Privacy Policy
Last Updated: [Insert Date]
Dottable Inc. (“Dottable,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect information when you access or use our website, applications, dashboards, public directories, creator tools, integrations, and related services (collectively, the “Services”).
This Privacy Policy also explains how Dottable handles data obtained through third-party platform integrations, including Meta, Instagram, Facebook, TikTok, YouTube, Google, and other connected services where applicable.
By using the Services, creating an account, connecting a third-party account, or authorizing an integration, you agree to this Privacy Policy. If you do not agree, you should not use the Services or connect third-party accounts to Dottable.
1. Information We Collect
We collect information in the following ways:
a. Information You Provide Directly
We may collect personal information you provide when you create an account, subscribe to a plan, create a directory, contact us, submit a form, connect a social media account, or otherwise use the Services.
This may include:
Name
Email address
Phone number
Business name
Creator/influencer profile information
Username, handle, profile URL, or public social media profile information
Billing and subscription information
Account login credentials or authentication information
Customer support communications
Business listing details you upload or submit
Reviews, ratings, descriptions, photos, videos, categories, links, and other user-generated content
b. Business and Directory Information
If you use Dottable to create or manage directories, listings, campaigns, or featured placements, we may collect:
Business names
Business addresses
Website links
Reservation links
Delivery links
Social media links
Listing images or videos
Listing categories
Featured listing status
Analytics related to listing performance
Campaign information
Audience interaction data, such as saves, clicks, views, shares, and other engagement events
c. Information Collected Automatically
When you use the Services, we may automatically collect certain technical and usage information, including:
IP address
Browser type
Device type
Operating system
Referring URLs
Pages viewed
Clicks and interactions
Approximate location based on IP address
Session information
Cookies, pixels, and similar tracking technologies
Log files and diagnostic data
d. Payment and Subscription Information
We may collect information related to payments, subscriptions, billing status, and transaction history. Payment card information is generally processed by third-party payment processors, such as Stripe, and we do not store full payment card numbers on our own servers.
e. Third-Party Platform and API Data
If you choose to connect a third-party account or authorize Dottable to access data from a third-party platform, we may collect data permitted by your authorization and by the applicable platform’s API terms and permission scopes.
This may include data from platforms such as:
Meta
TikTok
YouTube
Depending on the integration and the permissions you approve, this data may include:
Account ID or channel ID
Username, handle, profile name, display name, and profile image
Public profile information
Public posts, videos, reels, shorts, captions, thumbnails, media URLs, and metadata
Content performance metrics where permitted
Engagement data where permitted
Authorized media libraries or content selections
Access tokens, refresh tokens, and authorization scopes necessary to provide the integration
Other information made available by the platform API and approved by you
We only request access to platform data that is reasonably necessary to provide the requested Dottable feature, such as helping creators select videos from their social accounts and attach them to Dottable listings.
2. How We Use Your Information
We use the information we collect to provide, operate, maintain, and improve the Services. This includes using information to:
Create and manage user accounts
Provide creator, business, fan, and directory tools
Display public directories and business listings
Allow creators to add, edit, organize, and promote listings
Allow users to save listings or interact with directories
Connect authorized social media accounts
Retrieve authorized content from connected platforms
Allow users to select videos, posts, or media to display in Dottable listings
Process payments and subscriptions
Provide analytics and reporting
Measure listing views, clicks, saves, shares, calls, reservations, delivery clicks, directions clicks, and related engagement
Send service updates, security alerts, account notices, and support messages
Send marketing communications where permitted by law
Detect, prevent, and address fraud, abuse, spam, security incidents, and unauthorized activity
Comply with legal obligations
Enforce our Terms of Service and other agreements
Improve user experience, performance, and product functionality
We do not use third-party platform API data for purposes that are not disclosed in this Privacy Policy or not permitted by the applicable platform terms.
3. Meta, Facebook, and Instagram Data
If you connect a Meta, Facebook, or Instagram account to Dottable, we may access and process only the data you authorize and only as permitted by Meta’s applicable terms, policies, and permission scopes.
This may include:
Facebook Page or Instagram Business/Creator account information
Public profile information
Account username, handle, profile image, and account ID
Authorized media, such as posts, reels, images, videos, captions, thumbnails, and related metadata
Insights or analytics where authorized and permitted
Access tokens necessary to maintain the integration
We use Meta, Facebook, and Instagram data to provide requested Dottable features, such as allowing creators to view, select, and attach social media content to listings or display approved content inside their public directory.
We do not sell Meta Platform Data. We do not use Meta Platform Data for unauthorized advertising, profiling, surveillance, or purposes unrelated to the feature you authorized.
You may disconnect your Meta, Facebook, or Instagram account from Dottable at any time through your Dottable account settings, where available, or by contacting us at [email protected].
You may request deletion of Meta, Facebook, or Instagram data associated with your Dottable account by contacting us at [email protected] or by using any data deletion page or instructions we provide. Meta requires apps to provide users with a clear way to request deletion of their data, and developers must process platform data only as described in their privacy policy.
4. TikTok Data
If you connect your TikTok account to Dottable, we may access and process only the data you authorize and only as permitted by TikTok’s applicable developer terms, guidelines, API documentation, and permission scopes.
This may include:
TikTok account ID
Username, display name, profile image, and public profile information
Authorized videos, captions, thumbnails, metadata, and media information
Engagement or performance metrics where authorized and available
Access tokens necessary to maintain the integration
We use TikTok data to provide requested Dottable features, such as allowing creators to browse or select their TikTok content and attach approved videos to Dottable listings.
We do not sell TikTok user data. We do not share TikTok personally identifiable information with third parties unless you authorize the sharing, it is necessary to provide the Services, or we are legally required to do so.
TikTok developer guidance requires developers to protect user identity and personally identifiable information, follow applicable privacy laws, disclose a privacy policy, and avoid sharing PII without consent.
You may disconnect your TikTok account from Dottable at any time through your Dottable account settings, where available, or by contacting us at [email protected].
You may request deletion of TikTok data associated with your Dottable account by contacting us at [email protected].
5. YouTube and Google API Data
If you connect your YouTube or Google account to Dottable, we may access and process only the data you authorize and only as permitted by the YouTube API Services Terms of Service, YouTube API Services Developer Policies, Google API policies, and applicable permission scopes.
This may include:
YouTube channel ID
Channel name, handle, profile image, and public channel information
Authorized videos, Shorts, captions, thumbnails, metadata, and playlist information
Video statistics or analytics where authorized and permitted
Access tokens and refresh tokens necessary to maintain the integration
We use YouTube API data to provide requested Dottable features, such as allowing creators to select YouTube videos or Shorts and attach them to Dottable listings.
We do not sell YouTube API data. We do not use YouTube API data for unauthorized advertising, unauthorized profiling, surveillance, or any purpose not disclosed in this Privacy Policy.
YouTube API Services require API clients to provide and follow a published privacy policy that clearly and accurately explains what user information is accessed, collected, stored, used, processed, and shared, including use for advertising and sharing with third parties.
YouTube’s developer guidance also states that apps should not violate user privacy, harvest user data, or surveil users, and that users must continue to have control over what happens to their data, including the ability to request deletion.
You may revoke Dottable’s access to your YouTube or Google account through your Dottable account settings, where available, or through your Google account permissions. You may also request deletion of YouTube API data associated with your Dottable account by contacting us at [email protected].
6. Access Tokens and API Credentials
When you connect a third-party account, we may store access tokens, refresh tokens, authorization codes, permissions, and related authentication data needed to operate the integration.
We use this data only to:
Authenticate your connected account
Retrieve data you authorized
Maintain the integration
Refresh access where permitted
Disconnect the integration when requested
Comply with platform requirements
We do not sell access tokens or API credentials. We restrict access to tokens and authentication data to authorized systems and personnel who need access to operate, secure, or support the Services.
7. User-Generated Content and Public Directory Content
Some information you submit to Dottable may be displayed publicly, including:
Public directory pages
Business listings
Listing descriptions
Images
Videos
Social media embeds or linked media
Creator profile information
Public recommendations
Reviews or ratings where applicable
You are responsible for ensuring that you have the necessary rights, permissions, and consents to upload, display, embed, or share any content through Dottable.
If you connect social media content to a Dottable listing, you are responsible for ensuring that your use of that content complies with the applicable platform terms and any third-party rights.
8. How We Share Information
We do not sell your personal information.
We may share information in the following limited circumstances:
a. Service Providers
We may share information with vendors and service providers that help us operate the Services, including hosting providers, analytics providers, payment processors, customer support tools, email providers, SMS providers, database providers, security vendors, and infrastructure providers.
These service providers are authorized to use your information only as necessary to provide services to us or as otherwise permitted by law.
b. Third-Party Integrations Authorized by You
If you connect a third-party account or use an integration, we may share information as necessary to provide the integration you requested.
For example, we may communicate with Meta, TikTok, Google, YouTube, or other platforms to authenticate your account, retrieve authorized data, display content, or maintain integration functionality.
c. Public Display
If you create a public directory or public listing, the information you choose to publish may be visible to visitors of that directory.
d. Legal Compliance and Safety
We may disclose information if required to do so by law or if we believe disclosure is reasonably necessary to:
Comply with legal obligations
Respond to lawful requests
Protect the rights, property, or safety of Dottable, users, or others
Investigate fraud, abuse, or security incidents
Enforce our Terms of Service
e. Business Transfers
We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
f. With Your Consent
We may share information for other purposes with your consent or at your direction.
9. Advertising, Analytics, and Tracking
We may use cookies, pixels, tags, SDKs, and similar technologies to:
Operate the Services
Remember user preferences
Analyze usage and traffic
Improve performance
Measure marketing campaigns
Detect fraud and abuse
Personalize experiences where permitted
We may use analytics tools to understand how users interact with Dottable. We may also use advertising technologies where permitted by law.
Where required, we will obtain consent before using certain cookies or tracking technologies. You can manage cookies through your browser settings, though disabling cookies may affect Service functionality.
We do not use third-party platform API data from Meta, TikTok, or YouTube for advertising purposes unless such use is clearly disclosed, permitted by the applicable platform, and authorized where required.
10. Data Retention
We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
Provide the Services
Maintain your account
Operate connected integrations
Comply with legal obligations
Resolve disputes
Enforce agreements
Prevent fraud and abuse
Maintain business records
When information is no longer needed, we will delete, de-identify, or aggregate it, unless retention is required or permitted by law.
For third-party platform data, we retain the data only as long as needed to provide the authorized feature or as otherwise permitted by the applicable platform terms. If you disconnect an integration or request deletion, we will delete or de-identify applicable platform data unless we are legally required or permitted to retain it.
11. Data Deletion and Account Disconnection
You may request deletion of your personal information or connected platform data by contacting us at:
Your request should include:
Your full name
Your Dottable account email
The platform account you want disconnected or deleted, if applicable
The specific data you want deleted, if applicable
You may also be able to disconnect integrations directly through your Dottable account settings.
When we receive a valid deletion request, we will take reasonable steps to delete or de-identify applicable personal information from active systems, unless we are required or permitted to retain it for legal, security, fraud prevention, accounting, dispute resolution, or compliance purposes.
For Meta-related data deletion requests, Dottable will process deletion requests in accordance with Meta’s applicable data deletion requirements. Meta’s developer documentation describes data deletion callbacks and user deletion request requirements for apps that receive Meta platform data.
12. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These safeguards may include:
Encryption where appropriate
Access controls
Authentication controls
Secure hosting infrastructure
Logging and monitoring
Token access restrictions
Internal access limitations
Security reviews and updates
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect your information using commercially reasonable measures.
13. International Data Transfers
Dottable is based in Canada. Your information may be processed in Canada, the United States, the European Union, the United Kingdom, or other jurisdictions where we or our service providers operate.
If we transfer personal information internationally, we take reasonable steps to protect it in accordance with applicable privacy laws, including through contractual, technical, and organizational safeguards where required.
14. Your Privacy Rights
Depending on where you live, you may have certain privacy rights regarding your personal information.
These may include the right to:
Access personal information we hold about you
Correct inaccurate information
Delete personal information
Withdraw consent
Object to or restrict certain processing
Request data portability
Opt out of certain marketing communications
Opt out of certain sales or sharing of personal information, where applicable
Lodge a complaint with a privacy regulator
To exercise your rights, contact us at:
We may need to verify your identity before responding to your request.
15. Canadian Privacy Rights
As a Canadian company, Dottable handles personal information in accordance with applicable Canadian privacy laws, which may include the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial privacy laws.
Canadian users may request access to, correction of, or deletion of their personal information by contacting us at [email protected].
16. GDPR and UK GDPR Rights
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, you may have additional rights under applicable privacy laws.
Our legal bases for processing personal information may include:
Your consent
Performance of a contract
Compliance with legal obligations
Legitimate interests
Protection of rights and security
You may withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect processing that occurred before withdrawal.
You may also have the right to lodge a complaint with your local data protection authority.
17. California Privacy Rights
If you are a California resident, you may have rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including the right to:
Know what personal information we collect, use, disclose, or share
Request deletion of personal information
Request correction of inaccurate personal information
Opt out of sale or sharing of personal information
Limit use of sensitive personal information where applicable
Not be discriminated against for exercising your rights
We do not sell personal information. If our practices change, we will update this Privacy Policy and provide required notices and opt-out mechanisms.
To exercise California privacy rights, contact us at:
18. Marketing Communications
We may send you marketing emails, product updates, offers, or promotional communications where permitted by law.
You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us at [email protected].
Even if you opt out of marketing communications, we may still send you transactional or service-related messages, such as account notices, billing notices, security alerts, or support communications.
19. Children’s Privacy
The Services are not directed to children under 13 years old or the minimum age required in your jurisdiction.
We do not knowingly collect personal information from children under the applicable minimum age. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information.
If you believe a child has provided personal information to us, contact us at:
20. Third-Party Links and Services
The Services may contain links to third-party websites, apps, platforms, or services, including business websites, reservation platforms, delivery platforms, social media platforms, payment providers, and analytics tools.
We are not responsible for the privacy practices, content, or policies of third-party services. Your use of third-party services is governed by their own privacy policies and terms.
21. Platform Terms and Third-Party API Compliance
When you connect third-party accounts or use integrations involving Meta, Facebook, Instagram, TikTok, YouTube, Google, or other platforms, your use may also be governed by those platforms’ terms, privacy policies, API policies, developer policies, and permission requirements.
Dottable’s access to platform data depends on the permissions you grant and the access approved by each platform. We do not control the privacy practices of those platforms.
We will use third-party API data only as permitted by applicable platform terms and only for the purposes disclosed in this Privacy Policy.
22. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we update it, we will revise the “Last Updated” date above. If changes are material, we may provide additional notice, such as through the Services or by email.
Your continued use of the Services after an updated Privacy Policy is posted means you accept the updated policy.
23. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:
Dottable Inc.
5100 Yonge Street
Toronto, Ontario, Canada
Email: [email protected]