Legal

Privacy Policy.

How Cajoon collects, uses, shares, and protects information when you use our website and platform.

Effective Date: May 15, 2024 Last Updated: June 8, 2026 Applies to: www.cajoon.ai & app.cajoon.ai

Introduction

Cajoon.ai ("Cajoon," "we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.cajoon.ai, use our software platform at app.cajoon.ai, or interact with us through related communications (collectively, the "Services").

Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services. By accessing or using our Services, you acknowledge that you have read and understand this Privacy Policy.

Information We Collect

We collect information about you in a variety of ways, including:

Personal Data

Personally identifiable information you voluntarily provide to us, such as your name, business name, shipping and billing address, email address, telephone number, job title, and demographic information (age, gender, location, interests). We collect this when you register for an account, purchase a subscription, complete a form, contact support, or participate in promotions.

Customer & Contact Data (Stored in the Platform)

When you use Cajoon to run your business, you upload or input information about your own customers, leads, members, patients, or contacts ("Customer Data"). You control this Customer Data. We act as a processor on your behalf and only use it to provide the Services to you.

Derivative & Usage Data

Information our servers automatically collect when you access the Services, including your IP address, browser type and version, operating system, device identifiers, access times, pages viewed, referring URLs, and the actions you take inside the platform. We use this for security, analytics, and product improvement.

Financial Data

Payment information such as your credit card number, card brand, expiration date, and billing address. We do not store full payment card numbers ourselves. Payment information is processed by our PCI-compliant payment processors (such as Fiserv and Clover). We only retain limited tokenized references and the last four digits of your card for invoicing and dispute resolution.

Communications Data

Records of communications you send or receive through the Services, including SMS messages, phone calls, voicemails, emails, social media DMs, and chat threads. These are stored to provide the Services and may be available to you in your account.

Cookies & Tracking Data

Information collected automatically through cookies, web beacons, pixels, and similar technologies. See Section 4 — Cookies & Tracking.

How We Use Your Information

We may use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve the Services.
  • To personalize your experience and deliver content relevant to your business.
  • To process transactions, send invoices, and manage your subscription.
  • To communicate with you about your account, transactions, product updates, and customer support.
  • To send marketing and promotional communications (you can opt out at any time).
  • To monitor and analyze usage and trends to improve user experience.
  • To develop new products, services, features, and functionality.
  • To detect, investigate, prevent, and address fraud, security, and technical issues.
  • To comply with legal obligations and enforce our Terms of Service.

Cookies & Tracking Technologies

We use cookies, pixels, local storage, and similar technologies to operate, secure, and improve the Services. Cookies fall into a few categories:

  • Strictly necessary: required for login, security, and core functionality. These cannot be disabled.
  • Performance & analytics: help us understand how the Services are used (for example, Google Analytics).
  • Functional: remember your preferences and settings.
  • Advertising: used by us or our partners to deliver and measure marketing campaigns (for example, Meta Pixel, Google Ads).

You can control cookies through your browser settings. Disabling certain cookies may affect functionality. Where required by law, we will request your consent before placing non-essential cookies.

Disclosure of Your Information

We may share information we have collected in the following situations:

  • By Law or to Protect Rights: when we believe disclosure is necessary to respond to legal process, investigate violations of our policies, or protect the rights, property, and safety of Cajoon, our users, or others.
  • Business Transfers: in connection with a merger, sale of company assets, financing, due diligence, or acquisition of all or part of our business.
  • Third-Party Service Providers: with vendors who perform services for us, including payment processing, hosting, data analysis, email and SMS delivery, customer support, and marketing.
  • With Your Consent: when you authorize a specific disclosure.
  • Aggregated or De-identified Data: we may share data that cannot reasonably be used to identify you.

We do not sell your personal information in the traditional sense. To the extent applicable, see Section 11 — California Residents for additional details on data-sharing disclosures.

SMS & Phone Communications

Cajoon is a business communications platform. When you (or a contact uploaded by one of our customers) interact via SMS, MMS, or voice through the Services, the following applies:

  • Consent. You consent to receive messages from Cajoon and from businesses using Cajoon by providing your phone number and opting in (online form, web checkout, in-store form, or any other express opt-in method).
  • Frequency. Message frequency varies. Standard message and data rates may apply.
  • Opt-out. Reply STOP to any message to unsubscribe. Reply HELP for help. You may also opt out by contacting the business that sent you the message.
  • A2P 10DLC compliance. Our messaging infrastructure complies with US carrier requirements for application-to-person (A2P) messaging, including 10DLC registration.
  • Mobile information sharing. No mobile information or opt-in data will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors that support our services (such as carriers and SMS delivery providers) is permitted. All other categories — text messaging originator opt-in data and consent — will not be shared with any third parties.

Third-Party Services

We rely on trusted third-party service providers to deliver the Services. These may include:

  • Hosting and cloud infrastructure (Amazon Web Services, Google Cloud).
  • Payment processing and merchant services (Fiserv, Clover).
  • Email and SMS delivery providers (Twilio, Mailgun, or similar).
  • Analytics and product telemetry (Google Analytics, Hotjar, or similar).
  • Customer support and ticketing.
  • Marketing and advertising platforms (Meta, Google, LinkedIn).

These providers are contractually required to handle your information in a manner consistent with this Privacy Policy and applicable law.

Data Retention

We retain personal information for as long as is reasonably necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention windows include:

  • Active account data: retained while your account is active.
  • Billing & tax records: retained for the period required by applicable financial and tax law (typically 7 years).
  • Customer Data: retained while you have an active subscription; deleted or returned within 30 days of subscription termination upon your written request, unless we are legally required to retain it.
  • Backups: deleted information may persist in encrypted backups for a limited time before being purged on a routine cycle.

Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information, including encryption in transit (TLS), encryption at rest where appropriate, access controls, least-privilege permissions, audit logging, and routine security reviews.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. You are responsible for safeguarding your account credentials and notifying us immediately of any suspected unauthorized access.

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request that we delete your personal information, subject to legal exceptions.
  • Portability — receive your personal information in a structured, machine-readable format.
  • Objection / Restriction — object to or restrict certain processing.
  • Opt-out of marketing — unsubscribe from marketing emails using the link in each message, or reply STOP to any SMS.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you specific rights regarding your personal information:

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to request deletion of personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the "sale" or "sharing" of personal information.
  • The right to limit use of sensitive personal information.
  • The right to non-discrimination for exercising your rights.
We do not sell personal information for money. To the extent that any of our advertising activities are deemed a "sale" or "sharing" under the CCPA, California residents may opt out by emailing [email protected] with the subject line "Do Not Sell or Share My Info."

European Residents (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent local laws. The legal bases on which we rely to process your data include:

  • Performance of a contract — to provide the Services to you.
  • Legitimate interests — for security, fraud prevention, analytics, and product improvement.
  • Consent — for marketing communications, certain cookies, and other clearly opt-in actions.
  • Legal obligation — to comply with applicable laws and regulations.

You have the right to lodge a complaint with your local supervisory authority if you believe we have processed your information unlawfully.

International Data Transfers

Cajoon is headquartered in the United States. If you access the Services from outside the United States, your information may be transferred to, processed, and stored in the United States or other countries where our service providers operate. These jurisdictions may have data protection laws different from your country. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

Policy for Children

Our Services are not directed to children under the age of 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us at [email protected].

Do Not Track Signals

Most web browsers and some mobile operating systems include a Do Not Track ("DNT") setting. Because there is no consistent industry standard for recognizing DNT signals, our Services do not currently respond to DNT browser signals or mechanisms.

Third-Party Links

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on the Site and updating the "Last Updated" date at the top of this page. For material changes, we may also notify you by email or through the Services.

You are advised to review this Privacy Policy periodically. Continued use of the Services after changes become effective constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Website www.cajoon.ai
Subject Line "Privacy Request" for fastest routing