Privacy Policy

Last Updated: April 15, 2026

This Privacy Policy describes how Ploy, Inc. (“Ploy,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal information when you visit our website at https://ploy.ai or use our AI-powered marketing platform (together, the “Services”). Ploy provides a platform that enables businesses (“Customers”) to automate and manage marketing workflows using AI.

This Policy applies to two categories of individuals: (i) personnel of our business Customers and prospective Customers, as well as visitors to our website (“Customer Information”); and (ii) end users, leads, and contacts of our Customers whose information is processed through the Services on our Customers’ behalf (“Customer End-User Information”). For Customer End-User Information, Ploy acts as a data processor, and the applicable Customer’s privacy policy governs collection and use.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We collect personal information from you directly, from your authorized integrations and third-party sources, and automatically through your use of the Services. The information we collect depends on how you interact with Ploy.

A. Information You Provide Directly

Account and Contact Information. When you register for an account, we collect information such as your name, email address, company name, job title, phone number, and other registration details.

Profile Data. Username, password, profile photo, user preferences, and other information you add to your account or user profile.

Transactions and Payment Information. If you subscribe to a paid plan, we collect billing address, tax identifiers, and transaction history. Payment card details are collected and processed by our third-party payment processor, Stripe, Inc. We do not store complete payment card numbers on our servers.

Customer Content. Brand assets, marketing materials, campaign content, prompts, audience lists, CRM records, files, images, and other materials you upload, connect, or submit to the Services (“Customer Data”). You retain all rights to your Customer Data, and we process it solely to provide the Services to you.

Communications with Us. When you contact us by email, support chat, or other channels, we collect your contact details and the content of your communications, including any attachments.

B. Information from Connected Services and Integrations

Integration Data. When you authorize Ploy to connect to third-party services (such as CRM, marketing automation, email, advertising, analytics, or data enrichment platforms), we access and process data from those services as necessary to provide the Services. This may include account information, contact records, opportunity and deal data, campaign performance data, and other business data accessible through those services’ APIs, in accordance with the scopes you authorize.

Account Intelligence and Enrichment Data. To power certain features, we may process firmographic data, intent signals, technographic information, and publicly available business information about target accounts and contacts sourced from third-party data providers.

C. Information Collected Automatically

When you access the website or use the Services, we automatically collect certain technical information, which may include:

  • IP address and approximate location derived from it;
  • Browser type and version, operating system, and device identifiers;
  • Pages visited, features used, buttons clicked, and time and date of access;
  • Referring and exit URLs and search terms used to find the Services;
  • Session duration, session recordings (where enabled), and other usage and performance data;
  • Log data, diagnostic data, and error reports;
  • Cookie identifiers and pixel tag metadata (see Section 5).

Generated Output Data. We collect metadata and usage patterns relating to your use of AI features and the content generated by the Services, generally in de-identified or aggregated form.

Cookies and Similar Technologies. We and our service providers use cookies, pixels, SDKs, and similar technologies as described in Section 5. We do not engage in cross-site tracking for third-party behavioral advertising purposes unless explicitly disclosed and, where required, subject to your consent.

D. Information from Third Parties

We may receive information about you or your company from third-party sources, including business data providers, marketing data enrichment services, partners, lead providers, event co-hosts, and publicly available sources. This may include company name, industry, company size, technology stack, funding information, and business contact information. We use this information to supplement account records, improve personalization, verify identities, and enhance our ability to provide the Services.

E. Customer End-User Information

In the course of providing the Services, our Customers may submit, upload, or connect data about their own end users, leads, subscribers, or contacts (“Customer End-Users”). Ploy processes Customer End-User Information on behalf of, and under the instructions of, the applicable Customer as a data processor. This information may include:

  • Name, email address, phone number, and other contact details;
  • Employer, job title, and other professional information;
  • IP addresses and device or browser identifiers;
  • Pixel tag metadata, cookie identifiers, and other tracking data collected through Customer campaigns or properties;
  • Behavioral data, including email opens, clicks, page views, form submissions, and other engagement activity;
  • Audience segmentation data and campaign interaction history provided or generated by the Customer.

Customer End-Users should direct privacy inquiries to the applicable Customer, whose privacy policy governs the collection and use of their information.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Services;
  • To process transactions and manage your subscription;
  • To communicate with you, including for support, service updates, and security alerts;
  • To improve the Services based on usage patterns and feedback;
  • To improve our AI models using aggregated, de-identified data that cannot reasonably identify you or your customers (we do not use identifiable Customer Data to train general-purpose AI models without your consent);
  • To send marketing communications in accordance with your preferences;
  • To generate aggregated or anonymous performance metrics and analytics;
  • To detect, prevent, and address fraud, abuse, and security issues; and
  • To comply with legal obligations.

3. How We Share Your Information

We do not sell personal information. We may share information in the following circumstances:

Service Providers. We work with third-party vendors for payment processing, cloud hosting, analytics, email delivery, and customer support. These providers are contractually required to protect your information and may only use it to provide services to us.

AI Service Providers. The Services use third-party AI infrastructure to power certain features. Customer Data processed through these providers is governed by our data processing agreements and this Privacy Policy. Our current AI providers—Anthropic PBC, Vercel, Inc., OpenAI, LLC, and Google LLC—commit, through their applicable enterprise or API terms, not to use Customer Data passed through their APIs to train their general-purpose foundation models.

Legal and Safety. We may disclose information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect the rights, safety, or property of Ploy, our Customers, or others.

Business Transfers. If Ploy is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you via email and/or a notice on our website of any change in ownership or uses of your personal information.

We may share de-identified, aggregate, or anonymous information for any purpose. Such information does not identify specific individuals.

4. Your Privacy Choices

Subject to applicable law, you may have rights regarding your personal information, including the rights to access, correct, delete, or receive a portable copy of the personal information we maintain about you. Additional rights may apply to residents of certain jurisdictions, as described in the subsections below. You may also opt out of marketing emails at any time by clicking the “unsubscribe” link in any marketing email.

How to Exercise Your Rights. To submit a request, email legal@ploy.ai. We will verify your identity before fulfilling any request, typically by asking you to confirm information associated with your account. You may designate an authorized agent to submit requests on your behalf by providing the agent with written authorization and verifying your identity directly with us. If we deny your request, you may appeal our decision by replying to our response or emailing legal@ploy.ai with the subject line “Privacy Request Appeal.” We will respond to appeals within the timeframe required by applicable law.

Unfounded or Excessive Requests. We may refuse a request, or charge a reasonable fee to process it, if the request is manifestly unfounded, excessive, or repetitive, to the extent permitted by applicable law.

If you are a Customer End-User (for example, a contact, subscriber, or lead reached through one of our Customers’ campaigns), please contact the applicable Customer directly to exercise your privacy rights. Their privacy policy governs the collection and use of your information.

California Residents. The California Consumer Privacy Act, as amended (“CCPA”), provides California residents specific rights regarding their personal information. The categories of personal information we collect, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it are described in Sections 1, 2, and 3. In the preceding twelve (12) months, we have not sold personal information and have not shared personal information for cross-context behavioral advertising. California residents have the right to:

  • Know what personal information we have collected about them;
  • Delete personal information, subject to legal retention requirements;
  • Correct inaccurate personal information;
  • Opt out of the sale or sharing of personal information (we do not engage in either);
  • Limit the use and disclosure of sensitive personal information (see note below); and
  • Not receive discriminatory treatment for exercising these rights.

Sensitive Personal Information. We do not collect categories of sensitive personal information such as precise geolocation, biometric identifiers, genetic data, health information, or racial or religious information. To the extent account credentials qualify as sensitive personal information, we use them only to authenticate you and provide the Services.

Other U.S. State Residents. Residents of other U.S. states with comprehensive privacy laws may have rights that include access, deletion, correction, data portability, and opt-out of targeted advertising, sale, and certain profiling. We do not sell personal information and do not engage in targeted advertising through our Services. Depending on your state, you may also have the right to contact your state attorney general if you are not satisfied with the outcome of an appeal.

EEA, UK, and Switzerland Residents. Ploy, Inc. is the controller of personal information described in this Policy where we determine the purposes and means of processing. When we process Customer End-User Information on behalf of a Customer, the Customer is the controller and Ploy acts as the processor.

Legal Bases for Processing. We process personal information under the following legal bases: (i) performance of a contract with you or your organization, such as providing the Services and processing payments; (ii) our legitimate interests in operating, securing, and improving the Services, and in marketing the Services to our business customers and prospects, where those interests are not overridden by your rights and freedoms (you may object to direct marketing at any time by unsubscribing); (iii) your consent, where required by law (for example, for certain non-essential cookies), which you may withdraw at any time; and (iv) compliance with legal obligations.

Your Rights. You have the right to access, rectify, erase, restrict processing of, object to processing of, and receive in a portable format your personal information. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing. You may lodge a complaint with your local supervisory authority.

Automated Decision-Making. We do not use personal information to make decisions that produce legal or similarly significant effects about you through solely automated means. The AI features of the Services operate under Customer direction and human oversight.

To exercise your rights, contact legal@ploy.ai.

5. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to collect information about your browsing activity, interactions with our website and emails, and to personalize your experience.

We currently use the following third-party cookies and tracking tools:

[List your specific tools here — e.g., Google Analytics, PostHog, HubSpot. Link to each provider’s privacy policy.]

We do not currently use third-party advertising cookies for cross-contextual behavioral or interest-based advertising. If that changes, we will update this policy.

Do Not Track and Global Privacy Control. Some browsers transmit “Do Not Track” (DNT) signals or Global Privacy Control (GPC) signals. Because we do not sell personal information or share personal information for cross-context behavioral advertising, these signals do not change how we process your information. Where required by applicable law, we treat a GPC signal from a California resident as a valid request to opt out of sale or sharing. There is no widely adopted standard for responding to DNT signals, so we do not respond to them separately.

6. Google OAuth Integration

A. Overview of Google Integrations

Ploy provides integrations with Google Analytics and Google Search Console to allow Customers to view and analyze their marketing performance data directly within the Ploy platform. This document outlines our commitment to data privacy and technical limitations regarding these specific integrations.

B. Limited Read-Only Access

When you authorize Ploy to connect to your Google accounts via OAuth, we request read-only permissions (e.g., analytics.readonly and searchconsole.readonly).

  • Capabilities: Ploy can view property configurations, traffic metrics, and search performance data.
  • Restrictions: Ploy does not have the technical capability to—and will never attempt to—modify, delete, or manage your Google account settings or data.

C. “No-Cache” Architecture & Data Processing

To maximize security and privacy, Ploy utilizes a live-access architecture:

  • Live Retrieval: Data is pulled fresh from Google’s APIs in real-time only when an authorized user interacts with the dashboard.
  • No Persistent Storage: Ploy does not cache or store your Google Analytics or Search Console metrics on our servers.
  • Volatile Memory: Data is processed in temporary memory for the duration of your active session and is discarded immediately after the request is fulfilled.
  • Reports: Automated email reports or exports pull fresh data at the time of generation and do not rely on stored historical snapshots.

D. Use of Information

Data retrieved from Google APIs is used exclusively to:

  • Provide real-time data visualization and performance reporting.
  • Generate AI-powered insights within the Ploy interface.
  • Note on AI Training: Consistent with the Privacy Policy, Ploy does not use identifiable Customer Data retrieved from Google APIs to train general-purpose AI models.

E. Authentication & Revocation

  • Encrypted Tokens: The only data Ploy stores persistently is the encrypted OAuth token required to maintain the connection.
  • User Control: You can revoke Ploy’s access at any time via the Ploy Settings menu or through your Google Security Permissions.
  • Immediate Deletion: Upon revocation, Ploy immediately deletes the associated authentication tokens from our database.

F. Google Limited Use Disclosure

Ploy’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Security

We maintain reasonable administrative, technical, and organizational safeguards to protect personal information against unauthorized access, use, modification, and disclosure. No system is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

8. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services. After account termination, we retain Customer Data for sixty (60) days to allow for export, after which we will delete or de-identify it in accordance with our standard deletion schedule. We may retain certain information longer as required by law, for legal holds, for security and fraud-prevention purposes, or to enforce our agreements. De-identified and aggregated data may be retained indefinitely.

9. International Data Transfers

Ploy is based in the United States. Personal information may be transferred to, processed in, and stored in the United States or other countries where our service providers operate, which may have different data protection laws than your jurisdiction.

Where personal information originating in the European Economic Area, United Kingdom, or Switzerland is transferred to a country that has not received an adequacy decision from the relevant authority, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where applicable, the EU-U.S. Data Privacy Framework (including the UK Extension and the Swiss-U.S. Data Privacy Framework). A copy of the safeguards we use is available on request by contacting legal@ploy.ai.

10. Children’s Privacy

The Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information and terminate the associated account. If you are a parent or guardian and believe that your child has provided personal information to the Services, please contact us at legal@ploy.ai.

The Services may link to or integrate with third-party websites and services. We do not control those services and are not responsible for their privacy practices. We encourage you to review their privacy policies before sharing information with them.

12. Changes to This Policy

We may update this Privacy Policy as our Services evolve. If we make material changes, we will post the updated policy here with a new “Last Updated” date. For significant changes, we may also notify you by email. Continued use of the Services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

Ploy, Inc.

Email: legal@ploy.ai

2 Embarcadero Center, 8th Floor San Francisco, CA 94111