White-Label GDPR-Compliant Privacy Policy Effective Date: 8/28/2025

Data Controller
This Privacy Policy applies to the processing of personal data by Nolido Solutions, and contactable via support@nolidosolutions.com, in its role as data controller for the white-labeled software platform made available to local business users.

Personal Data Collected
We collect and process the following types of personal data:
- Email address and business information during registration
- Authentication data for login via magic link
- Phone numbers uploaded for SMS campaigns
- Content and metadata of messages sent or received via SMS or chat
- Interaction data with integrations (e.g., social posts, business listings, reviews)
- Technical data (IP address, device type, browser info)
- Support requests submitted through the platform

Legal Bases and Purposes of Processing
Your data is processed for the following purposes under GDPR lawful bases:
- Account creation and access: Contractual necessity
- SMS campaign delivery: Consent (confirmed via checkbox in-app)
- Review requests and chat: Consent
- Business listing and social media integrations: Consent / Contractual necessity
- Analytics and troubleshooting: Legitimate interest
- Marketing communications: Consent or Legitimate interest

Data Recipients and Sub-processors
Your data may be shared with authorized service providers (sub-processors), including:
- Hosting and database infrastructure providers
- SMS delivery providers (e.g., third-party SMS APIs)
- Social media and business integration providers (e.g., Meta, Google)
- Payment processors (if applicable)
- Technical support and infrastructure partners: All sub-processors are contractually bound to comply with GDPR and act only under our instructions.

International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we ensure adequate protection through mechanisms such as Standard Contractual Clauses (SCCs).

Data Retention
We retain personal data for as long as your account is active. Upon account deactivation or at your request, data is securely deleted within a maximum of 12 months, unless required by applicable law to retain it longer.

User Rights
Under the GDPR, you have the right to:
- Access your data
- Correct or update your data
- Request deletion of your data ('right to be forgotten')
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time: To exercise your rights, contact us at support@nolidosolutions.com.

Security Measures
We implement appropriate technical and organizational measures to ensure data security, including:
- Encrypted communications (HTTPS)
- Login via expiring magic link
- Role-based access controls
- Access logs and monitoring
- Regular platform updates and infrastructure hardening

Cookies and Tracking
The platform does not use cookies, analytics tools, or any client-side tracking technologies. All interactions require authentication and take place in a secure environment.

Data Collection Limitations
We do not collect personal data from public sources or through third-party tracking. All data processed through the platform is submitted voluntarily by the user or via manual upload.

Changes to this Privacy Policy
This Privacy Policy may be updated to reflect legal, operational, or technological changes. We will notify users of significant changes via in-app notification or email. The latest version is always accessible from the platform.

Contact
If you have questions regarding this Privacy Policy or your data, please contact: Nolido Solutions
Email: support@nolidosolutions.com