Privacy Policy

This Privacy Policy describes how SMASHONE CORPORATION, a Florida corporation (Document number P26000023598), located at 5784 Keith Rd, Jupiter, FL 33458, United States ("SmashOne", "we", "us"), collects, uses, shares, and protects information about users of the SmashOne service at https://smashone.us.

At or before the point we collect your personal information, we provide this notice. We collect the categories of information described below to operate, secure, bill, support, and improve the Service. We do not sell your personal information and we do not share it for cross-context behavioral advertising. We retain each category only as long as described in "How long we keep data."

Account details (name, email, business name, optional phone, country of operation); business profile and brand-voice preferences; catalog items and customer content (posts, drafts, images, AI prompts); billing details (processed by Stripe — we store only a tokenized reference and the last 4 digits for display); and support communications you send to [email protected].

Usage data (features used, session activity, click patterns); device information (browser, operating system, language); network information (IP address, city/region-level location, referring URL); and activity logs (login timestamps, actions performed, error events). See "Cookies" for cookie-based collection.

When you connect a social account, we receive only what you authorize via OAuth: profile/account identifiers, page and channel IDs, follower counts, and read-only post analytics from Facebook, Instagram, Telegram, WhatsApp Business, TikTok, and Google Business Profile. You can revoke access anytime from your SmashOne dashboard or the platform's own settings.

We do not collect full payment card numbers (handled by Stripe), government IDs, Social Security numbers, biometric data, precise geolocation, health data, or any "sensitive personal information" as defined by the CCPA. The Service is not directed to children under 13, and we do not knowingly collect their data.

To provide publishing, messaging, the AI assistant, and analytics; to authenticate accounts and process billing; to send transactional and (with opt-in) marketing communications; to secure the Service and prevent fraud and abuse; to improve the product; and to comply with legal and tax obligations.

We share data only with vetted providers acting on our behalf under data-processing terms:

We review this list periodically; the current list is always available on this page.

SmashOne does not sell personal information and does not share it for cross-context behavioral advertising under the CCPA/CPRA. Our use of service providers (such as Stripe for payments) for business purposes does not constitute a "sale" or "share."

The AI assistant generates replies from your catalog, FAQ, and configured brand voice. AI messages are clearly disclosed as powered by SmashOne AI. You retain editorial control and may switch any conversation to manual mode at any time. We do not train AI models on your specific content; we may use anonymized, aggregated patterns to improve the Service.

• Active account datafor the duration of your subscription plus 30 days after cancellation (for reactivation).
• Cancelled accounts with no reactivationdeleted 12 months after cancellation.
• Billing and payment records7 years (US tax law).
• Activity and error logs90 days.
• Support correspondence3 years.
• Marketing preferencesuntil you unsubscribe.
• Anonymized/aggregated dataindefinitely.

If you are a California resident — or a resident of another US state with a comprehensive privacy law (e.g., Virginia, Colorado, Connecticut, Utah, Texas, Oregon) — you may exercise the following rights:

• Right to Know the categories and specific pieces of personal information we collect
• Right to Delete
• Right to Correct inaccurate information
• Right to Opt-Out of any sale or sharing (note: we do neither)
• Right to Limit the use of sensitive personal information (note: we do not collect it)
• and the Right to Non-Discrimination for exercising these rights.

We honor opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information for browsers on which the signal is enabled. Because we do not sell or share personal information, your experience is unaffected, but the signal is respected.

Email [email protected]. Please include your account email, full name, and the type of request. We verify your identity (typically by confirming the request matches your account, e.g., the email on file or the last 4 digits of your payment card). We respond within 45 calendar days (extendable by 45 days with notice); opt-out requests are honored within 15 business days. You may designate an authorized agent to submit a request on your behalf with signed written authorization.

We use TLS encryption in transit, AES-256 encryption at rest, tokenized payment data, role-based access controls, multi-factor authentication, audit logging, backups, and an incident-response plan. In the event of a breach affecting your personal information, we will notify affected users and applicable authorities as required by law.

The Service is operated from the United States; your information is processed in the United States. By using the Service you consent to this processing.

We may update this Privacy Policy. For material changes we will give at least 30 days' notice by email and post the updated version here with a new "Last Updated" date.