Privacy Policy

1. Introduction

Go2 ("we", "us", "our", or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use Go2 and our related services, websites, and applications (collectively, the "Service").

This Privacy Policy applies to all users of our Service, including visitors, registered users, and customers. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

We process personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

2. Data Controller

For the purposes of data protection laws, Go2 is the data controller for personal data collected through the Service for our own purposes (such as account management and billing).

When you use our Service to create shortened links and collect analytics data, you (or your organization) are the data controller for any personal data of your end users, and we act as a data processor on your behalf. This processing is governed by our Data Processing Agreement.

Contact Information

• Company: Go2
• Email: privacy@go2.gg
• Data Protection Officer: dpo@go2.gg

3. Information We Collect

3.1 Information You Provide Directly

3.2 Information Collected Automatically

3.3 Information from Third Parties

• OAuth Providers: If you sign in with Google or GitHub, we receive your name and email from those services
• Payment Processors: Stripe provides us with payment confirmation and limited card details (last 4 digits)
• Referrals: If someone invites you, we receive your email address from them

4. Lawful Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following lawful bases:

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Providing the Service

• Creating and managing your account
• Processing link creation, customization, and analytics
• Enabling custom domain configuration
• Generating QR codes
• Providing API access

5.2 Improving the Service

• Analyzing usage patterns to improve features
• Conducting A/B testing
• Developing new features based on user needs
• Optimizing performance and reliability

5.3 Communication

• Sending transactional emails (account verification, password reset)
• Providing customer support
• Sending service announcements and updates
• Marketing communications (with consent where required)

5.4 Security and Compliance

• Detecting and preventing fraud and abuse
• Enforcing our Terms of Service and Acceptable Use Policy
• Responding to legal requests
• Complying with applicable laws

6. Sharing of Information

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who help us operate our Service. These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required by law or if we believe disclosure is necessary to:

• Comply with legal obligations or valid legal process
• Protect the rights, property, or safety of Go2, our users, or others
• Enforce our Terms of Service or investigate violations
• Respond to government requests

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6.5 Aggregated Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you (e.g., industry benchmarks, statistical reports).

7. Sub-processors

We use the following third-party sub-processors to help deliver our Service. Each sub-processor has committed to appropriate data protection measures.

For enterprise customers requiring EU data residency, please contact us to discuss available options.

We maintain an up-to-date list of sub-processors and will notify customers of any changes in accordance with our Data Processing Agreement.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

9. Data Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Measures

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, principle of least privilege
• Authentication: Secure password hashing (bcrypt), 2FA support
• Infrastructure: SOC2 Type II compliant hosting providers
• Monitoring: 24/7 security monitoring and alerting

9.2 Organizational Measures

• Regular security training for all employees
• Background checks for employees with data access
• Incident response procedures
• Regular security assessments and penetration testing
• Vendor security reviews

9.3 Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

10. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@go2.gg. We will respond to your request within 30 days (or as required by applicable law).

You may also export your data directly from your account dashboard at any time.

11. GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

11.1 Legal Basis

We only process your personal data when we have a valid legal basis, as described in Section 4 above.

11.2 Data Protection Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en

11.3 Data Protection Officer

Our Data Protection Officer can be reached at dpo@go2.gg.

11.4 Data Processing Agreement

For customers who use our Service to process personal data of individuals in the EEA, our Data Processing Agreement incorporates the Standard Contractual Clauses approved by the European Commission.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

12.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.

12.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing transactions).

12.3 Right to Correct

You have the right to request correction of inaccurate personal information.

12.4 Right to Opt-Out of Sale/Sharing

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

12.5 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge different prices, or provide a different quality of service.

12.6 Exercising Your Rights

To submit a verifiable consumer request, you may:

• Email us at privacy@go2.gg
• Use the data export feature in your account settings

We will verify your identity before processing your request. An authorized agent may submit a request on your behalf with written authorization.

12.7 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, IP address)
• Commercial information (subscription history, payment records)
• Internet activity (browsing history within our Service, interactions)
• Geolocation data (approximate location based on IP)
• Professional information (company name, job title)

13. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

13.1 Transfer Mechanisms

When we transfer data outside the EEA, we ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs): EU Commission-approved contractual clauses
• Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
• Binding Corporate Rules: For transfers within our corporate group (where applicable)

13.2 Data Localization

For Enterprise customers with specific data residency requirements, we offer EU-only data processing options. Please contact us for details.

14. Cookies & Tracking Technologies

We use cookies and similar technologies to provide, protect, and improve our Service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

14.1 Types of Cookies

• Essential Cookies: Required for the Service to function
• Analytics Cookies: Help us understand how you use the Service
• Preference Cookies: Remember your settings and preferences

14.2 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. However, you can control cookies through your browser settings and our cookie consent mechanism.

15. Automated Decision-Making

We use automated systems to help detect and prevent abuse of our Service, including:

• Spam Detection: Automated scanning of links for malicious content
• Fraud Prevention: Pattern analysis to detect fraudulent accounts
• Rate Limiting: Automatic enforcement of usage limits

These automated processes may result in temporary restrictions on your account. If you believe a decision was made in error, you can contact us at hello@go2.gg for human review.

We do not use automated decision-making for decisions that produce legal effects or similarly significantly affect you, without human oversight.

16. Children's Privacy

Our Service is not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@go2.gg.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make changes:

• We will update the "Last updated" date at the top of this page
• For material changes, we will notify you by email or prominent notice in the Service
• We will provide at least 30 days' notice before material changes take effect

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• General inquiries: hello@go2.gg
• Privacy-specific inquiries: privacy@go2.gg
• Data Protection Officer: dpo@go2.gg
• Mailing Address: Go2, Attn: Privacy Team

We aim to respond to all privacy-related inquiries within 30 days.