Privacy Policy

• Account and identity information: name, email address, username, password (stored in hashed form), and profile details you choose to provide.
• Billing and payment information: payment card details, billing address, and transaction history. All payment card data is processed and stored solely by Stripe, Inc., our PCI-DSS-compliant payment processor. We do not store full card numbers or CVV codes on our systems.
• User-generated content: prompts, instructions, application configurations, workflow definitions, templates, and all other content you submit to or generate through the Services ("User Content").
• Communications: messages you send us via support channels, email, or feedback forms, including their content and metadata.
• Business information: company name, website, and other professional information you provide when registering or using business-facing features.

When you access or use the Services, we and our service providers automatically collect certain technical and usage information:

• Log and network data: IP address, request timestamps, HTTP method and status codes, browser type and version, operating system, and referring URLs.
• Usage and interaction data: features accessed, pages viewed, actions taken, session duration, click paths, error logs, and interaction patterns with AI-powered features.
• Device information: hardware model, operating system version, unique device identifiers, and mobile network information (where applicable).
• Cookies and similar technologies: we use session cookies, persistent cookies, local storage, and similar technologies for authentication, preference storage, analytics, and security. See Section 12 for more detail.
• Performance data: crash reports, latency metrics, and diagnostic information used to maintain and improve the Services.

We may receive information about you from third-party sources, including: (a) authentication providers such as Google OAuth, if you choose to sign in via a third-party identity provider; (b) payment processors, such as Stripe, Inc., regarding transaction status and fraud signals; (c) third-party services you connect to your Rocketship account, such as CRM platforms, email providers, and calendar services; and (d) publicly available sources and data enrichment providers used in connection with lead generation features. We combine this information with data we collect directly to provide, personalize, and improve the Services.

When you use AI-powered features, we collect the prompts, instructions, and context you submit ("AI Inputs"), as well as the outputs generated in response ("AI Outputs"). AI Inputs may be transmitted to third-party AI model providers as described in Section 3. You are solely responsible for ensuring that AI Inputs do not contain sensitive personal data (such as health information, government ID numbers, or financial account numbers) unless you have an appropriate legal basis for processing and transmitting such data.

• Gmail (send): Used solely to send outreach emails on behalf of the user who connected their Google account. Emails are sent from the user's own Gmail address. We do not compose or send emails without the user's explicit activation of the email outreach feature.
• Gmail (read): Used solely to read replies to outreach emails sent by the platform, in order to classify lead responses (e.g., interested, not interested, proposed meeting time). We do not read, store, or process any Gmail messages beyond replies to emails sent through our platform.
• Google Calendar: Used solely to check the user's calendar availability and to create meeting invitations on behalf of the user. We do not read, modify, or delete any calendar events not created by our platform.
• User info (email): Used to identify the connected Google account and display the associated email address in the application interface.

OAuth refresh tokens are encrypted using AES-256 encryption before storage. Tokens are stored in Google Cloud Firestore, hosted on Google's infrastructure. We do not store Gmail message content beyond reply classification results (e.g., "interested" or "not interested") and a truncated excerpt (maximum 2,000 characters) used to provide context in the lead management interface. Full email bodies are not retained.

We do not use Google user data for advertising, and we do not transfer Google user data to third parties except as necessary to provide the features the user has explicitly requested. Specifically:

• We do not use Google user data for serving advertisements.
• We do not sell Google user data to any third party.
• We do not use Google user data to train artificial intelligence or machine learning models, except to classify individual reply messages as described above, using third-party AI model providers (as disclosed in Section 3 of this Policy).
• We do not allow humans to read Google user data unless: (a) the user has given affirmative consent, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

You may disconnect your Google account at any time from the Workers settings page in the Rocketship dashboard. Upon disconnection, we immediately delete the stored OAuth tokens. You may also revoke access from your Google Account permissions page.

We share information with third-party vendors and service providers that perform services on our behalf, including cloud infrastructure and hosting (e.g., Amazon Web Services), payment processing (Stripe, Inc.), analytics platforms, email delivery providers, customer support tools, and security monitoring services. These parties access information only as necessary to perform their functions and are contractually obligated to protect it in accordance with this Policy and applicable law.

As described in Section 3, AI Inputs may be shared with Third-Party AI Model providers to generate AI Outputs. Such sharing is a core operational feature of the Services and is necessary for their functionality.

When you connect third-party services to your Rocketship account (such as Google Calendar, a CRM, or an email platform), you authorize us to share relevant information with those services as necessary to enable the integration. Your use of such third-party services is governed by their own privacy policies and terms of service.

In the event of a merger, acquisition, reorganization, change of control, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity as part of that transaction. We will notify you of any such transfer and any material change in the treatment of your information, to the extent required by applicable law.

We may disclose your information to government authorities, law enforcement, regulators, or other third parties when we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, subpoena, court order, or lawful request by public authorities; (b) protect the rights, property, or safety of Rocketship, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service or other agreements.

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, for any purpose including industry research, analytics, and product improvement.

We may share your information for any other purpose with your prior written or electronic consent.

You may access, review, and update your account information at any time through your account settings. You may request deletion of your account by contacting us at support@deployrocketship.com.

You may opt out of receiving marketing emails from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at support@deployrocketship.com. Please note that even after opting out of marketing communications, you will continue to receive transactional and administrative messages necessary to the operation of your account.

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"):

• Right to Know: the right to request disclosure of the categories and specific pieces of personal information we have collected about you, and the purposes for which it is used.
• Right to Delete: the right to request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: we do not sell personal information for monetary consideration. We do not share personal information with third parties for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for purposes beyond those permitted by the CCPA.
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at support@deployrocketship.com. We will respond to verifiable consumer requests within 45 days as required by law.

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have the following rights under the General Data Protection Regulation or applicable national equivalents:

• Right of access to personal data we hold about you;
• Right to rectification of inaccurate or incomplete personal data;
• Right to erasure ("right to be forgotten") in certain circumstances;
• Right to restriction of processing in certain circumstances;
• Right to data portability to receive your data in a structured, machine-readable format;
• Right to object to processing based on legitimate interests or for direct marketing; and
• Rights related to automated decision-making and profiling.

Our legal bases for processing personal data include: contractual necessity (to provide the Services); legitimate interests (security, fraud prevention, and product improvement); legal obligation; and, where required, your consent. To exercise your GDPR rights or to withdraw consent, contact us at support@deployrocketship.com. You also have the right to lodge a complaint with your local supervisory authority.