1. Introduction
Pactline ("Company", "we", "us", or "our"), operated by Rasan Group, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle personal information when you use our website, API, and services (collectively, the "Service").
This Privacy Policy applies to:
- Website visitors (pactline.io)
- Account holders and users of Pactline services
- Individuals whose consent decisions are tracked by Pactline customers
2. Data Controller
Data Controller: Rasan Group
Contact: privacy@pactline.io
Data Protection Officer (DPO): Available upon request
3. Types of Data We Collect
3.1 Account and Registration Data
When you create a Pactline account, we collect:
- Name and email address
- Organization name and role
- Phone number (optional)
- Password (hashed securely)
- Account settings and preferences
3.2 Billing and Payment Data
For customers on paid plans, we collect:
- Billing address and contact information
- Payment method details (processed via Stripe)
- Invoice records and transaction history
- Tax identification information (if applicable)
Note: We do not store full credit card numbers. Payment processing is handled by Stripe, and we only receive tokenized payment information.
3.3 Consent Records and Audit Data
To provide our Service, we process:
- Consent decisions and approvals by your users
- Audit logs of consent workflows
- Timestamps and IP addresses of interactions
- User identifiers (emails, user IDs) participating in consent flows
3.4 API Usage and Analytics
We automatically collect:
- API endpoint usage and call frequency
- API key usage patterns
- Response times and error rates
- Geographic location of API requests
- User agent and browser information
3.5 Communication Data
When you contact us, we collect:
- Email messages and support tickets
- Chat messages with support team
- Call recordings (with your consent)
- Message content and attachments
3.6 Website and Event Data
When you visit pactline.io, we may collect:
- IP address and device identifiers
- Pages visited and time spent
- Referring website
- General location data (city/country level)
- Signup form submissions
4. Legal Basis for Processing
We process personal data based on the following legal bases (under GDPR and similar laws):
- Contract Performance: Processing necessary to provide the Service you've contracted for
- Legitimate Interest: Business operations, security, fraud prevention, analytics
- Consent: Marketing communications, optional analytics, non-essential features
- Legal Obligation: Compliance with regulations, court orders, law enforcement requests
- Vital Interests: Protecting health and safety in emergencies
5. How We Use Your Information
5.1 Service Delivery
- Providing and maintaining Pactline platform functionality
- Processing API requests and consent workflows
- Managing user accounts and access control
- Billing and payment processing
5.2 Security and Fraud Prevention
- Detecting and preventing unauthorized access
- Monitoring for fraudulent activity
- Protecting against cyber attacks and data breaches
- Enforcing Terms of Service and other agreements
5.3 Service Improvement and Analytics
- Analyzing usage patterns to improve features
- Identifying technical issues and bugs
- Testing new features and improvements
- Measuring performance metrics and SLA compliance
5.4 Compliance and Legal Obligations
- Responding to legal requests and court orders
- Complying with regulatory requirements
- Maintaining audit trails for compliance purposes
- Supporting data subject requests (GDPR, CCPA)
5.5 Communications
- Sending account notifications and service updates
- Responding to support requests
- Sending marketing communications (with your consent)
- Announcing new features and changes
6. Data Retention Periods
We retain personal data for as long as necessary to provide the Service and comply with legal obligations:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 90 days | Account recovery and audit |
| Consent records | Per customer request or 7 years | Compliance and audit trail |
| Billing/payment records | 7 years | Legal and tax compliance |
| API usage logs | 12 months | Billing accuracy and troubleshooting |
| Support communications | 2 years | Service improvement and disputes |
| Website analytics | 24 months | Performance analysis |
7. Sub-Processors and Third Parties
We may share data with the following categories of processors and partners:
- Hosting Provider: Cloud infrastructure for data storage and processing
- Payment Processor: Stripe for payment processing
- Email Service: Email delivery provider for notifications
- Analytics Provider: Analytics platform for usage statistics
- Customer Support: Support ticket system and communication tools
- Legal/Compliance: Advisors for compliance and legal matters
Important: For details on sub-processors and data processing arrangements, please refer to our Data Processing Agreement (DPA) at pactline.io/dpa.html.
8. International Data Transfers
Pactline operates globally. If you are in the EU or UK, your data may be transferred to countries outside the European Economic Area (EEA) for processing, storage, or backup purposes.
We implement Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected during international transfers in compliance with GDPR and UK GDPR.
9. Your Rights
9.1 GDPR Data Subject Rights (EU/UK)
If you are in the EU or UK, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (subject to legal obligations)
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive data in a structured, portable format
- Right to Object: Object to processing based on legitimate interest
- Right to Withdraw Consent: Withdraw consent for optional processing
- Right to Lodge a Complaint: File a complaint with your data protection authority
9.2 CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know what personal information is collected, used, and shared
- Delete personal information collected from you
- Opt-out of the sale or sharing of personal information
- Non-discrimination for exercising your CCPA rights
9.3 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@pactline.io with your request. We will respond within 30 days (or as required by law).
10. Cookies and Tracking
10.1 Cookies
Pactline uses cookies for:
- Authentication and session management
- User preferences and settings
- Analytics and performance monitoring
- Security and fraud prevention
10.2 Cookie Types
- Essential Cookies: Required for platform functionality
- Analytical Cookies: Track usage patterns (optional, requires consent)
- Marketing Cookies: Support advertising (requires consent)
10.3 Opt-Out
You may disable non-essential cookies through your browser settings. However, disabling essential cookies may limit platform functionality.
11. Security Measures
We implement industry-standard security measures to protect your personal data:
- Encryption in transit (TLS 1.2+) and at rest
- Access controls and role-based permissions
- Regular security audits and penetration testing
- Employee training and confidentiality agreements
- Incident response and breach notification procedures
- Secure deletion and data destruction protocols
12. Data Breach Notification
In the event of a security breach affecting personal data, we will:
- Notify affected individuals within 72 hours (or as required by law)
- Provide details about the breach and impacted data categories
- Explain remediation steps and risk mitigation
- Provide guidance on protecting yourself
13. Children's Privacy
Pactline is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be communicated to you via email or prominent notice on the website. Your continued use of Pactline after changes constitutes acceptance of the updated Privacy Policy.
15. Contact and Data Protection Officer
For questions about this Privacy Policy or to exercise your rights:
Privacy Team
Rasan Group
Email: privacy@pactline.io
Website: https://pactline.io
For EU/UK data protection authority inquiries:
Data Protection Officer
Contact available at: privacy@pactline.io