Privacy Policy

1. Introduction

Short, Inc. ("we", "us", "our") respects your privacy and is committed to protecting it through our compliance with this privacy policy ("policy"). The term "you" or "your" refers to the person visiting our website, roaros.com, and associated subdomains and/or purchasing and using our online products and services ("Services"). This policy describes our practices for processing your personal information and data as defined by applicable laws ("personal information") in connection with our website and your use of our Services. For purposes of this policy, we act as a controller of the personal information.

Please read this privacy policy carefully to understand our policies and practices regarding your personal information and how we will treat it. If you do not agree with our policies and practices, you may not use our website or Services. By accessing or using our website and Services, you agree to this privacy policy.

2. Information We Collect About You

2.1 Information You Provide to Us

• Account information: When you create a RoarOS account, we collect your email address and full name. You may also sign up using Google OAuth, in which case we receive your name and email address from Google. We also collect your workspace name during setup.
• Social media handles and URLs: During onboarding and ongoing use, you provide TikTok and/or Instagram profile URLs or handles for the accounts you wish to track. You may categorize these as "owned" or "competitor" accounts. We do not require you to log into these social media accounts through RoarOS, and we do not collect or store your social media passwords or authentication tokens.
• Customer support information: Information provided when contacting us about our Services, including bug reports and feature requests submitted through our platform.
• Payment details: Our third-party payment processor, Stripe, may collect your billing and contact information, including credit card numbers, cardholder names, card security details, card expiry dates, and billing addresses that you provide directly to Stripe. We are not involved in the collection and processing of such information; we only receive a notification from Stripe as to whether payment has been successfully completed, along with your Stripe customer ID and subscription status.
• Business and strategy data: Information you enter into RoarOS to organize and analyze your content, including custom tags and taxonomies, campaign structures, content groupings, custom column data (such as costs, notes, or other business metrics), and competitive tracking selections. This information reflects your proprietary marketing strategy and is treated as confidential.
• Opinions and feedback: Comments, ratings, bug reports, or feature requests that you choose to submit through our platform.

2.2 Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our website and Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and usage patterns, in order to improve our Services and provide you the best experience.

• Device details: Device type, operating system, browser type, browser settings, IP address, other unique identifiers (such as MAC address), language settings, dates and times of connection to our website, and other technical communications
• Usage details: Records of your use of our website, including pages viewed, features used, interactions with content, and search terms
• Product analytics: We use PostHog to understand how users interact with our Services and to improve the user experience. This may include events such as page views, feature usage, and session data

2.3 Publicly Available Social Media Data

When you add a TikTok or Instagram account to RoarOS by providing its profile URL or handle, we collect publicly available information from that profile using third-party data collection services. This data includes:

• Public profile information: Handle, display name, avatar, bio, follower count, and following count
• Public content: Posted videos, images, captions, hashtags, music information, video duration, and cover images
• Public engagement metrics: Views, likes, comments, shares, saves, and engagement rates, tracked over time as periodic snapshots

This data is collected from publicly accessible social media profiles. We do not access private or protected account data, direct messages, or any information that is not publicly visible on the respective platform. The same publicly available data is collected regardless of whether you categorize an account as "owned" or "competitor."

2.4 Information from Our Service Providers

We may receive information collected by our service providers on our behalf, such as our payment processor (Stripe), in order to provide you with our Services.

3. How We Use Your Information

We may use or disclose the personal information we collect for one or more of the following purposes:

• Our website: Operating and managing our website; providing content to you; and communicating and interacting with you via our website
• Provision of Services: Providing our Services to you, including tracking social media content performance, generating analytics and AI-powered insights, managing campaigns and tags, and providing competitive analysis; processing your proprietary business data (such as costs, custom columns, and content taxonomies) to power platform features; fulfilling our obligations or enforcing our rights under contracts between you and us; notifying you about changes to our Services; creating, maintaining, and securing your account; improving and personalizing our Services; understanding, troubleshooting, and fixing the Services; providing you with support and responding to your inquiries
• Marketing communications: Communicating with you regarding information in which you may be interested, subject to compliance with applicable law
• Analytics: Creating aggregated, de-identified data for purposes of improving our website and Services, analyzing current and potential user markets, and creating new Services
• Security: Maintenance of the safety, security, and integrity of our website, Services, and other technology assets and business; operation of IT security; security audits; and detection of fraud
• Legal compliance: Compliance with legal obligations; compliance with requests from law enforcement officers; to establish, exercise, and defend legal claims
• Financial management: For sales, finance, corporate audit, and vendor management

4. Disclosure of Your Information

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates
• To our trusted service providers and contractors who help us manage or provide our Services by, e.g., hosting content (Supabase); processing payments (Stripe); processing data or statistics; providing product analytics (PostHog); providing AI features (Anthropic); or otherwise developing, supporting, and providing our Services. These third-party service providers and contractors are required to protect personal information entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf
• To our employees, contractors, accountants, auditors, lawyers, investors, and other outside professional advisors to Short, Inc., subject to binding obligations of confidentiality
• To a buyer or other successor in the event of, or pursuant to negotiations in connection with, a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Short, Inc.'s assets. We will notify you with any choices you may have regarding your information as a result of such events
• With your consent
• To comply with any court order, law, or legal process, including investigation of potential violations and to respond to any government or regulatory request
• To detect, prevent, or otherwise address fraud, security, or technical issues
• To enforce or apply any agreements we may have with you, including for billing and collection purposes
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others

We do not sell your personal information or the publicly available social media data we collect to third parties.

5. How Long We Keep Your Information

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, potential risk of harm from unauthorized use or disclosure, purposes for which we process the information and whether we can achieve those purposes through other means, and applicable legal requirements.

We intend to keep your personal information for as long as necessary to fulfill the purposes set out in this privacy policy. We will retain and use your personal information to the extent necessary to provide our Services to you, improve and customize the Services, ensure safety, comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. We reserve the right to delete your information after a period of account inactivity that exceeds one year. In that case, we will endeavor to give you prior notice.

When you remove a tracked social media account or delete your RoarOS account, we may retain an anonymized and archived copy of associated data for up to two years for purposes such as benchmarking, trend analysis, and service improvement. This archived data is stripped of personally identifiable information and cannot be used to identify you or your business. If you would like all of your data permanently and fully deleted, including any anonymized archives, you may request complete data deletion at any time by contacting us at legal@roaros.com. We will process full deletion requests within 30 days.

6. Data Security

We protect your personal data through reasonably technical and organizational security measures to minimize the risk of data loss, misuse, unauthorized access, and unauthorized disclosure and alteration. Such measures include encryption of data in transit and at rest, row-level security policies on all database tables to prevent cross-workspace data access, secure authentication flows, and regular security monitoring.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. Note, the transmission of information via the Internet is never completely secure, and although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website and Services.

7. Links to Third-Party Websites

Our website may contain links to websites operated by other companies, including websites operated by our third-party service providers and unrelated third parties. This privacy policy does not apply to personal information collected on any of these other websites. When you access third-party websites through a link on our website, please review the privacy policy posted on that website.

8. Cookies and Tracking Technologies

8.1 Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies ("Tracking Technologies") to collect certain information when you visit our website, open our emails, or otherwise interact with our content or Services. Tracking Technologies may be set by us ("first-party") or by third parties that provide services to us ("third-party").

8.2 What Are Cookies and Why We Use Them

Cookies are small data files stored on your device. We use cookies and similar Tracking Technologies to:

• Operate and secure our website
• Understand how visitors navigate our pages
• Recognize returning users
• Store preferences and account settings
• Improve and develop our Services

If you disable cookies, some features of the website or Services may not function properly.

8.3 Types of Tracking Technologies We Use

• Strictly Necessary Cookies: Enable core site functions including authentication via Supabase. Without them, parts of the website may not work.
• Performance Cookies: Help us understand website traffic and usage so we can improve functionality (via PostHog).
• Functional Cookies: Remember your preferences and support features like login recognition.

8.4 Your Choices

Most browsers allow you to block or delete cookies, or to receive a notification before they are placed. Because browser controls vary, you should review your browser's settings for more information. Our website does not currently respond to "Do Not Track" signals. Third-party Tracking Technologies are governed by those third parties' own privacy policies.

9. International Data Transfers

Because of the potential international nature of our Services, we may need to transfer your personal information to third parties (as noted in section 4 above) who are located outside of the United States, solely in connection with the purposes set out in this policy. For this reason, we may transfer your personal information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located. In such cases, we shall make sure the transfer complies with applicable laws.

10. Children

This website is not directed to and not intended for users under the age of thirteen or otherwise for users that require parental consent to process their personal information ("Age Limit"). We do not knowingly or intentionally collect information from children under the Age Limit. If you are under the Age Limit, you may not use our Services without parental consent.

If you are the parent or guardian of a child under the Age Limit, and you believe your child has provided personal information to us that you would like us to delete, please contact us at legal@roaros.com.

11. Your Data Protection Rights

Depending on your location, you may have additional rights under data protection laws such as GDPR or CCPA, including:

• Right to access your personal information
• Right to correct inaccurate information
• Right to delete your information
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent

You can access your account information and tracked social media data through your RoarOS dashboard at any time. You may remove tracked accounts or request data deletion by contacting us at legal@roaros.com. We aim to address all requests within 14 days, subject to legal obligations.

12. Changes to This Privacy Policy

We may update this privacy policy periodically. If we make material changes, we will update you via a prominent notice on our website, by email, or via the Services. We encourage you to stay up to date about our privacy practices by reviewing this policy periodically. Continued use of our website and Services following notices of changes to this policy indicates your acceptance of such changes.

13. Contact Information

If you have questions or concerns regarding this privacy policy and our privacy practices, including if you want to review, delete, or request updates to your personal information that we process, please contact us:

Email: legal@roaros.com