Privacy Policy

Information we collect

• Account information such as name, email address, username, password hashes, company details, billing references, and support messages.
• Tracking and campaign data such as click IDs, campaign names, source parameters, destination URLs, postback events, conversion values, device details, referrers, IP addresses, browser data, and geolocation derived from IP.
• Technical information such as log data, security events, cookies, session identifiers, and usage analytics needed to operate and improve the service.

How we use information

• To provide the FourLook service, authenticate users, process campaign redirects, record click and conversion events, generate reports, and support custom tracking domains.
• To secure the platform, prevent abuse, troubleshoot errors, respond to support requests, and maintain audit records.
• To send service messages, administrative notices, product updates, and billing or account communications.

Customer responsibilities

• Customers are responsible for giving any required notices and obtaining any required consent from end users, visitors, affiliates, advertisers, or clients whose data is processed through FourLook.
• Customers must ensure that campaign content, destination pages, tracking links, and data collection practices comply with applicable privacy laws and advertising platform policies.

Sharing and subprocessors

• We may share information with hosting providers, infrastructure vendors, payment processors, email providers, analytics providers, support tools, and professional advisors only as needed to operate the service.
• We do not sell personal information. If future laws define certain analytics or advertising activities as a sale or sharing, we will provide required opt-out controls.

Retention and security

• We retain account and tracking data for as long as needed to provide the service, meet legal obligations, resolve disputes, and maintain business records.
• We use administrative, technical, and organizational safeguards designed to protect data, including access controls, HTTPS deployment, password hashing, and operational logging.

Your rights

• Depending on location, individuals may request access, correction, deletion, portability, restriction, or objection regarding personal information.
• To make a privacy request, contact us at [email protected]. We may need to verify your identity and may direct end-user requests to the customer that controls the relevant campaign data.

Worldwide privacy framework

• We design this policy to address common privacy principles used globally, including transparency, purpose limitation, data minimization, security, accountability, retention limits, and user rights.
• Depending on where you or your visitors are located, laws such as GDPR, UK GDPR, ePrivacy rules, CCPA/CPRA, PIPEDA, LGPD, POPIA, PDPA, and other regional laws may apply.
• Customers remain responsible for determining their own legal basis for campaign tracking, conversion measurement, remarketing, lead collection, and data sharing with advertisers, networks, traffic sources, or analytics vendors.

Legal bases for processing

• We may process account and billing data to perform a contract, provide requested services, secure accounts, and comply with legal obligations.
• We may process operational logs and security data based on legitimate interests in fraud prevention, service reliability, abuse detection, and platform protection.
• Where consent is required, such as for certain analytics, marketing cookies, or advertising identifiers, consent should be collected before non-essential processing begins.

End-user and visitor data

• Campaign visitor data may include IP address, user agent, device type, browser, approximate location, click identifiers, referral URLs, campaign tokens, landing page events, and conversion events.
• Customers should avoid placing sensitive personal information, payment data, health data, government IDs, children data, or protected category data inside URL parameters, campaign names, custom tokens, or postback values.
• If a visitor contacts us about campaign data controlled by a customer, we may refer the request to that customer unless we are legally required to respond directly.

International transfers

• Data may be processed in countries other than where it was collected, depending on hosting, support, billing, email, and security providers used to operate the platform.
• Where required, transfers should be supported by appropriate safeguards such as standard contractual clauses, data processing agreements, transfer impact assessments, or other lawful transfer mechanisms.

Children and sensitive data

• The service is intended for business users and is not directed to children.
• Customers must not knowingly use the platform to collect data from children or process sensitive regulated data unless they have a lawful basis, required notices, consent, and written approval where needed.

Privacy requests and complaints

• Individuals may contact [email protected] for privacy requests. We may ask for information needed to verify identity, locate records, and determine whether we act as controller, processor, business, or service provider.
• Where applicable, individuals may also have the right to lodge a complaint with a supervisory authority or privacy regulator in their region.