Photon

Legal / Privacy

Privacy Policy

Last updated · March 18, 2026

Introduction

Photon (“Company,” “we,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use the Photon platform, the Spectrum Dashboard, APIs, and all related services (the “Service”).

By using the Service, you agree to the practices described in this Privacy Policy. This policy should be read alongside our Terms of Service.

Information We Collect

We collect information in the following categories:

Information You Provide

Account information
Name, email address, and password when you create an account
Profile information
Organization name, team details, and other optional profile data
Payment information
Billing address and payment method details, processed by our third-party payment processors
Communications
Information you provide when contacting support or giving feedback
User content
Agent configurations, templates, and other content you create through the Service

Information Collected Automatically

Usage data
Pages visited, features used, actions taken, timestamps, and interaction patterns
Device information
Browser type, operating system, device identifiers, and screen resolution
Network data
IP address, approximate location (city/region), referring URL, and ISP
Log data
API call logs, error reports, and performance metrics

Information from Third Parties

OAuth providers
If you sign in via Google or another provider, we receive your name, email, and profile picture as permitted by the provider
Analytics partners
Aggregated or de-identified data from analytics and advertising partners

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process transactions and send related billing notifications
  • Send transactional communications, including security alerts and account updates
  • Respond to your inquiries, support requests, and feedback
  • Analyze usage patterns to improve the Service, fix bugs, and develop new features
  • Detect, prevent, and address security issues, fraud, and abuse
  • Comply with legal obligations and enforce our Terms of Service
  • Send marketing communications where you have opted in (you may opt out at any time)

Information Sharing & Disclosure

We do not sell your personal information. We may share information in the following circumstances:

Service providers
With trusted vendors who assist in operating the Service (e.g., cloud hosting, payment processing, email delivery, analytics), bound by contractual obligations to protect your data
Within your organization
If you use the Service as part of a team or organization, other members may see your profile and activity within that workspace
Legal requirements
When required by law, legal process, or government request, or to protect the rights, property, or safety of Photon, our users, or the public
Business transfers
In connection with a merger, acquisition, reorganization, or sale of assets, where your data may be transferred to the successor entity
With your consent
When you explicitly authorize us to share your information for a specific purpose

Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • Regular security assessments and penetration testing
  • Access controls and principle of least privilege
  • Secure development practices and code review
  • Incident response and breach notification procedures

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes, enforcing agreements).

Usage logs and analytics data may be retained in aggregated, de-identified form for longer periods.

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

Access
Request a copy of the personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your personal data, subject to legal exceptions
Portability
Request your data in a structured, machine-readable format
Restriction
Request restriction of processing in certain circumstances
Objection
Object to processing based on legitimate interests or direct marketing
Withdraw consent
Where processing is based on consent, withdraw at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected] or . We will respond within 30 days.

California Residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, request its deletion, opt out of the sale of personal information (we do not sell personal data), and not be discriminated against for exercising these rights.

EEA/UK Residents (GDPR)

If you are in the European Economic Area or United Kingdom, you have the rights listed above and may also lodge a complaint with your local data protection authority.

Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

Essential cookies
Required for authentication, security, and basic functionality. These cannot be disabled.
Analytics cookies
Help us understand how you use the Service so we can improve it. You may opt out through your browser settings.
Preference cookies
Store your settings and preferences for a better experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use parts of the Service.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

Where we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on an adequacy decision.

Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete the information.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. The “Last updated” date at the top reflects the most recent revision.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at [email protected].