Privacy Policy

1.1 Personal Information You Provide to Us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in our products and Services, or otherwise contact us. This may include:

• Names, phone numbers, email addresses, usernames, and passwords.
• Contact preferences and website address.
• Payment instrument details (processed and stored by Stripe — see stripe.com/nz/privacy).
• Social media login data if you choose to register using a social media account (see Section 7).

1.2 Sensitive Information

1.3 Information Collected Automatically

We automatically collect certain information when you visit, use, or navigate the Services:

• Log and usage data: IP address, browser type, device information, operating system, language preferences, referring URLs, and information about how and when you use the Services.
• Mobile device data: Device ID, model, manufacturer, operating system version, phone network, and unique device identifiers if you use our mobile application.
• Device permissions data: Where you grant access, we may collect data from your device’s camera, microphone, bluetooth, and calendar features to enable video calls, audio calls, and calendar integrations.
• Push notification data: Where you have granted permission, we may send push notifications regarding your account. You may turn these off in your device’s settings at any time.

1.4 Information Collected from Other Sources

To enhance our ability to provide relevant marketing and services, we may collect limited data from public databases, joint marketing partners, affiliate programmes, data providers, and social media platforms. This may include mailing addresses, job titles, email addresses, phone numbers, intent data, IP addresses, social media profiles, and custom profiles, for purposes of targeted advertising and marketing.

1.5 Visitor Data Collected on Behalf of Customers

When a Customer installs the Knock Knock tracking script on their website, we collect data about that Customer’s website visitors on behalf of the Customer (as Data Processor). This includes IP addresses, behavioural data (pages visited, time on site, referral source, device type), and — where technically possible — company or individual-level identification data. See Section 8 for full detail on visitor identification technology.

We process your personal information for the following purposes:

• To facilitate account creation and authentication and otherwise manage user accounts.
• To deliver and facilitate delivery of services to you.
• To respond to your enquiries and offer support.
• To send administrative information, including product and service updates and changes to our terms and policies.
• To fulfil and manage your orders, payments, and subscriptions.
• To enable user-to-user and visitor-to-business communications through the platform.
• To request feedback and to contact you about your use of our Services.
• To send you marketing and promotional communications (where you have not opted out).
• To protect our Services through fraud monitoring and prevention.
• To identify usage trends and improve the platform.
• To determine the effectiveness of our marketing and promotional campaigns.
• To save or protect an individual’s vital interest, such as to prevent harm.
• To enable AI-powered features including AI voice agents, AI chat agents, and AI auto-connect tools.

3.1 EU and UK (GDPR / UK GDPR)

We rely on the following legal bases to process your personal information:

3.2 Canada (PIPEDA)

If you are located in Canada, we may process your information where you have given us specific permission (express consent) or where your permission can be inferred (implied consent). You may withdraw consent at any time. In exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including for fraud detection and prevention, business transactions, compliance with a court order, or where the information is publicly available.

We do not sell your personal data. We may share your personal information in the following situations:

• Service Providers: We share data with trusted third-party vendors (including cloud infrastructure, payment processing via Stripe, analytics via Google Analytics, and customer support tools) under written contracts that protect your data.
• AI Service Providers: We use third-party AI providers including OpenAI to power our AI-based features. Your input, output, and relevant personal information may be processed by these providers solely to enable the AI functionality you use. These providers are bound by their own privacy policies and our data processing agreements.
• Data Intelligence Providers: We work with third-party data providers to power visitor identification. These providers operate independent, permissioned data networks and have their own privacy policies and opt-out mechanisms.
• Business Partners: We may share your information with business partners to offer you certain products, services, or promotions.
• Affiliates: We may share your information with our affiliates, requiring those affiliates to honour this Privacy Policy.
• Agency Partners: If you are a Sub-Account under an Agency Partner’s portal, the Agency Partner may access your account data for the purpose of managing and supporting your account.
• Legal Disclosures: We may disclose data where required by law, court order, or regulatory authority, or to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity. We will notify you of any such change.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services.

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies, though this could affect certain features or services. You can manage cookie preferences via the consent banner on our website.

As part of our Services, we offer products, features, and tools powered by artificial intelligence, machine learning, or similar technologies (collectively, “AI Products”). Our AI Products include:

• AI Voice Agents — automated voice-based engagement with website visitors.
• AI Chat Agents — intelligent chat assistants that engage visitors in real time.
• AI Auto-Connect Agents — automated lead connection and routing tools.
• Lead Scoring — AI-powered intent scoring and visitor qualification.

Our Services offer you the ability to register and log in using your third-party social media account details (such as your Facebook or X / Twitter account). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such social media platform.

We will use the information we receive only for the purposes described in this Privacy Policy. We do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.

8.1 What Happens When You Install Our Script

When a Customer installs the Knock Knock tracking script on their website, the script captures IP address and device signals from each website visitor. This information is cross-referenced against reverse IP lookup databases (which map IP ranges to company names and locations) and third-party permissioned publisher networks (where individuals have previously identified themselves in business contexts and are identifiable when they visit participating websites).

8.2 What Data Is Returned

We do not deliberately build or maintain a profile of EU or UK residents for individual-level identification. Where an individual-level match occurs for EU/UK traffic, it is because the visitor has previously opted into a globally permissioned publisher network.

8.3 Customer Responsibility

8.4 Opt-Out

Individuals who wish to opt out of identification by our data provider’s network may do so. Contact privacy@knockknockapp.ai for the current opt-out URL.

Knock Knock App Limited is based in New Zealand, which has been recognised as providing adequate data protection by relevant international standards. Our servers are located in Australia. If you are accessing our Services from outside Australia or New Zealand, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of third parties with whom we share your personal information.

Where personal data is transferred from the EEA or UK to countries that may not have equivalent data protection laws, we take steps to ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission. Our SCCs can be provided upon request by contacting privacy@knockknockapp.ai.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@knockknockapp.ai.

13.1 General Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Right of Access — to request a copy of the personal data we hold about you.
• Right to Rectification — to correct inaccurate or incomplete data.
• Right to Erasure — to request deletion of your data.
• Right to Restriction — to limit how we use your data in certain circumstances.
• Right to Data Portability — to receive your data in a structured, machine-readable format.
• Right to Object — to object to processing based on Legitimate Interests, including for direct marketing.
• Right to Withdraw Consent — where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.
• Rights related to Automated Decision-Making — to not be subject to decisions made solely by automated means that significantly affect you. If such a decision is made, we will inform you, explain the main factors, and offer a simple way to request human review.

To exercise any of these rights, contact us at privacy@knockknockapp.ai or visit knockknockapp.ai. We will respond within 30 days (or the timeframe required by Applicable Law) and may ask you to verify your identity before processing your request.

13.2 Supervisory Authorities

If you believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your relevant supervisory authority:

• EU: Your national Data Protection Authority.
• UK: The Information Commissioner’s Office (ICO).
• Switzerland: The Federal Data Protection and Information Commissioner.
• Australia: The Office of the Australian Information Commissioner.
• New Zealand: The Office of the Privacy Commissioner.

13.3 Opting Out of Marketing

You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails that we send, or by contacting us. We may still communicate with you for service-related purposes necessary for the administration and use of your account.

13.4 Account Information

If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, and comply with applicable legal requirements.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time.

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights regarding your personal information.

15.1 Categories of Personal Information Collected (Past 12 Months)

We will use and retain the collected personal information as needed to provide the Services: Category B — as long as the user has an account with us; Category F — as long as the user has an account with us. We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information belonging to website visitors, users, and other consumers.

15.2 Your Rights

• Right to know whether or not we are processing your personal data.
• Right to access your personal data.
• Right to correct inaccuracies in your personal data.
• Right to request the deletion of your personal data.
• Right to obtain a copy of the personal data you previously shared with us.
• Right to non-discrimination for exercising your rights.
• Right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
• Right to access the categories of personal data being processed (where permitted by applicable law, including Minnesota).
• Right to obtain a list of the categories of third parties to which we have disclosed personal data (where permitted by applicable law, including California, Delaware, and Maryland).
• Right to limit use and disclosure of sensitive personal data (where permitted by applicable law, including California).

15.3 How to Exercise Your Rights

To exercise these rights, you can contact us by visiting knockknockapp.ai, by emailing privacy@knockknockapp.ai, or by referring to the contact details in Section 18. Under certain US state data protection laws, you can designate an authorised agent to make a request on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf.

15.4 Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. If we cannot verify your identity from information already maintained by us, we may request additional information for verification and security purposes.

15.5 Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing privacy@knockknockapp.ai. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

15.6 California “Shine The Light” Law

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to privacy@knockknockapp.ai.

We collect and process your personal information under the obligations and conditions set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020. This Privacy Policy satisfies the notice requirements defined in both Privacy Acts.

If you do not wish to provide the personal information necessary to fulfil their applicable purpose, it may affect our ability to: offer you the products or services that you want; respond to or help with your requests; manage your account with us; or confirm your identity and protect your account.

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the contact details provided in Section 18.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint:

• Australia: To the Office of the Australian Information Commissioner.
• New Zealand: To the Office of the Privacy Commissioner.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be indicated by an updated effective date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to stay informed of how we are protecting your information.

If you have questions or comments about this Privacy Policy, please contact us:

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

To request to review, update, or delete your personal information, please visit knockknockapp.ai or contact us at privacy@knockknockapp.ai. We will consider and act upon any request in accordance with applicable data protection laws.