Last Updated: February 12, 2026
This Privacy Policy explains how CustomerLabs Inc ("CustomerLabs," "we," "us") collects, uses, discloses, and protects personal information when you visit our websites, interact with our marketing, create an account, or use our Services in your capacity as a customer, prospect, or authorized user.
If you are an end user, visitor, lead, or customer of one of our customers and your data is processed through our Services on their behalf, the relevant customer is the controller of that data and their privacy notice applies. In that context, CustomerLabs acts as a processor or service provider and processes Customer Data under the applicable Data Processing Addendum (DPA) and related agreements with that customer.
This Privacy Policy is designed to meet our obligations under applicable data protection and privacy laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable US state privacy laws.
We may update this Privacy Policy from time to time. The Last Updated date at the top indicates when it was most recently revised.
Controller: CustomerLabs Inc is the controller responsible for personal data described in this Privacy Policy.
Privacy contact: support@customerlabs.co
DPA and data processing inquiries: support@customerlabs.co
Postal address: CustomerLabs Inc, 651 N Broad St, Ste 206, Middletown, Delaware 19709, USA
You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in your jurisdiction. We would appreciate the chance to address your concerns first, so please contact us at support@customerlabs.co.
This Privacy Policy applies to personal information that CustomerLabs processes as a controller, including:
This Privacy Policy does not replace the Data Processing Addendum that applies when CustomerLabs processes Customer Data on behalf of a customer in a processor role. If your request relates to Customer Data processed through our Services on behalf of one of our customers, please contact that customer directly.
Depending on how you interact with us, we may collect the following categories:
We do not intend to collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) through our public website forms or marketing intake. Please do not provide sensitive personal information in general inquiries.
Our Services may be used by certain customers to process sensitive data, including health data, and in some cases protected health information (PHI). Where HIPAA applies, CustomerLabs processes PHI as a business associate under the HIPAA Business Associate Agreement terms included in the DPA (Annex F). Processing of Customer Data within the Services on behalf of a customer is governed by the customer agreement and DPA. We do not request PHI through our website contact forms and you should not include PHI in general inquiries or emails.
We use personal information only when the law allows us to. The table below sets out our purposes and the corresponding legal basis for each, as required under GDPR and other applicable laws.
| Purpose | Legal Basis |
|---|---|
| Register you as a customer; provide and manage your account and the Services | Performance of a contract |
| Process billing, payments, and contract administration | Performance of a contract; legal obligation (tax/accounting) |
| Provide customer support and manage our relationship with you | Performance of a contract; legitimate interests (service quality) |
| Send service communications (updates, security alerts, policy changes) | Performance of a contract; legal obligation |
| Send marketing communications and measure campaign effectiveness | Consent; or legitimate interests (existing customers, where permitted) |
| Improve the performance, reliability, functionality, and security of our websites and Services | Legitimate interests (product improvement, security) |
| Analytics and business intelligence (understanding usage patterns) | Legitimate interests (understanding our users, improving our business) |
| Security, fraud prevention, and abuse detection | Legitimate interests (protecting our business and users); legal obligation |
| Comply with legal and regulatory obligations | Legal obligation |
Where we rely on legitimate interests, we balance our interests against your rights and freedoms and do not use this basis where your rights override. Where we rely on consent (such as for certain marketing or non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
CustomerLabs may use automated processing, including rules-based and machine-assisted techniques, on our websites and within the Services for purposes such as analytics, fraud prevention, and service optimization. We do not use personal data collected through our website to train general-purpose machine learning or AI models made available to third parties. We do not engage in automated decision-making that produces legal or similarly significant effects on individuals based solely on automated processing.
You can opt out of marketing emails at any time by using the unsubscribe link in our emails or by contacting us at support@customerlabs.co. You may still receive non-marketing communications such as billing and service notices.
We do not sell your personal information as defined under applicable law. For details on how we share personal information with advertising and analytics partners (including cross-context behavioral advertising) and how to opt out, see Section 8 and Sections 12 and 13.
We use cookies and similar technologies (pixels, web beacons, local storage) to operate our websites, remember preferences, understand usage, and measure our marketing. We use the following categories:
Where required by applicable law, we present a cookie consent banner or preferences tool that allows you to accept or reject non-essential cookies. You can change your preferences at any time through our cookie settings (where available) or your browser settings. Disabling cookies may affect site functionality.
We may disclose personal information to:
We may share limited information with analytics and advertising partners to measure and promote our Services, including in ways that may be considered "sharing" for cross-context behavioral advertising under the CCPA/CPRA. Where required by applicable law, we provide the ability to opt out of such sharing, including by honoring Global Privacy Control (GPC) signals as described in Section 13. We require these partners to respect the security of your personal information and to process it in accordance with applicable law and contractual restrictions.
CustomerLabs Inc is based in the United States. Your personal information may be processed in the US and other jurisdictions where we and our service providers operate, including India. Whenever we transfer personal data out of the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place:
CustomerLabs is not currently certified under the EU-US Data Privacy Framework and does not rely on it as a transfer mechanism unless and until we are certified and explicitly state so in an updated policy.
For more information about our transfer safeguards, contact support@customerlabs.co or refer to our DPA (Annex B).
We maintain technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These include encryption in transit (TLS 1.2 or higher), encryption at rest using cloud provider managed encryption, role-based access controls, audit logging, and security awareness training for our personnel.
No method of transmission or storage is fully secure. We work to maintain appropriate safeguards but cannot guarantee absolute security.
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to comply with legal, accounting, and reporting requirements. General retention guidelines:
Customer Data processed on behalf of customers is retained as described in the DPA and customer instructions. In some circumstances we may anonymize personal data so that it can no longer be associated with you, in which case we may use such data without further notice.
If you are located in the EEA or the United Kingdom, you have the following rights under GDPR and UK GDPR:
If you are a resident of California, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, you may have the following additional rights depending on your state:
In the preceding 12 months, we have collected the categories of personal information described in Section 3 for the business purposes described in Section 5. We do not sell personal information as defined by the CCPA/CPRA. We may share certain personal information for cross-context behavioral advertising to measure and promote our Services. The categories of personal information we may share for this purpose include identifiers (such as online identifiers) and internet or other electronic network activity information. The categories of third parties with whom we may share include advertising networks and analytics providers. You can opt out of sharing by contacting us at support@customerlabs.co and, where available, using our cookie preferences tool. We also honor GPC signals where required by law (Section 13). We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. Authorized agents may submit requests on your behalf, subject to verification.
To exercise any of the rights above, contact us at support@customerlabs.co. We will respond within one month for GDPR/UK requests (extendable by two months for complex requests) and within 45 days for US state law requests (extendable by an additional 45 days where permitted). We may need to verify your identity before fulfilling your request. There is generally no fee, but we may charge a reasonable fee for manifestly unfounded or excessive requests. You may also designate an authorized agent to submit a request on your behalf where permitted by applicable law, subject to verification.
If your request relates to Customer Data processed through our Services on behalf of one of our customers, please contact that customer directly. We will assist our customers in responding to such requests as required by law and our agreements.
Some browsers transmit "Do Not Track" (DNT) signals. There is currently no uniform standard for responding to DNT, and we do not currently respond to DNT signals.
We honor Global Privacy Control (GPC) signals where required by applicable law. If we detect a GPC signal from your browser, we will treat it as a valid request to opt out of the sale or sharing of your personal data for that browser or device, to the extent applicable under US state privacy laws.
Our websites and Services are not intended for children under the age of 16 and we do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data.
Our websites may include links to third-party websites and services. Their privacy practices are governed by their own policies. We encourage you to review them before providing personal information.
If you are a CustomerLabs customer, the processing of your end users' data through our platform is governed by our Data Processing Addendum (DPA), which covers GDPR, UK GDPR, Swiss FADP, US state privacy laws, HIPAA (Annex F), international transfer mechanisms (EU SCCs and UK Addendum), technical and organizational security measures, subprocessor obligations, and data subject rights assistance. The DPA is incorporated into our Terms of Service by reference and is available in the Services and/or upon request.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Services. If changes are material, we will provide notice by posting the revised policy on our website with an updated Last Updated date and, where required by law, by email or through the Services. Your continued use of our website or Services after a change constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data:
Privacy inquiries: support@customerlabs.co
DPA and data processing: support@customerlabs.co
Postal address: CustomerLabs Inc, 651 N Broad St, Ste 206, Middletown, Delaware 19709, USA