SMACKDAB APPLICATION PRIVACY NOTICE

Last Updated: 11/22/2025

Version: 1.0

Document Location: https://smackdab.ai/legal/application-privacy-notice

  1. SCOPE OF THIS NOTICE

This Smackdab Inc. (“Smackdab,” “we,” “us,” or “our”) Application Privacy Notice (“Application Notice”) applies specifically to the Personal Data that Smackdab processes on behalf of our Clients within the hosted Smackdab software applications, platform, related mobile applications, and add-on applications (collectively, the “Service”). This Notice applies to Personal Data that our Clients or their authorized Users submit, store, manage, or otherwise process using the Service (“Client Data”).

This Notice does not apply to:

• Personal Data Smackdab collects directly through its publicly accessible websites (including smackdab.ai), marketing activities, sales processes, or account-management activities. For those activities, see the Smackdab Privacy Policy: https://smackdab.ai/legal/privacy-policy/

• Data processed via third-party integrations connected to the Service. Those integrations are governed by the terms and privacy policies of the applicable third-party providers.

  1. SMACKDAB’S ROLE: DATA PROCESSOR

When Smackdab processes Client Data within the Service, we act as a Data Processor (or Service Provider) under laws such as GDPR, UK-GDPR, and CCPA. The Client (the entity or individual who subscribed to the Service) is the Data Controller (or Business).

The Client determines the purposes and means of processing Client Data.

Smackdab processes Client Data only according to the Client’s documented instructions, as outlined in the Terms of Service (https://smackdab.ai/legal/terms-of-service) and the Data Processing Addendum (https://smackdab.ai/legal/data-processing-addendum).

Smackdab does not own or control Client Data and does not use Client Data for our own purposes except as necessary to provide, maintain, secure, or comply with legal obligations related to the Service.

  1. CATEGORIES OF PERSONAL DATA PROCESSED

Clients decide what data they submit into the Service. This may include information about their customers, employees, leads, contacts, or other individuals. Smackdab generally does not know which specific types of Personal Data a Client stores unless needed for support.

If your data is stored by a Smackdab Client, your rights are governed by that Client’s privacy notice.

  1. HOW WE RECEIVE AND PROCESS PERSONAL DATA

We receive Personal Data when Clients or their authorized users enter data into the Service, or when data is synced from third-party systems at the Client’s direction. We process Client Data for the following purposes:

• Operating and providing the Service

• Providing technical support and account administration

• Detecting, preventing, or addressing security incidents, spam, fraud, or abuse

• Aggregating and anonymizing usage data (never identifying Client Data) to improve performance and develop new features

• Complying with applicable laws and legal requests

Smackdab personnel only access Client Data when strictly necessary and typically only with the Client’s request, authorization, or as required by law.

  1. DATA SUBJECT RIGHTS

Smackdab is a Data Processor. Individuals who wish to exercise rights (such as access, correction, deletion, restriction, or portability) related to Client Data must contact the relevant Client controlling their information. Smackdab will assist Clients with responding to such requests as required by law.

  1. DATA SECURITY

Smackdab maintains administrative, technical, and organizational security measures appropriate to the processing of Client Data. These measures include encryption in transit and at rest, access controls, network protections, logging and monitoring, and a documented incident-response program. Additional details are available in our Security Policy: https://smackdab.ai/legal/security-policy/

  1. INTERNATIONAL DATA TRANSFERS

Smackdab is based in the United States and may process Client Data in multiple regions. Where transfers occur to locations outside the EEA, UK, or other restricted jurisdictions, Smackdab uses appropriate safeguards, including Standard Contractual Clauses or equivalent mechanisms, as described in the DPA.

  1. RETENTION

Retention of Client Data is determined by the Client based on its own policies, configuration settings, and legal obligations. Smackdab deletes or anonymizes Client Data when required by Client instructions or applicable law.

  1. SUB-PROCESSORS

Smackdab uses carefully vetted Sub-Processors to help deliver the Service (for example, cloud hosting, email delivery, support tools, and analytics). Each Sub-Processor is bound by written data-protection and security obligations. The current list is available at:

SUB‑PROCESSOR LIST

  1. CHANGES TO THIS NOTICE

We may update this Application Notice from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material updates, we will revise the “Last Updated” date at the top of this page. Continued use of the Service after such updates constitutes acceptance of the revised Notice.

  1. CONTACT

If you have any questions or concerns regarding this Application Privacy Notice, please contact us at:

[email protected]

Smackdab Inc., a Florida corporation

Collier County, Florida, USA