Privacy Policy
Effective 3 March 2025
1. Introduction
Thank you for your interest in Public Good Software, Inc. (“Public Good,” “we,” “us,” or “our”). Protecting your privacy is a core priority, and we are committed to ensuring transparency and compliance with applicable data protection laws, including:
- The General Data Protection Regulation (GDPR) (EU) 2016/679
- The California Consumer Privacy Act (CCPA) (as amended by the CPRA)
- The IAB Europe’s Transparency & Consent Framework (TCF v2.2)
This Privacy Policy explains how we collect, process, and protect your personal data in connection with our services and your rights regarding such data.
2. Our Role & Principles
- We do not collect PII for our own benefit and do not track people.
- Any PII we process is collected on behalf of a client and only after obtaining double opt-in consent.
- We do not retain PII beyond what is necessary to provide services to our clients, with a default retention period of 90 days.
- We handle all personal data securely, following AWS security best practices.
3. Data Controller & Contact Information
Public Good Software, Inc. acts as a data processor when handling personal data on behalf of our clients. If you have questions regarding your data, you may contact us at:
Public Good Software, Inc.
1 E Erie St, Ste 525, PMB 298
Chicago, IL 60611
Email: [email protected]
For GDPR-related inquiries, you may also contact our UK or EU Representatives.
UK Representative:
GDPR Local Ltd
1st Floor Front
Suite 27-29 North St.
Brighton, England BN1 1EB
attn: Adam Brogden
Tel: + 441 772 217 800
Email: [email protected]
Website: https://publicgoodinc.gdprlocal.com/uk
EU/Ireland Representative:
Instant EU GDPR Representative Limited
Office 2 12A Lower Main Street
Lucan Co. Dublin K78 X5P8 Ireland
attn: Adam Brogden
Tel: + 353 15 549 700
Email: [email protected]
Website: https://publicgoodinc.gdprlocal.com/eu
4. Types of Personal Data We Process
We collect and process only basic identifiers necessary to provide our services, including:
- Email address
- Phone number
- Name
- User-generated content (if voluntarily submitted)
We do not collect or process special category data (e.g., race, religion, health data).
We access IP addresses for the express purpose of geo-targeting our campaigns, but we do not store those or associate them with any other data.
5. How We Obtain Consent
All personal data processing occurs only after explicit, double opt-in consent:
- Users first provide consent via a form (e.g., signing up for a campaign).
- Users then confirm their consent via an email confirmation step.
Consent management is handled through customer.io and our partner consent management platforms (CMPs) under the IAB Europe’s TCF v2.2.
6. Data Retention & Deletion
- We retain PII only as long as necessary to fulfill our service obligations to clients.
- The default retention period is 90 days, after which data is permanently deleted unless required by law.
- We process data deletion requests in compliance with GDPR Article 17 (Right to Erasure) and CCPA Right to Delete via our help desk at [email protected].
7. How We Secure Data
We employ AWS security best practices, including:
- Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access Controls: Data access is restricted to authorized personnel only.
- Audit Logging: All access and modifications to PII are logged.
- Regular Security Reviews: We conduct security audits to ensure compliance.
8. Third-Party Data Processing & Transfers
- We do not sell or share personal data for our own purposes.
- Any PII shared with clients is governed by Data Processing Agreements (DPAs).
- Our infrastructure is hosted on AWS and backed up securely.
- Media partners handle their own consent management and tracking technologies independently.
9. Cookies & Tracking
We differentiate between our website tracking and our platform’s role:
On our Website: We may use Google Analytics and similar tools for performance and analytics, always requiring user consent.
On our Platform: We do not track users. Any tracking is performed by our media partners, and their consent mechanisms are canonical.
To opt out of cookies, you can adjust settings via your browser or through our website’s cookie consent banner.
10. User Rights & How to Exercise Them
We respect all GDPR and CCPA rights, including:
| User Right | How to Exercise It |
| Access (GDPR Art. 15), CCPA Right to Know | Request a copy of your personal data. |
| Correction (GDPR Art. 16) | Request rectification of inaccurate data. |
| Deletion (GDPR Art. 17), CCPA Right to Delete | Request erasure of your personal data. |
| Opt-Out of Data Processing (CCPA Right to Opt-Out of Sale/Sharing) | Contact us to ensure your data is not shared with third parties. |
To submit a request, email [email protected] with the subject “Privacy Request”.
11. Compliance with “Do Not Track” & Global Privacy Control (GPC)
- We do not track users ourselves.
- Third-party tags on our website must comply with Do Not Track (DNT) and Global Privacy Control (GPC), as required by CCPA.
12. Updates to This Privacy Policy
We may update this policy periodically to reflect changes in regulatory requirements or our data practices. The latest version will always be available at https://publicgood.com/privacy-policy.
Need Further Assistance?
📩 Contact us at [email protected] for privacy-related inquiries.