Introduction
Photon (“Company,” “we,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use the Photon platform, the Spectrum Dashboard, APIs, and all related services (the “Service”).
By using the Service, you agree to the practices described in this Privacy Policy. This policy should be read alongside our Terms of Service.
Information We Collect
We collect information in the following categories:
Information You Provide
- Account information
- Name, email address, and password when you create an account
- Profile information
- Organization name, team details, and other optional profile data
- Payment information
- Billing address and payment method details, processed by our third-party payment processors
- Communications
- Information you provide when contacting support or giving feedback
- User content
- Agent configurations, templates, and other content you create through the Service
Information Collected Automatically
- Usage data
- Pages visited, features used, actions taken, timestamps, and interaction patterns
- Device information
- Browser type, operating system, device identifiers, and screen resolution
- Network data
- IP address, approximate location (city/region), referring URL, and ISP
- Log data
- API call logs, error reports, and performance metrics
Information from Third Parties
- OAuth providers
- If you sign in via Google or another provider, we receive your name, email, and profile picture as permitted by the provider
- Analytics partners
- Aggregated or de-identified data from analytics and advertising partners
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your identity and manage your account
- Process transactions and send related billing notifications
- Send transactional communications, including security alerts and account updates
- Respond to your inquiries, support requests, and feedback
- Analyze usage patterns to improve the Service, fix bugs, and develop new features
- Detect, prevent, and address security issues, fraud, and abuse
- Comply with legal obligations and enforce our Terms of Service
- Send marketing communications where you have opted in (you may opt out at any time)
Legal Bases for Processing
Where applicable (including under the GDPR), we process personal data based on the following legal bases:
- Contract performance
- Processing necessary to provide the Service you requested
- Legitimate interests
- Processing for our legitimate business purposes, such as security, analytics, and service improvement, balanced against your rights
- Consent
- Where you have given explicit consent, such as for marketing communications
- Legal obligation
- Processing required to comply with applicable laws and regulations
Information Sharing & Disclosure
We do not sell your personal information. We may share information in the following circumstances:
- Service providers
- With trusted vendors who assist in operating the Service (e.g., cloud hosting, payment processing, email delivery, analytics), bound by contractual obligations to protect your data
- Within your organization
- If you use the Service as part of a team or organization, other members may see your profile and activity within that workspace
- Legal requirements
- When required by law, legal process, or government request, or to protect the rights, property, or safety of Photon, our users, or the public
- Business transfers
- In connection with a merger, acquisition, reorganization, or sale of assets, where your data may be transferred to the successor entity
- With your consent
- When you explicitly authorize us to share your information for a specific purpose
Data Security
We implement industry-standard technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit (TLS) and at rest
- Regular security assessments and penetration testing
- Access controls and principle of least privilege
- Secure development practices and code review
- Incident response and breach notification procedures
While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as your account is active or as necessary to provide the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes, enforcing agreements).
Usage logs and analytics data may be retained in aggregated, de-identified form for longer periods.
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Access
- Request a copy of the personal data we hold about you
- Correction
- Request correction of inaccurate or incomplete data
- Deletion
- Request deletion of your personal data, subject to legal exceptions
- Portability
- Request your data in a structured, machine-readable format
- Restriction
- Request restriction of processing in certain circumstances
- Objection
- Object to processing based on legitimate interests or direct marketing
- Withdraw consent
- Where processing is based on consent, withdraw at any time without affecting prior processing
To exercise any of these rights, contact us at [email protected] or . We will respond within 30 days.
California Residents (CCPA/CPRA)
California residents have the right to know what personal information is collected, request its deletion, opt out of the sale of personal information (we do not sell personal data), and not be discriminated against for exercising these rights.
EEA/UK Residents (GDPR)
If you are in the European Economic Area or United Kingdom, you have the rights listed above and may also lodge a complaint with your local data protection authority.
Cookies & Tracking Technologies
We use the following types of cookies and similar technologies:
- Essential cookies
- Required for authentication, security, and basic functionality. These cannot be disabled.
- Analytics cookies
- Help us understand how you use the Service so we can improve it. You may opt out through your browser settings.
- Preference cookies
- Store your settings and preferences for a better experience.
You can manage cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use parts of the Service.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.
Where we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on an adequacy decision.
Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete the information.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. The “Last updated” date at the top reflects the most recent revision.
Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at [email protected].