Privacy Policy

PRIVACY POLICY

Last Updated: April 3, 2026

This Privacy Policy describes how Parsnipp ("we", "us", or "our") collects, uses, and shares your personal information when you use our Service. This policy complies with GDPR (EU), CCPA (California), PIPEDA (Canada), and the Australian Privacy Act.

1. INFORMATION WE COLLECT

Personal Information You Provide:

• Name and email address
• Organization name and domain
• Billing information (processed by Stripe)
• Profile information you choose to provide

Automatically Collected Information:

• IP address and geolocation (for security and export control compliance)
• Browser type and device information
• Usage data and analytics
• Cookies and similar tracking technologies

Information from Third Parties:

• Single sign-on providers (Google, Azure, Okta)
• Payment processors (Stripe)

2. HOW WE USE YOUR INFORMATION

We use your information to:

• Provide, maintain, and improve our Service
• Process payments and prevent fraud
• Send you technical notices and support messages
• Respond to your comments and questions
• Send marketing communications (with your consent)
• Comply with legal obligations
• Enforce export control and sanctions screening

Legal Basis for Processing (GDPR):

• Contract performance
• Legal obligation
• Legitimate interests
• Consent (for marketing)

3. HOW WE SHARE YOUR INFORMATION

We share information with:

• Service providers (hosting, analytics, email)
• Payment processors (Stripe)
• As required by law or legal process
• In connection with a merger or acquisition

We do NOT sell your personal information.

4. YOUR PRIVACY RIGHTS

Under GDPR, CCPA, PIPEDA, and Australian Privacy Act, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (with certain exceptions)
• Export your data in a portable format
• Opt-out of marketing communications
• Withdraw consent
• Object to processing
• Lodge a complaint with a supervisory authority

To exercise these rights, visit your Privacy Settings or contact privacy@parsnipp.com.

California Residents (CCPA):

• Right to Know what personal information is collected
• Right to Delete personal information
• Right to Opt-Out of sale (we don't sell data)
• Right to Non-Discrimination for exercising rights
• Authorized agents may submit requests on your behalf

5. DATA RETENTION

We retain your personal information for as long as your account is active or as needed to provide services. After account deletion, we retain data for:

• 30-day grace period (can be restored)
• 7 years for billing/tax records (legal requirement)
• Anonymized analytics data indefinitely

6. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. We use Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR compliance.

7. SECURITY

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest
• Access controls and authentication
• Regular security audits
• Employee training

8. COOKIES AND TRACKING

We use cookies for:

• Authentication and security
• Preferences and settings
• Analytics and performance
• Marketing (with consent)

You can control cookies through your browser settings. See our Cookie Policy for details.

9. EXPORT CONTROL AND SANCTIONS COMPLIANCE

We comply with U.S. export control laws, including regulations administered by the Office of Foreign Assets Control (OFAC) and the Export Administration Regulations (EAR).

Information Collected for Compliance:

• IP address and geolocation data for country-based access control
• Name information for screening against Specially Designated Nationals (SDN) List
• Account activity and access attempts for audit purposes

Compliance Actions We Take:

• Blocking access from sanctioned countries (Iran, North Korea, Syria, Cuba, Russia, Venezuela, and others as designated by OFAC)
• Screening user names against the OFAC SDN List using automated matching algorithms
• Maintaining records of blocked attempts and flagged accounts for compliance reporting
• Suspending or terminating accounts that match SDN List entries
• Updating sanctions screening data daily from official U.S. government sources

Your Rights Under Sanctions Screening:

• If your account is flagged for sanctions screening, we will review the match manually
• False positives will be cleared and your account restored
• You may contact compliance@parsnipp.com if you believe you've been incorrectly blocked

Retention of Compliance Data:

• Blocked attempt logs: Retained for 2 years for audit purposes
• Sanctions screening results: Retained for the lifetime of the account plus 5 years after closure
• This data is retained even after account deletion to comply with export control recordkeeping requirements

10. CHILDREN'S PRIVACY

Our Service is not directed to children under 16. We do not knowingly collect personal information from children.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our Service.

12. CONTACT US

Privacy questions: privacy@parsnipp.com

Data Protection Officer: dpo@parsnipp.com

GDPR Representative (EU): gdpr-rep@parsnipp.com

Mailing Address:

Parsnipp Privacy Team

[Address to be added]

Supervisory Authority (GDPR):

You may lodge a complaint with your local data protection authority.