Choladeck (“we,” “us,” or “our”) operates the Choladeck website (choladeck.com) and the Choladeck web application (app.choladeck.com), collectively referred to as the “Service.” This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our websites and use our Service.
By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not access or use the Service.
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide when you interact with the Service:
- Account Information: When you register, we collect your name, email address, and password. If you sign up using a third-party service (such as Google), we receive your name and email from that provider.
- Billing Information: When you subscribe to a paid plan, your payment details (credit card number, billing address) are collected and processed directly by our payment processor, Stripe. We do not store your full credit card number on our servers. We receive and retain only a tokenized reference, the last four digits of your card, card type, and billing address for record-keeping.
- Profile Information: Any additional information you add to your profile, such as company name, job title, or profile photo.
- Communications: When you contact us via email, contact forms, or chat, we collect the content of your messages, your email address, and any attachments you provide.
- User Content: Text, images, and other content you input into presentations using our Editor.
1.2 Information Collected Automatically
When you access the Service, we automatically collect certain information:
- Usage Data: Pages visited, features used, slides browsed, presentations created, exports made, time spent on the platform, and interaction patterns.
- Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
- Log Data: IP address, access timestamps, referring/exit URLs, and server logs.
- Cookies and Similar Technologies: We use cookies, pixels, and similar tracking technologies as described in Section 5.
1.3 Information from Third Parties
We may receive information about you from third-party sources, including: social login providers (Google) when you choose to authenticate through them, payment processor (Stripe) for transaction confirmations and fraud prevention, and analytics providers that help us understand how users interact with the Service.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery and Operations
- To create and manage your account.
- To process Subscriptions, payments, and billing.
- To provide access to Content, features, and functionality based on your plan.
- To track and enforce Export limits associated with your plan.
- To provide customer support and respond to your inquiries.
2.2 Service Improvement
- To analyze usage patterns and optimize the user experience.
- To identify and fix technical issues, bugs, and errors.
- To develop new features, products, and services.
- To conduct internal research and analytics.
2.3 Communications
- Transactional Emails: Account confirmations, password resets, billing receipts, subscription reminders, and service updates. These are essential for service operation and cannot be opted out of.
- Marketing Emails: Product updates, tips, promotions, and newsletters. You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or by updating your email preferences in your account settings.
- Behavioral Emails: Automated emails triggered by your activity (or inactivity) on the platform, such as onboarding guidance, feature recommendations, and re-engagement messages. These may be opted out of through your email preferences.
2.4 Security and Fraud Prevention
- To detect, prevent, and address fraud, abuse, and security threats.
- To enforce our Terms of Service and other policies.
- To protect the rights, property, and safety of Choladeck and our users.
2.5 Legal Compliance
- To comply with applicable laws, regulations, and legal processes.
- To respond to lawful requests from government authorities.
- To support dispute resolution, including chargeback investigations.
3. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who assist us in operating the Service. These providers are contractually obligated to use your data only for the purposes we specify and in accordance with this Policy.
| Provider | Purpose | Data Shared |
| Stripe | Payment processing | Billing info, transaction data, email |
| Klaviyo | Email marketing & automation | Email, name, usage activity, subscription status |
| Google Analytics | Website analytics | Usage data, device info, anonymized IP |
| Meta (Facebook/Instagram) | Advertising & conversion tracking | Pixel data, hashed email (for custom audiences), browsing activity on our site |
| Hosting Provider | Infrastructure & hosting | All data processed through our servers |
| Customer Support Tools | Help desk & live chat | Name, email, support communications |
3.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests by public authorities, including to meet national security or law enforcement requirements.
3.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.
3.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
3.5 Aggregated or Anonymized Data
We may share aggregated or anonymized data that cannot reasonably be used to identify you for research, analytics, or marketing purposes.
4. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specifically:
- Active Accounts: We retain your information for the duration of your account’s existence.
- Closed Accounts: We retain core account data (name, email, transaction history) for up to 3 years after account closure for legal, tax, and dispute resolution purposes.
- Billing Records: Transaction records are retained for up to 7 years to comply with financial record-keeping requirements.
- Marketing Data: If you unsubscribe from marketing communications, we retain your email on our suppression list to ensure we honor your opt-out preference.
- Log Data: Server logs and usage data are retained for up to 12 months for analytics and security purposes.
After the applicable retention period, data is securely deleted or anonymized so that it can no longer be associated with you.
5. Cookies and Tracking Technologies
5.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help us recognize your browser, remember your preferences, and understand how you use the Service.
5.2 Types of Cookies We Use
- Essential Cookies: Required for the Service to function properly (authentication, session management, security). These cannot be disabled.
- Analytics Cookies: Help us understand how users interact with the Service (Google Analytics). These collect anonymized usage data.
- Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (Meta Pixel). These track your browsing activity on our site.
- Preference Cookies: Remember your settings and preferences (theme selections, language, editor preferences).
5.3 Managing Cookies
You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, blocking essential cookies may affect the functionality of the Service. For marketing cookies, you can also opt out through: the Meta opt-out tool at facebook.com/ads/preferences, the Google Analytics opt-out browser add-on, or the Network Advertising Initiative opt-out page.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL.
- Secure payment processing through PCI-DSS compliant Stripe infrastructure.
- Regular security assessments and vulnerability monitoring.
- Access controls limiting employee access to personal data on a need-to-know basis.
- Regular backups and disaster recovery procedures.
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
7. Your Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Opt-Out of Marketing: Unsubscribe from marketing communications at any time.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.
7.2 European Economic Area (EEA) and UK Residents – GDPR
If you are in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR), including the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority. Our legal bases for processing include: contract performance (to provide the Service), legitimate interests (analytics, security, fraud prevention), consent (marketing communications), and legal obligations (tax, regulatory compliance).
7.3 California Residents – CCPA/CPRA
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the “sale” or “sharing” of personal information (note: we do not sell personal information); and not be discriminated against for exercising your privacy rights.
7.4 Malaysian Residents – PDPA
Under Malaysia’s Personal Data Protection Act 2010 (PDPA), you have the right to access your personal data, correct inaccurate data, and withdraw consent for processing. We process your personal data in accordance with the PDPA and the principles set out therein.
7.5 Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including countries where our service providers operate. These countries may have different data protection laws than your jurisdiction. Where we transfer data internationally, we implement appropriate safeguards including contractual commitments from our service providers to protect your information in accordance with this Policy and applicable data protection laws.
9. Children’s Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
10. Third-Party Links and Services
The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.
11. Do Not Track Signals
Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals, but you can manage your tracking preferences through the cookie management options described in Section 5.3.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated Policy on our website and, where appropriate, by sending an email notification at least 30 days before changes take effect. The “Last Updated” date at the top of this Policy indicates when the most recent changes were made. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy & Data Inquiries: [email protected] (include “Privacy Request” in the subject line)
Customer Support: [email protected]
Website: https://choladeck.com/contact-us
Data Protection Requests: Please include “Data Request” in the subject line of your email.
We aim to respond to all privacy-related inquiries within 30 days.
