PRIVACY POLICY

Privacy Policy

CoolBiz®

Effective Date: May 19, 2026

Welcome to the CoolBiz® Privacy Policy. This policy explains how CoolBiz® Inc, doing business as CoolBiz® ("CoolBiz®"), collects, uses, protects, and manages your personal data through our services, including websites, subdomains, and software applications at coolbiz.ai. By accessing or using these services, you agree to this Privacy Policy. Please read it carefully. This Privacy Policy should be read alongside our Terms of Service and Refund Policy, each as in effect from time to time, which are incorporated by reference and form an integral part of this agreement.

1. Company Overview

CoolBiz® provides the following categories of services:

Primary Services: Subscription-based Software-as-a-Service (SaaS) products. The current portfolio of active and forthcoming subscription products is published on the Products page at coolbiz.ai. As new products are launched, they are added to that page, and their respective subscription Terms of Service are made available at the product's subdomain.

Secondary Services: Selective custom software development engagements, accepted at CoolBiz®'s sole discretion on a project-by-project basis, governed by individual written contracts. Engagements may include integrated website development, mobile or smartphone application development for any commercially available or future mobile operating system (including, without limitation, Apple iOS, Google Android, and any other present or future mobile operating system), licensing of CoolBiz®'s proprietary or patented technology, and hardware or physical-product integration.

2. Definitions and Scope

For this Privacy Policy:

Services: All products, features, and functionalities provided by CoolBiz®, including (a) any subscription-based SaaS product currently or hereafter published on the Products page at coolbiz.ai; and (b) selective custom software development engagements undertaken on a project-by-project basis under individually negotiated contracts.

User: Any individual or entity accessing or using the Services, whether under a free trial, paid subscription, custom development engagement, or other authorized interaction.

Content: All data, text, graphics, media, and other materials submitted, posted, or displayed through the Services.

Personal Data: Any information that can be used to identify an individual, as defined by applicable privacy laws.

Subscriber: Any individual or entity with an active paid subscription to any CoolBiz® subscription product.

Agency: Any business entity authorized to resell or manage CoolBiz® subscription services on behalf of their clients.

Affiliate: Any individual or entity participating in the CoolBiz® Affiliate Program who promotes our Services in exchange for commissions.

3. Data Collection and Processing

We collect various types of data to provide and improve our Services:

Personal Information: When you subscribe to or use our Services, we collect names, email addresses, phone numbers, contact details, authentication credentials, billing information, payment details (processed through CoolBiz®'s designated payment processor(s), which currently include Stripe and may from time to time include other processors, invoicing platforms, Automated Clearing House (ACH) providers, direct bank-transfer arrangements, or other lawful payment methods CoolBiz® elects to support), and relevant business information, including for Agencies and their clients.

Technical Data: IP addresses, device information, browser agent strings, browser type and settings, operating system details, timestamps and access logs, performance analytics, and diagnostic data. We also collect technical data through website forms for security and spam detection.

Usage Data: Session logs, interaction history, feature utilization statistics, system performance metrics, error reports, debugging information, and communication logs, including chatbot responses and user input.

Engagement Intake Information: For custom software development engagements, we collect information you provide in connection with the scoping and contracting process, including project requirements, organizational details, and contact information for individuals authorized to bind your organization.

Contract Information: Digital signatures, executed engagement contracts, milestone records, and, where applicable, royalty payment records.

Collection Methods: Data is collected through direct user input during account registration, automated system logging, integration with third-party services, tracking technologies, and user feedback or support interactions.

Tracking Technologies: We may use tracking technologies, including pixels and tags from third-party platforms (such as Google, Meta/Facebook, Pinterest, LinkedIn, TikTok, and X/Twitter) to measure website traffic and usage, build audiences for advertising purposes, deliver relevant advertisements on third-party platforms, and analyze the effectiveness of our marketing campaigns. You can opt out of personalized advertising through each platform's ad settings or through industry opt-out tools such as the Digital Advertising Alliance (optout.aboutads.info).

4. Use of Data

We use the data collected for a variety of essential purposes:

Primary Purposes: Delivering, operating, and improving our SaaS products and custom software development engagements; managing engagement contracts, milestones, and (where applicable) royalty obligations; processing subscription and milestone payments through our designated payment processor(s); ensuring platform and engagement security through performance monitoring and fraud prevention; providing customer and engagement support; and communicating service and engagement updates.

Marketing and Communications: We may process personal data to send marketing communications, including promotional content and affiliate marketing offers, but only with user consent obtained through explicit opt-in mechanisms. Users can manage their marketing communication preferences at any time through their account settings or by contacting us directly.

Processing Limitations: Data is processed solely for documented purposes; chatbot interactions are not used for external AI training without subscriber consent; no behavioral profiling or automated decision-making is performed; personal information is never sold.

5. Data Security and Protection

Infrastructure Security: Our CoolBiz® subscription products are hosted on subdomains of our parent website and operate on enterprise-grade cloud infrastructure. We utilize a multi-layered security architecture with encryption applied both at rest and in transit. Our systems undergo regular security assessments and penetration testing, with continuous monitoring for potential threats. Access controls are strictly role-based. All activities are tracked through comprehensive audit logging.

Breach Response Protocol: In the event of a potential data breach, we initiate an immediate investigation to assess the scope and impact. Affected parties are notified without undue delay, and reports are submitted to regulatory authorities as required by law.

6. Regulatory Compliance

CoolBiz® supports compliance with numerous federal, state, and international data-protection regulatory frameworks. Detailed framework coverage is set forth in the subscription-product-specific Privacy Policy for each CoolBiz® product (each, as in effect from time to time and available at the applicable subdomain). Three categories of agreement govern CoolBiz® data processing relationships:

Business Associate Agreement (BAA) — required for HIPAA-covered processing.

Data Processing Agreement (DPA) — required for GDPR, UK GDPR, and FADP-covered processing.

Terms of Service — all other frameworks worldwide are covered under CoolBiz® Terms of Service, accepted at account creation.

Vertical Pro Tier framework. CoolBiz® offers vertical-specific add-on tiers (Healthcare-Pro, Legal-Pro, Finance-Pro, and any future tier) that enable specialized regulated-industry functionality, governed by the BAA, DPA, and/or applicable industry-specific addenda as set forth in the Terms of Service and the applicable subscription-product policies.

CoolBiz® does not support FERPA or COPPA compliance. Subscribers are prohibited from collecting or processing data from individuals under 18.

7. Data Retention and Deletion

Standard retention periods:

Chat Data: Standard 30-day retention for chatbot conversation logs.

Compliance Data: Minimum 7-year retention for regulatory compliance.

Custom Retention Periods: Applied based on applicable legal and operational requirements.

Audit Results (SOX Compliance): Retained for at least 7 years.

Payment Data: Retained as required for financial reconciliation and regulatory compliance.

Custom Software Development Engagement Data Retention: Project files, source repositories, design artifacts, and collaboration records associated with a custom development engagement are retained for the period specified in the project contract or, where no contract-specific term applies, deleted within thirty (30) days following formal project closure. Where the engagement includes a licensing or royalty component, records necessary to administer that license (e.g., usage logs, royalty calculations, audit records) are retained for the duration of the license plus seven (7) years for tax, accounting, and audit purposes. Project-specific contract terms override the defaults above where a conflict exists.

Deletion procedures include user-initiated requests, automated deletion after retention period expiry, secure wiping protocols, verification of deletion, and documentation of deletion for transparency.

8. User Rights, Controls, and Opt-Out Policies

Users have the right to:

Access their personal data.

Request corrections or modifications.

Delete their data, subject to legal and operational requirements.

Request data portability and restrict processing.

Affiliate Tracking: For affiliate marketing purposes, we use permanent affiliate links that record a unique, anonymized identifier and the referring affiliate link. No cookies are used for affiliate tracking. This ensures affiliates receive accurate referral credit without collecting personal information.

Opt-In and Opt-Out Policies: Explicit consent is required for email and SMS communications. Users can opt out via provided links in communications or by contacting support. To exercise these rights, contact support@coolbiz.ai or CoolBiz® Headquarters, 1534 Purple Way, Redding, CA 96003.

9. Third-Party Integrations and Client Infrastructure

CoolBiz® integrates with third-party services to support platform functionality, ensure secure transactions, and enhance the functionality of our subscription-based SaaS products and custom software development engagements.

Third-Party Tools and Client Infrastructure for Custom Software Development Engagements

Tooling for each engagement is defined in the project contract and is selected to fit the engagement's scope. Categories of tools commonly engaged include: source control and code review platforms; design and prototyping platforms where the engagement includes a design component; cloud infrastructure providers where CoolBiz® hosts on behalf of the client; communication and notification services where the engagement requires email or SMS infrastructure; payment processing providers; and digital signature services for contract execution.

Engagements with established enterprise-level clients may involve deployment of CoolBiz®-developed or CoolBiz®-licensed components onto client-owned or client-operated infrastructure — including cloud-hosted virtual servers operated by the client (which may run Linux distributions or other operating systems independent of CoolBiz®'s default cloud provider), dedicated on-premises servers, or hybrid environments. Where the engagement contract provides for CoolBiz® ongoing access to such client infrastructure (for example, to validate licensed-component integrity, calculate or audit royalty payments, or perform security verification), CoolBiz®'s data-handling and security practices on that access continue to apply within the scope defined by the engagement contract. Specific tooling, infrastructure access scope, and security controls are disclosed during scoping and reflected in the engagement contract.

Custom Software Development Engagement Integrations (Representative List, Not Exhaustive)

Source control and code review (e.g., GitHub or equivalent).

Design and prototyping (e.g., Figma or equivalent), where the engagement includes a design component.

Cloud infrastructure providers (e.g., Amazon Web Services or equivalent).

Client-operated infrastructure (cloud-hosted virtual servers, on-premises servers, Linux-based or other operating-system installations), governed by the engagement contract.

Communication and notification services (e.g., SendGrid, Twilio, or equivalent).

Payment processing providers (currently including Stripe and any other processors or invoicing platforms CoolBiz® may engage from time to time).

Digital signature services.

Tax compliance providers.

Other third-party platforms and services: CoolBiz® may engage additional third-party platforms and services from time to time in connection with specific engagements as the engagement requires. The current third-party platforms in use for any given engagement are disclosed in the engagement contract or in writing to the client upon reasonable request.

Subscription Product Third-Party Integrations

Each CoolBiz® subscription product engages its own set of third-party integrations, including AI Sub-Processors, vector storage providers, CRM and database integrations, calendar and scheduling providers, authentication providers, and others. The complete list of third-party integrations and AI Sub-Processors for each subscription product is published on the applicable subdomain (for example, the chatbot product publishes its Sub-Processor List at chatbot.coolbiz.ai/subprocessors) and is incorporated by reference into each subscription product's Privacy Policy.

Affiliate Marketing Disclosures

CoolBiz® may participate in affiliate marketing programs, which means we may earn a commission when users purchase products or services through our clearly disclosed affiliate links. These links do not affect the price users pay. Data collected through affiliate links is used solely for performance tracking and commission calculation, in compliance with FTC disclosure requirements.

Data Sharing Limitations

Data sharing is limited to operational necessity. All such data is aggregated, anonymized, or shared only with user consent. We never sell personal information.

10. Communications

Service Communications: Account notifications, security alerts, maintenance updates, compliance notifications, and service announcements. Certain notifications (such as security alerts and compliance-related updates) cannot be disabled.

Client Collaboration on Custom Software Development Engagements: Official communication on an engagement takes place by email to maintain a clear written record. The engagement contract may additionally designate one or more supplementary collaboration channels, which may include Slack, Microsoft Teams, Discord, project trackers, design and prototyping platforms, or any other third-party or custom communication tool the parties mutually agree to use. Feedback, decisions, and other content exchanged in supplementary channels forms part of the engagement record only to the extent expressly specified in the engagement contract; in the event of any conflict between content in a supplementary channel and content in email, email controls unless the engagement contract provides otherwise.

Discord Communications: CoolBiz® operates a Discord server ("CoolBiz® Discord") as a support and community channel for users to file tickets, report issues, receive announcements, and engage with other CoolBiz® subscribers. CoolBiz® may respond to support tickets, community updates, or informal discussions via the CoolBiz® Discord. However, official notifications, legal updates, and support responses are only provided through designated channels, including email and official support forms.

Marketing Communications: Limited promotional content is sent with clear opt-out mechanisms, frequency controls to prevent spam, and content relevance requirements.

11. Audit Logs and Records

We maintain audit logs to ensure security, compliance, and transparency across our website, subdomains, and associated subscription products. Daily Audit Logs are retained for up to 1 year for operational and security purposes. Audit Results from formal audits are retained for at least 7 years to comply with the strictest regulatory requirements, including SOX compliance. Subscribers can request audit logs limited to their own account activity and data.

12. Age Restrictions

CoolBiz® services, including our website, subdomains, and associated subscription products, are intended for individuals aged 18 and older. Subscribers and users are responsible for ensuring their use of our services complies with applicable laws governing minors, such as COPPA, and must avoid collecting or processing data from individuals under 18.

13. Currency and Exchange Rates

All charges, refunds, revenue-share payouts, affiliate commissions, and other monetary transactions are denominated, billed, and paid in United States Dollars (USD), regardless of any default display currency selected by a Subscriber, Agency, or other party. Approximate conversions to other currencies may be displayed using automated exchange-rate data obtained from third-party API providers; such conversions are estimates and are not guarantees of the amount any party will be charged or paid by any third-party financial institution.

14. Modifications, Updates, and Amendments

CoolBiz® reserves the right to update or modify this Privacy Policy as needed to reflect changes in business operations, regulatory requirements, or service offerings. When material changes occur, we will notify users through direct email, in-app or in-platform notifications, and updates to the published Privacy Policy. Unless otherwise specified, all modifications take effect upon posting.

15. Severability and Complete Agreement

If any provision is found invalid, illegal, or unenforceable, that provision shall be severed, and the remaining provisions will continue in full force and effect.

This Privacy Policy, together with our Terms of Service and Refund Policy, each as in effect from time to time, constitutes the entire agreement between you and CoolBiz® regarding the use of our services at coolbiz.ai, including websites, subdomains, and subscription products.

16. Contact Information

For questions or concerns about this Privacy Policy, contact our Privacy Officer at:

Email: support@coolbiz.ai

Address: CoolBiz® Headquarters, 1534 Purple Way, Redding, CA 96003

By using our services, you agree to this Privacy Policy.