Privacy Policy

Effective Date: November 14, 2017

Last modified: April 4, 2022

At Paloma Works PBC (“Paloma®”), your privacy is incredibly important to us and we are committed to protecting it through our compliance with this policy. This Privacy Policy describes the types of information, including Personal Data (as we describe further below in the Section entitled: “What Personal Data do we collect from you and why?”) we may collect from you or that you may provide when you visit, use or interact with, including any and all versions of optimized for viewing on a wireless or tablet device (the “Website”), our legal basis for processing the Personal Data, how the Personal Data will be used and shared, how the Personal Data will be stored, and your rights in relation to the collection of your Personal Data when you visit, use, or interact with our business and Website, , all email newsletters published or distributed by Paloma, and all other interactive features, services, and communications provided by Paloma® (including without limitation our main service through the Facebook Messenger API and our other support services offered through a variety of third parties, including without limitation SQUARE and SHOPIFY), however accessed and/or used, that are operated by us, made available by us, or produced and maintained by us (the “Services”).

We internally collect Personal Data in connection with our Services. This policy applies to information we collect: (a) on this Website, (b) in email, text, and other electronic messages between you and this Website, (c) through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website, and (d) when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy. We collect this information to personalize, provide, and improve our Services, to allow you to set up a user account, to enable you to build Conversations, to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services, but we’ll talk more about all of that below. This policy does not apply to information collected by: (a) us offline or through any other means, including on any other website operated by Company or any third party; or (b) any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

If you have entered into an agreement with us to subscribe to our SaaS Services, then you are also subject to the terms set forth in the Terms of Service including without limitation the privacy provisions therein. This Privacy Policy also covers how your Personal Data is handled by our third-party data processors. Through your use of our Services, you may find links to other websites or mobile applications, but this Privacy Policy won’t apply to any of those linked applications or websites unless they are also our data processors, which we will describe clearly in this Privacy Policy. We are not responsible in any manner for the privacy practices of those websites or mobile applications. Likewise, you may connect to or utilize our Website and/or Services using our self-service option through a link on a third-party website or application, such as Shopify or Square, but this Privacy Policy won’t apply to any information (including without limitation, Personal Data) that is collected via such third-parties. We are not responsible in any manner for the privacy practices of those websites or mobile applications and you are subject to the privacy policies set forth thereon.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website or Services. By accessing or using this Website and/or the Services, you agree to this privacy policy. This policy may change from time to time as hereinafter described. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

This Privacy Policy also specifically incorporates by reference our Terms of Service. Any capitalized words or phrases we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Service.

Who are we and how can you contact us?

We are, as stated above, Paloma®. We collect and process your Personal Data, as well as manage our third-party service providers that additionally process your Personal Data.

The best way to contact us is through our dedicated customer service email,

You can also reach us as follows:

Paloma Works PBC
169 Madison Ave #2050
New York, NY 10016

Who do we collect Personal Data from?

We collect Personal Data from our users, who are those individuals and businesses that sign up to use our Services. For our users, we act as data controllers, making decisions about the purposes for which we process Personal Data.

We also collect Personal Data on behalf of our users and for their customers or clients (collectively, “User Customer”). For User Customers, we act as data processors, because we don’t make decisions about which Personal Data we collect, but we do collect the Personal Data at the direction of our users. “You” will mostly refer to our own users in this Privacy Policy, but in certain provisions, we’ll refer specifically to User Customers.

What Personal Data do we collect from you and why?

Through your visitation to, use of, and interaction with the Website, you may be asked for certain types of Personal Data. You will be asked to register to use our Services and when you do so, we will ask you for certain Personal Data. This section will only cover the Personal Data that we receive specifically from you.

Personal Data collected when you register with us: When you register to use the Services, we will collect the following Personal Data from you: name, business name (if applicable), email address, phone number, time zone, and a list of Facebook and Instagram pages you manage. We process all registration information manually and you will never be asked to sign up for anything outside of the registration information that we specifically ask you for when you sign a contract with us to use our Services.

Personal Data collected from User Customers: We collect Personal Data from User Customers under the direction of our users. If you are a User Customer who engages in a Conversation through our Services, we may collect information such as your name, and any profile picture or avatar you have associated with your Facebook and/or Instagram account. We’ll also collect and process the information that you provide to us through Conversations (such as responses to questions and search queries) and we’ll then provide that information to our users for their business purposes. If you are a customer who completes a Checkout with a User, we will also collect information such as your name, shipping address, email and phone number and we’ll then provide that information to our clients for their business purposes. We never sell or rent such information to anyone.

Personal Data collected for billing: As a user of our Services, you will be asked to provide us with billing and payment information. We do not collect or store billing information through any web portals, just like our registration Services.

Personal Data collected when we’re communicating: As a user of our Services, we may communicate with you about your account with us. These communications specifically won’t be marketing communications, but will rather be transactional and informational items, such as updates to our policies or other privacy-related matters, order confirmations, or receipts (in other words, you won’t be able to opt-out of these important messages). You may also be asked questions about how to improve Paloma®, or you may, at some point, communicate with our representatives because of questions that you have. In that case, we’ll receive your contact information and the contents of those communications. We consider this information Personal Data. We collect this information so that we can help with anything you need and to continue improving our Services in the future.

What Personal Data do we collect about you that we get from other sources and why?

Geo-location data: We may collect information about your location depending on the permissions you have set on your device or browser. We solely and exclusively use this information to provide you with our Services, including to update your time zone for accuracy. You can enable or disable location Services when you use our Services at any time, through your device or browser settings.

Usage Data: We may also collect information about the use of our Services, such as Conversations you have created using the Services, as noted above, and general data about your interactions with our Services. We collect this data to help us troubleshoot any problems that may arise for you and other users, as well as to help us understand usage trends and information.

Personal Data from cookies: We use technological tools such as cookies, beacons, scripts, and tags. Cookies are small files stored on your computer or mobile device which collect information about your web behavior (we’ll call this “Automatic Data”). These cookies do not access information which is stored on your device. We collect IP address, device identification, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. If you click on a link to a third party website or service, a third party may also transmit cookies to you. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honor “Do Not Track” requests you have set using your browser or device. We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services.

What can I do about cookies in general? Most Internet browsers accept cookies automatically, although, you are able to change your browser settings and control cookies, including whether or not you accept them, and to remove them. Unfortunately, if you set your browser so that it refuses cookies, you may not be able to use the Services. You can visit for further information. Your browser may also offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain aspects of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time.

What is our legal basis for processing your Personal Data?

We respect data minimization principles, which means we only collect the minimal amount of Personal Data required for legitimate business purposes, including providing the Paloma® Services to you.

In other words, we need the Personal Data that we do collect to effectively run our business and we don’t collect more than is necessary. The Personal Data you provide to us voluntarily (such as through registration, use, and communication with us) is up to you. That said, we may still process automatic Personal Data, such as that received through cookies, regardless of how you interact with our Services.

We also, though, want to ensure that you feel we’re always treating your voluntary Personal Data - in other words, that data that we ask you for - just the way that you’d expect. Because of that, before you use or access any of our Services, you’ll be directed to this Privacy Policy. You should take the time to read and review it carefully, and then feel free to reach out to us with any questions.

If you don’t understand this Privacy Policy or you’re not sure about anything we’ve described here, please reach out to us so that we can help. If you’re still unsure, it’s best not to use any of our Services until we can answer all of your questions.

Additionally, if we collect or process your Personal Data in any way not indicated by this Privacy Policy in the future, we will seek your explicit prior consent. To be clear, consent will be sought if we wish to provide you with direct marketing communications, if we transfer your data to third parties not indicated here, or if we otherwise significantly amend or change this Privacy Policy.

Will your Personal Data ever be shared and if so, how and with whom?

At Paloma®, we never rent or sell your Personal Data to anyone in a form that can identify you. We do, however, use third party service providers (those “data processors” we mentioned earlier) to help us operate Paloma®, including our web host and payment processors. We also share general business information - i.e. non-Personal Data - with partners and potential partners.

Third-Party Service Providers: The third party service providers that we use help run the business, so your data will pass through them, but we don’t provide your Personal Data (or any personally identifying information) for intentional access (for marketing list purposes, for example) to anyone. For the third parties that we utilize who also process your Personal Data, we have appropriate security and contractual measures (like encryption and data processing agreements) to ensure that your Personal Data always gets treated in compliance with the policies laid out here, as well as applicable law.

Other Disclosures: In certain cases, we may have to disclose your Personal Data to third parties outside those above. We limit that disclosure to the following circumstances:

Your Consent: Otherwise, if we get your explicit, unambiguous, and prior consent to share your Personal Data with anyone, we’ll do so.

What about marketing?

We may send you marketing communications, such as newsletters and brochures, but only after we obtain your explicit consent. In other words, we’re never going to automatically add you to a mailing list or other marketing communication list - we’ll specifically ask you to opt-in to the communications you want to receive.

If you do consent to receive marketing communications through your affirmative opt-in, you’ll be receiving things like newsletters, targeted campaigns, and offerings of new products, services, promotions, or recommendations from us and our affiliates and subsidiaries.

Even if you do want to get marketing messages from us, you’ll be able to revoke your consent at any time. You can do so by:

We’ll take you off our marketing list as soon as we can and you won’t hear from us again.

How do we store and protect your Personal Data?

Personal Data Storage: We only store your Personal Data as long as it is necessary for providing you with the Services or until you stop using our Services and request deletion of your data. We may also store your Personal Data for any applicable legal record-keeping, including after the closure of your account for legitimate business purposes (e.g., maintaining our accountancy records, enforcing our Terms of Service, or otherwise maintaining the safety and security of our Paloma® for a time period permitted by applicable law).

Personal Data Protection: We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption.

We also use secure physical and digital systems to store your Personal Data. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm, as well as notifying you of such breaches as soon as possible, but in no event, later than two weeks time.

What are your rights in relation to your Personal Data?

By using Paloma, you can exercise the following rights:

How exactly can you launch a complaint, if you’re unhappy with the way in which we collect or process your Personal Data?

As noted elsewhere in this Privacy Policy, you can reach out to us anytime you are unhappy with the processing of your Personal Data. You can also undertake the following:

U.S. Residents: If you’re located in the United States, the collection of your Personal Data, is subject to investigation and enforcement by the Federal Trade Commission (“FTC”). We’re committed to resolving any complaints about the handling of your Personal Data as quickly and efficiently as we can, but if you’re not happy, you can lodge a complaint with the FTC.

California Privacy Rights: California Civil Code Section § 1798.83 permits users of Paloma that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to

E.U. Residents: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint as you submitted it to us, you have the right to lodge a complaint with your local data protection authority.

What happens if we modify or revise this Privacy Policy?

We do reserve the right to modify, revise, or otherwise amend this Privacy Policy at any time and in any manner, but if we make any significant changes or otherwise change the way that we process your Personal Data, we’ll let you know through the contact methods that are accessible for you, including through email and through a posting on We’ll also change the date this Privacy Policy was last modified at the top of this document. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

If we can’t communicate with you for any reason, you are still responsible for being aware of the changes to the Privacy Policy, as we’ll post notices in as many places as possible. Continuing to use Paloma® after the change indicates your continuing assent to our privacy practices and this privacy policy.

Unless we specifically obtain your consent, any changes to the Privacy Policy will only impact the Personal Data collected on or after the date of the change.

What about the international transfer of Personal Data?

We are based in the United States. In other words, your Personal Data gets sent to the United States whenever you use our Services. The risks of transferring data outside of your jurisdiction to the United States includes the possibility of data breaches and loss, but we use commercially reasonable efforts to maintain industry standards that protect your Personal Data as much as possible.

Do we collect any Personal Data from minors?

We do not allow use of Paloma® or any of our Services by users under the age of 18 (eighteen). As such, we don’t knowingly collect, store, or otherwise use any Personal Data from any minors under 18 (eighteen). If you are under 18, do not use or provide any information on this Website, through any of its features, register on the Website, make any purchases through the Website or the Services, use any of the interactive features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If you are a parent or guardian, and you learn that your children have provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from children without verification of parental consent, we will immediately take steps to remove that information from our servers.