and paid for one of our products or services and who interacts with the Service in such capacity;
      4. “User” or “you” means a visitor, or a lead or a customer.
    3. Scope
      Our Privacy Policy is only applicable to the personal data that we collect on or through the Service. It does not apply to any third-party website, service or social media button (“Third Party Service“) that may be linked to the Service.
    4. Terms of Service
      Our Privacy Policy will be incorporated into the SharpSpring Terms of Service, which is available at
  3. Updates and Changes to Privacy Notice.

    Each time you access the Service, the then-current version of our Privacy Policy will apply. We recommend that you periodically check our Privacy Policy and the posted date, and review any changes since the last time you used the Service.

    We will review and update our Privacy Policy periodically in response to changing legal, technical, market, and business developments. When we update our Privacy Policy, we will note the date of its most recent revision. The change will apply to all personal data that we have about you. If we make material changes to our Privacy Policy, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law.

  4. Information Collection Practices.

    Our Privacy Policy will outline the variety of ways that we collect data, and it will show that the data that we collect is for the legitimate interest of our business, including for marketing purposes.

    We’ll provide information about the categories of data that we collect, including:

    1. Log Data
      When a user uses or interacts with our Service or clicks on a link that directs the user to our Service, the user’s browser automatically provides, and we automatically collect and store, certain information about the user’s device (computer, tablet, smartphone) and the user’s activities (“Traffic Data”). Our updated Privacy Policy will describe the type of log data that we collect.
    2. Traffic Data
      When a user uses or interacts with our Service, information about their use of our Service, including time and date stamps, URLs visited, time spent on pages, click through, clickstream data, search queries made, search results selected, and other such data, is generated. Our Privacy Policy will further describe the types of traffic data generated through the use of our Service.
    3. Lead Data
      If a visitor interacts with us, for example, to inquire about a product or service, the visitor becomes a lead. If a visitor interacts with the website of a user of our Service in the same way, they will become a lead of our customer. In these cases, we will collect information provided to us through the form or questionnaire used to make the request, or the contact or other information provided at a trade show or industry event. Our Privacy Policy will describe the type of information collected through this interaction.
    4. Customer Data
      In the case of a customer who (or whose employer or agent) has purchased the Service, we create an account on our Service. Our Privacy Policy will describe the type of information that we store when creating an account.
    5. Publicly Available Information
      We supplement information that we receive directly from the user or the user’s equipment with additional information that is available from public sources or other publicly available databases. Our Privacy Policy will describe the sources of this information in more detail.
    6. Payment Information
      If a customer pays for the Service online, we collect the method of payment, date and amount of the payment. Our Privacy Policy will describe the type of payment information that we store and process.
    7. Communication from Users
      When a user completes a form to register to attend an online seminar or conference, or when a user otherwise contacts us by email, phone or text, we automatically collect and store certain information about the user and the user’s activities. Our Privacy Policy will document the type of user information that we collect and store and for what purpose.
    8. Communications to Users
      When we send a message to a user, our message may contain images or links, which when viewed or clicked, will register an event that allows us to know whether the user has accessed or declined to open our message. Our Privacy Policy will describe our use of this information.
    9. Surveys and Contests
      From time-to-time, we invite users to participate in surveys or contests. Our Privacy Policy will document the type of information that we collect and store when conducting surveys and contests and for what purpose.
    10. Social Media
      Our Service includes integrations with third-party social media platforms like Facebook, Twitter and LinkedIn. We’ll describe what information these platforms can collect and the means by which they can collect it.
    11. Information we Obtain from Third Parties
      We receive information from third-party data providers. Our Privacy Policy will document the kind of information that we obtain from third parties and for what purpose.
  5. How Information is Collected.

    We collect information through several different sources. Our Privacy Policy will document the sources from which we collect information, including specific details about how we collect information from the following sources:

    1. Information Provided by the User’s Device
      Some information is provided automatically by the user’s device or browser. We’ll document what device information we collect.
    2. Information Obtained when a User Downloads and Uses our App
      We’ll document the kind of information we collect when a user uses our App.
    3. Direct Contact by the User
      Some information is provided directly by the user. We’ll document this information.
    4. User’s Activity on a Third-Party Site
      When a user uses a website that that has integrated our forms or analytics code, some information will be shared with us. Our Privacy Policy will describe what information is shared and by what means.
    5. Social Media
      Users may choose to connect their social media accounts, including accounts like Facebook and LinkedIn, to their account on our Service. Our Privacy Policy will document the kind of information shared when a user connects a social media account to their customer account on our Service.
    6. Cookies, Pixel Tags and Other Technologies
      Some information is collected through cookies and similar technologies. Our Privacy Policy will document the cookies that we use and the purposes for which we use them.
  6. Information Use and Disclosure.

    Our Privacy Policy will describe the kind of information that we use and our purpose for using it, including descriptions about how we use information for the following purposes:

    1. To Better Communicate with Visitors and Provide Relevant Information
    2. As part of our Marketing Efforts
    3. As part of our Sales Effort
    4. To Interact with Customers
    5. To Provide the Service or Facilitate the Use of the Service
    6. For Financial and Accounting
    7. For our Business Operations
    8. To Adapt our Website and Apps to the User’s Needs
    9. For Security Purposes
    10. For Statistical and Research Purposes
  7. Sharing with Third Parties.

    Our Privacy Policy will describe what data we share with service providers, analytics software providers, social media networks, affiliates, payment processors, law enforcement, government institutions, and other third parties, and for what purpose.

  8. Crossborder Transfer of Information.

    We provide a global Service. Subject to applicable law, information that we obtain from or about users may be processed or transferred to data centers located throughout the world. Our Privacy Policy will describe the standards and laws that apply to this data transfer, and our participation in any agreements that affect this.

  9. Security.

    Our Privacy Policy will document our policies and practices regarding important security topics, including:

    1. Security of Personal data
    2. Breach of Security
    3. Lost or Stolen Information
  10. Data Retention.

    We will retain personal data we collect from you where we have justifiable business need to do so. Our Privacy Policy will describe the type of data that we retain, for how long, and for what purpose.

  11. Advertising Choices.
    1. Cookies
      You may choose to block our Service and other sites from setting cookies by changing the settings of your browser. Our Privacy Policy will include links to tools and information that will educate you about cookies and help you to configure important cookie options in the most popular web browsers.
    2. Interest-Based Advertising
      We use information collected about a user’s use of our Service to arrange for advertisements about our Service to be served to a user on third party’s websites. Our Privacy Policy will describe how this works and will include links to help you educate yourself about interest based advertising.
    3. Opt-out of Interest Based Advertising
      Our Privacy Policy will include information and links to help you opt-out of receiving interest-based advertising.
    4. Social Media
      Our Privacy Policy will include information about removing the permissions you have granted to SharpSpring by using the application privacy settings on your social media account.
    5. Electronic Communications
      Our Privacy Policy will describe our opt-out process, which a user may use if he or she no longer wants to receive electronic communication from us.
  12. Right of Information, Access and Other Rights.
    1. Accessing, Correcting or Deleting Your Information
      Customers who have an account with SharpSpring have the right to review, change or suppress personal data that we have collected from them. Our Privacy Policy will describe this process.
  13. EU/EEA Residents: Data Subject Rights under the GDPR.

    The EU General Data Protection Regulation grants individuals who are in the European Union and European Economic Area (EU/EEA) the following rights, with some limitations:

    1. Right Not to Provide Consent or to Withdraw Consent
    2. Right of Access
    3. Right of Rectification
    4. Right of Erasure
    5. Right to Restrict Processing
    6. Right to Data Portability
    7. Right to Object to the Processing
    8. Right to Object to the Processing for Direct Marketing Purposes
    9. Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects

    Our Privacy Policy will describe these rights in the context of our Service and the process by which a user may choose to exercise them.

  14. California Residents: Rights under California Law.

    California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights. Our Privacy Policy will include information about California’s Shine the Light requirement.

    1. Do-Not-Track
      Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California law requires that we disclose to users how we treat do-not-track requests. Our Privacy Policy will disclose how we respond to Do-Not-Track requests.
    2. Children’s Privacy
      Our Service is not directed to individuals under the age of 13. We do not solicit or knowingly collect Personal data from such individuals. If we obtain actual knowledge that we have collected Personal data from a child under the age of 13, we will take steps to delete such information from our database. Our Privacy Policy will include information about how to contact us to remove the information of children under 13 if you become aware that a child has provided us with personal data.
  15. How to Contact Us.

    Our Privacy Policy will include information about how to contact us related to questions, concerns, or feedback about our Policy.