Privacy Policy

1. Scope

This policy covers information collected through gizmosauce.com, the GizmoSauce dashboard, our APIs, and GizmoSauce widgets embedded on customer websites (“Customer Sites”).

If you embed GizmoSauce widgets on Customer Sites, you (the customer) are responsible for providing any required end-user notices and obtaining any required end-user consents on those Customer Sites (for example, cookie banners, consent management, or other disclosures), including where a widget collects end-user submissions (such as a form submission).

2. Controller vs Processor

• Dashboard and marketing site: EndurantDevs LLC acts as a data controller for account management, billing, and support.
• Embeds on Customer Sites: when we process end user data on behalf of a customer, we generally act as a data processor and the customer is the data controller.

If you are a Customer and we process personal data as your processor, our Data Processing Addendum (DPA) describes the processing terms that apply to that relationship.

If you are an end user interacting with a widget on a Customer Site and you want to exercise privacy rights, you should typically contact the Customer (the site owner) directly. We will assist Customers as required by applicable law and our agreements.

3. Information We Collect

• Widget Efficiency & End-User Privacy: When you embed GizmoSauce widgets, we act as a Data Processor. We design our widgets to be privacy-friendly: we do not use third-party tracking cookies inside widgets to monitor your users' behavior across other sites. Data collected is strictly limited to functional requirements (e.g., recording a poll vote, maintaining chat state).
• End-user submissions (when enabled): Some widgets allow end users to submit information (for example, form submissions, RSVPs, quiz answers, support requests, or chat messages). The Customer determines what fields are collected and how they are used on the Customer Site. We process that information to provide the widget’s functionality and to transmit or display it back to the Customer as configured.
• Third-party source content (when enabled): Some widgets display content fetched from third-party platforms (for example, reviews or social posts). Depending on the widget, this may include public profile information (such as display names, profile images, post/review text, timestamps, and links). We store and serve this data to operate the widget and to reduce third-party scripts on Customer Sites.
• Account data: email address, authentication data, and basic profile information you provide.
• Billing data: subscription status and Stripe customer identifiers; payment card details are handled by our payment processors.
• Widget configuration and content: settings and content you submit to generate embeds.
• Usage and logs: device and browser information, IP address, timestamps, and event/diagnostic logs (used for security and performance).
• Cookies and similar technologies: used for essential functionality (e.g., sessions), preferences, and (where enabled) analytics. See Section 6.

4. How We Use Information

• Provide, operate, and maintain the Services (including embeds).
• Authenticate users, prevent fraud, and secure the platform.
• Detect, prevent, and investigate abuse (including automated scraping, reverse engineering attempts, and violations of our Terms of Service).
• Process subscriptions, invoices, and account changes.
• Respond to support requests and communicate service updates.
• Improve performance, reliability, and product experience.
• No General-Purpose AI Training: We do not use Customer Content or end-user data collected through widgets to train general-purpose machine learning models, except with explicit permission or as otherwise disclosed in a separate agreement.
• Analytics (optional): if enabled, we use analytics and diagnostics to understand feature usage and improve reliability. We do not use widgets to place third-party tracking cookies on Customer Sites for cross-site behavioral tracking.

5. Legal Bases (EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process personal data only where we have a lawful basis. Depending on the context, our lawful bases may include:

• Performance of a contract: to provide the Services you requested (for example, account access, widget configuration, and embed delivery).
• Legitimate interests: to secure, maintain, and improve the Services (for example, abuse prevention, uptime monitoring, and improving performance), where those interests are not overridden by your rights.
• Consent: where required (for example, certain analytics cookies or marketing communications in some jurisdictions).
• Legal obligation: to comply with applicable laws (for example, tax and accounting retention, responding to lawful requests).

If we act as a processor for a Customer, the Customer is typically responsible for determining the lawful basis for end-user data collected through widgets embedded on Customer Sites.

6. Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to make the Services work, to remember preferences, and (where enabled) to understand how the Services are used.

• Essential cookies: required to provide the Services (for example, authentication/session cookies).
• Preferences cookies: used to remember settings (for example, UI preferences like theme).
• Analytics cookies (optional): used to understand aggregate usage and improve performance. Where required by law, we provide consent controls.
• Widgets on Customer Sites: widgets may use local storage or similar mechanisms for functional behavior (for example, remembering that a user dismissed a banner). We do not intentionally use third-party tracking cookies inside widgets for cross-site behavioral advertising.

Where enabled, we may use analytics providers such as Google Analytics and Microsoft Clarity to understand how the marketing site and dashboard are used. For example, we configure Google Analytics with IP anonymization and disable ad personalization signals where supported. These providers may set cookies or use similar technologies subject to their own privacy policies.

You can control cookies through your browser settings. Disabling certain cookies may impact functionality. If a Customer embeds widgets, the Customer is responsible for providing any required cookie disclosures and consent mechanisms on the Customer Site.

7. Communications

Service communications: We may send you emails or other communications necessary to provide the Services, such as account verification, password resets, billing notices, security alerts, and important product updates.

Promotional communications: Where permitted by law, we may send product tips, announcements, and offers. You can opt out of promotional communications by using the unsubscribe link in the message or by contacting moc.ecuasomzig@ycavirp. Service communications are not optional because they are required to operate the Services.

8. Sharing, Disclosures, Subprocessors

We share information with service providers who help us operate the Services. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. Our subprocessors and service providers typically fall into these categories:

• Cloud Hosting & Storage: to deliver the app and widgets, store assets, and run infrastructure.
• Security & CDN: (e.g., Cloudflare) to deliver static assets, protect the platform, and improve performance.
• Payment Processing: (e.g., Stripe) to handle billing securely.
• Communication: (e.g., Mailgun) to send transactional emails.
• Analytics (optional): marketing-site and dashboard analytics and diagnostics to understand product usage and improve reliability.

For additional transparency, we publish a Subprocessors List that includes the categories and (where applicable) example vendors we may use.

We may also disclose information:

• To comply with law: to respond to lawful requests, subpoenas, court orders, or similar legal processes.
• To protect rights and safety: to enforce our Terms, prevent fraud/abuse, and protect the security of the Services and our customers.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets (with appropriate safeguards).
• At your direction: when you enable integrations or instruct us to share data (for example, publishing a widget and embedding it on a Customer Site).

9. Google API Services (OAuth, YouTube)

Certain features may integrate with Google services (for example, signing in with Google OAuth or using Google APIs to support specific widgets or previews).

• Google OAuth: when enabled, we use Google OAuth to authenticate you and access basic account information (such as email address and profile details) needed to create or sign in to your GizmoSauce account.
• Google API Services User Data Policy: our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• No ads based on Google data: we do not use Google OAuth data to serve you ads, and we do not sell Google OAuth data.

10. Data Location & International Transfers

We may process and store information in the United States and other jurisdictions where we or our service providers operate. Privacy laws may differ between jurisdictions.

Where required by law for cross-border transfers (for example, from the EEA/UK), we use appropriate safeguards, which may include Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

11. Data Retention

We retain information for as long as needed to provide the Services, comply with legal obligations, and resolve disputes.

• Account data: retained while your account is active and as needed for support, compliance, and record-keeping.
• Billing records: retained as required for tax, accounting, and audit purposes.
• Widget configuration: retained while the widget exists. If a Customer deletes a widget or account, we may retain limited information and backups for a short period to support account restoration and operational safety (for example, up to ~30 days for accounts and up to ~5 days for widgets), after which data may be permanently deleted.
• Logs: retained for security and reliability (for example, to investigate abuse, troubleshoot incidents, and monitor performance), then rotated or deleted.

12. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at moc.ecuasomzig@ycavirp.

If you are an end user interacting with a widget embedded on a Customer Site, the Customer is typically the controller and should be your first point of contact. We will assist Customers with requests as required by law and contract.

To protect privacy and security, we may need to verify your identity before responding. If you authorize an agent to make a request on your behalf, we may require proof of authorization.

13. Security

We use commercially reasonable administrative, technical, and organizational measures designed to protect information. These measures may include access controls, encryption in transit, secure development practices, monitoring, and incident response procedures. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

14. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this policy from time to time. We will post an updated effective date and, where appropriate, provide additional notice.

16. Contact

Privacy questions can be sent to moc.ecuasomzig@ycavirp or by mail to EndurantDevs LLC, 8 THE GREEN, STE A, DOVER, DE 19901.