PRIVACY POLICY

Effective Date: May 17, 2025

INTRODUCTION AND SCOPE

Affiloop.io ("Company," "Platform," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal information through our affiliate marketing automation platform located at https://affiloop.io and related services (collectively, the "Services").

This Policy applies to all users of our Services, including registered subscribers, trial users, and website visitors. By accessing or using our Services, you acknowledge that you have read, understood, and consent to the practices described in this Policy.

Corporate Information:

Entity Name: Affiloop.io
Headquarters: Givatayim, Israel
Contact Email: admin@affiloop.io
Phone: +972-55-964-1217
Data Protection Officer: admin@affiloop.io

Information We Collect
How We Use Your Information
Legal Basis for Processing
Information Sharing and Disclosure
Data Security and Protection
International Data Transfers
Data Retention Policies
Your Privacy Rights
Cookies and Tracking Technologies
Third-Party Integrations
Children's Privacy
California Privacy Rights (CCPA)
European Privacy Rights (GDPR)
Changes to This Policy
Contact Information

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account Registration Data:

Full name and contact information
Email address and phone number
Billing address and payment information
Username and encrypted password
Company information and business details
Communication preferences and settings

Profile and Business Information:

Affiliate marketing objectives and goals
Community platform details (Telegram, WhatsApp groups)
Product categories and niche preferences
Revenue targets and performance metrics
Custom configuration settings and preferences

Communication Content:

Support ticket messages and correspondence
Feedback, suggestions, and feature requests
Survey responses and user research participation
Direct communications with our team

1.2 Information We Collect Automatically

Usage and Analytics Data:

Platform interaction patterns and feature utilization
Session duration, frequency, and engagement metrics
Click-through rates, conversion data, and performance analytics
Content creation and posting activity
Revenue generation and affiliate commission tracking

Technical Information:

IP address, browser type, and operating system
Device identifiers and hardware specifications
Network connection data and internet service provider
Geolocation data (with your consent)
Referral sources and marketing attribution data

Platform Performance Data:

System performance metrics and error logs
Feature usage statistics and optimization data
A/B testing results and user experience analytics
Security incident logs and access patterns

1.3 Information from Third-Party Sources

Integrated Platform Data:

Social media account information (Telegram, WhatsApp)
Marketplace data from Amazon, AliExpress, and other platforms
Payment processor transaction data
Marketing analytics from advertising platforms
Public business information and verification data

Enhanced Profile Data:

Professional background information
Industry classifications and business categories
Market research data and competitive analysis
Lead generation and prospecting information

2. HOW WE USE YOUR INFORMATION

2.1 Core Service Delivery

Platform Functionality:

Providing access to our affiliate marketing automation tools
Generating AI-powered promotional content and campaigns
Automating product discovery and affiliate link management
Facilitating content distribution across integrated platforms
Delivering performance analytics and revenue optimization insights

Account Management:

Creating and maintaining user accounts
Processing subscription payments and billing
Providing customer support and technical assistance
Managing user preferences and configuration settings
Facilitating platform onboarding and training

2.2 Platform Optimization and Development

Service Improvement:

Analyzing usage patterns to enhance user experience
Developing new features and capabilities
Optimizing platform performance and reliability
Conducting user research and feedback analysis
Implementing security enhancements and bug fixes

Business Intelligence:

Understanding market trends and user behavior
Measuring platform effectiveness and ROI
Benchmarking performance against industry standards
Identifying growth opportunities and expansion areas
Developing strategic partnerships and integrations

2.3 Communication and Marketing

Customer Communication:

Sending account notifications and service updates
Providing technical support and assistance
Delivering billing statements and payment confirmations
Sharing platform news and feature announcements
Conducting user surveys and feedback collection

Marketing Activities (with consent):

Sending promotional emails and newsletters
Providing personalized product recommendations
Sharing industry insights and best practices
Inviting participation in events and webinars
Delivering targeted advertising and content

2.4 Legal and Compliance

Regulatory Compliance:

Meeting legal obligations and regulatory requirements
Responding to law enforcement requests and court orders
Preventing fraud, abuse, and unauthorized access
Maintaining audit trails and compliance records
Protecting intellectual property rights

Risk Management:

Monitoring for suspicious activity and security threats
Implementing anti-fraud measures and detection systems
Ensuring platform security and data protection
Managing disputes and legal proceedings
Maintaining business continuity and disaster recovery

3. LEGAL BASIS FOR PROCESSING

Under applicable data protection laws, including the General Data Protection Regulation (GDPR), we process your personal information based on the following legal grounds:

3.1 Contractual Necessity

Processing necessary to perform our contract with you, including:

Providing our Services as described in our Terms of Service
Managing your account and subscription
Processing payments and billing
Delivering customer support

3.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

Improving and developing our Services
Ensuring platform security and preventing fraud
Conducting business analytics and market research
Direct marketing to existing customers (where legally permitted)

3.3 Legal Compliance

Processing necessary to comply with legal obligations, including:

Responding to legal requests and court orders
Meeting regulatory reporting requirements
Maintaining records for tax and audit purposes
Implementing anti-money laundering measures

Processing based on your explicit consent, including:

Marketing communications to prospects
Geolocation tracking and analytics
Sharing data with specific third parties
Processing special categories of data (where applicable)

4.1 Service Providers and Business Partners

We engage trusted third-party service providers to support our operations:

Technology Infrastructure:

Cloud hosting and data storage providers
Content delivery networks and security services
Analytics and monitoring platforms
Development and maintenance contractors

Business Operations:

Payment processors and financial institutions
Customer support and communication platforms
Marketing automation and CRM systems
Legal, accounting, and professional services

Platform Integrations:

Social media platforms (Telegram, WhatsApp APIs)
E-commerce marketplaces (Amazon, AliExpress)
Affiliate networks and tracking systems
Third-party APIs and data sources

4.2 Legal and Regulatory Disclosures

We may disclose your information when required by law or to protect our rights:

Compliance with legal obligations and court orders
Response to government requests and regulatory inquiries
Protection of our rights, property, and safety
Prevention of fraud, abuse, and illegal activities
Enforcement of our Terms of Service and policies

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

Your information may be transferred to the acquiring entity
We will provide notice before transfer occurs
The acquiring entity will be bound by this Privacy Policy
You will have the right to object to such transfers (where legally applicable)

4.4 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

Industry reports and market research
Platform performance benchmarks
Academic research and publications
Business development and partnership discussions

5. DATA SECURITY AND PROTECTION

5.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

End-to-end encryption for data transmission
Advanced encryption standards (AES-256) for data storage
Multi-factor authentication and access controls
Regular security audits and penetration testing
Automated threat detection and response systems

Organizational Measures:

Employee background checks and security training
Principle of least privilege access controls
Regular security awareness programs
Incident response and breach notification procedures
Vendor security assessment and management

Physical Security:

Secure data centers with biometric access controls
Environmental monitoring and disaster recovery systems
Hardware security modules for cryptographic operations
Secure disposal of storage media and equipment

5.2 Data Breach Response

In the event of a data breach affecting personal information:

We will investigate and contain the incident promptly
Affected users will be notified within 72 hours (where required by law)
Regulatory authorities will be notified as legally required
We will provide detailed information about the incident and remedial actions
Additional security measures will be implemented to prevent future incidents

5.3 Security Limitations

While we implement robust security measures, no system is completely secure:

Internet transmission always carries inherent risks
You are responsible for maintaining the security of your account credentials
We recommend using strong passwords and enabling two-factor authentication
Report any suspected security incidents to us immediately

6. INTERNATIONAL DATA TRANSFERS

6.1 Data Transfer Framework

Our Services involve international data transfers:

Primary data processing occurs in Germany (hosting location)
Israeli headquarters manages business operations
Some service providers operate in other jurisdictions
Data may be accessed from various countries for support purposes

6.2 Transfer Safeguards

We implement appropriate safeguards for international transfers:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where available
Binding corporate rules for intra-group transfers
Specific consent where required by law

6.3 Cross-Border Data Flow

By using our Services, you acknowledge and consent to:

Transfer of your data to Germany for hosting and processing
Access to your data from Israel for business operations
Transfers to service providers in various jurisdictions
Processing by our global team for support and development

7. DATA RETENTION POLICIES

7.1 Retention Principles

We retain personal information only as long as necessary for:

Providing our Services to you
Complying with legal obligations
Resolving disputes and enforcing agreements
Protecting our rights and interests

7.2 Specific Retention Periods

Account Data:

Active accounts: Throughout the duration of your subscription
Closed accounts: Up to 7 years for tax and legal compliance
Billing information: 7 years from last transaction

Usage Data:

Analytics and performance data: 3 years from collection
Log files and technical data: 1 year from creation
Security incident logs: 7 years from incident

Communication Data:

Support tickets: 3 years from resolution
Marketing communications: Until opt-out or 5 years
Legal correspondence: 10 years from last communication

7.3 Deletion Procedures

When retention periods expire:

Data is permanently deleted from production systems
Backup systems are purged according to our schedule
Some data may be retained in aggregated, anonymized form
You can request earlier deletion subject to legal obligations

8. YOUR PRIVACY RIGHTS

8.1 Universal Rights

Regardless of your location, you have certain rights regarding your personal information:

Access Rights:

Request a copy of personal information we hold about you
Obtain information about how your data is processed
Receive data in a structured, machine-readable format

Correction Rights:

Update or correct inaccurate personal information
Complete incomplete data in your profile
Modify preferences and settings

Deletion Rights:

Request deletion of your personal information
Close your account and remove associated data
Object to continued processing (subject to legal obligations)

8.2 Marketing and Communication Controls

Email Communications:

Unsubscribe from marketing emails using provided links
Modify email preferences in your account settings
Opt out of specific communication categories

SMS and Mobile:

Reply "STOP" to cease text message communications
Contact support to modify SMS preferences
Manage push notification settings in your device

8.3 Exercising Your Rights

To exercise your privacy rights:

Log into your account and update preferences directly
Contact us at admin@affiloop.io with specific requests
Provide necessary information to verify your identity
We will respond within 30 days (or as required by applicable law)

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies We Use

Essential Cookies:

Session management and authentication
Security and fraud prevention
Basic platform functionality
User preference storage

Analytics Cookies:

Usage statistics and performance monitoring
A/B testing and feature optimization
Error tracking and debugging
User experience research

Marketing Cookies:

Advertising targeting and personalization
Conversion tracking and attribution
Retargeting and remarketing campaigns
Social media integration

Browser Controls:

Most browsers allow you to control cookie settings
You can block, delete, or restrict cookies
Some platform features may not function without essential cookies

Opt-Out Options:

Marketing cookies can be disabled through our cookie banner
Third-party opt-out tools are available for advertising cookies
Analytics opt-out options are provided where required

9.3 Third-Party Tracking

We use various third-party services that may track your activity:

Google Analytics for usage analysis
Payment processors for transaction tracking
Social media platforms for integration features
Advertising networks for marketing campaigns

10. THIRD-PARTY INTEGRATIONS

10.1 Platform Integrations

Our Services integrate with various third-party platforms:

Social Media Platforms:

Telegram Bot API for group management
WhatsApp Business API for messaging
Facebook/Meta APIs for advertising integration
Twitter API for social media posting

E-commerce Platforms:

Amazon Product Advertising API
AliExpress Open Platform API
Commission Junction affiliate network
ShareASale affiliate tracking

When you connect third-party services:

We access only data necessary for functionality
Third-party privacy policies apply to their data handling
You can disconnect integrations at any time
Some features may be limited without integrations

10.3 Third-Party Responsibilities

We are not responsible for:

Privacy practices of integrated platforms
Changes to third-party APIs or policies
Data security of external services
Content or practices of linked websites

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

Our Services are not intended for children under 13 years of age:

We do not knowingly collect information from children under 13
Users between 13-18 require parental consent
Parents/guardians must review and agree to our Terms and Privacy Policy

11.2 Parental Controls

For users under 18:

Parents can review and modify account information
Account activity monitoring is available
Parents can request account deletion at any time
We provide educational resources about online safety

11.3 Discovered Underage Users

If we discover a user under 13:

The account will be immediately suspended
All associated data will be deleted
Parents will be contacted if possible
Future access will be prohibited until age verification

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

12.1 California Consumer Rights

California residents have additional privacy rights under the CCPA:

Right to Know:

Categories of personal information collected
Sources of personal information
Business purposes for collection
Third parties with whom information is shared

Right to Delete:

Request deletion of personal information
Exceptions for legal obligations and business needs
Confirmation of deletion upon completion

Right to Opt-Out:

Opt-out of sale of personal information (we do not sell personal information)
Opt-out of sharing for cross-context behavioral advertising
Global Privacy Control recognition

12.2 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights:

No denial of services or different service levels
No different pricing or charges
No suggestion that you will receive different services

12.3 Authorized Agents

You may designate an authorized agent to make requests:

Written authorization must be provided
Identity verification is required for both consumer and agent
Direct confirmation from consumer may be requested

European Union residents have comprehensive rights under GDPR:

Enhanced Access Rights:

Detailed information about data processing
Copy of personal data in portable format
Information about automated decision-making

Data Portability:

Receive data in structured, machine-readable format
Transfer data directly to another controller (where technically feasible)

Objection Rights:

Object to processing for direct marketing
Object to processing based on legitimate interests
Object to automated decision-making and profiling

13.2 Data Protection Authority

You have the right to lodge complaints with supervisory authorities:

Contact your local data protection authority
File complaints about our data processing practices
Seek remedies for privacy rights violations

13.3 Data Protection Officer

Our Data Protection Officer can be contacted at:

Email: admin@affiloop.io
Subject: "Data Protection Officer - Privacy Inquiry"
We will respond within one month of receipt

14. CHANGES TO THIS POLICY

14.1 Policy Updates

We may update this Privacy Policy periodically:

Changes will be posted on our website with updated effective date
Significant changes will be communicated via email
Continued use of Services constitutes acceptance of changes
Previous versions will be archived for reference

14.2 Notification Process

For material changes affecting your rights:

Email notification to registered users
Prominent website notices
In-app notifications where applicable
Reasonable time to review changes before implementation

14.3 Change Documentation

We maintain records of policy changes:

Version history with change summaries
Rationale for significant modifications
Legal and regulatory compliance updates
User feedback integration and responses

15. CONTACT INFORMATION

15.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Primary Contact:

Email: admin@affiloop.io
Subject: "Privacy Policy Inquiry"
Phone: +972-55-964-1217
Address: Givatayim, Israel

Data Protection Officer:

Email: admin@affiloop.io
Subject: "Data Protection Officer"

15.2 Privacy Rights Requests