Privacy Policy

Introduction

NightOwl ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (https://nightowl-24.polsia.app) and services.

By using NightOwl, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

When you interact with NightOwl, we may collect the following information:

• Waitlist Form: Name, email address, and company name when you join our early access waitlist
• Campaign Setup: Target industry, role, company size, location, and your value proposition when configuring outreach campaigns
• Prospect Information: Contact details you provide for outreach purposes (names, email addresses, company information, LinkedIn URLs, and custom notes)

1.2 Automatically Collected Information

We automatically collect certain information when you visit our website:

• Page Views: Pages visited, referrer URLs, and session identifiers
• Analytics Data: UTM parameters from marketing campaigns (utm_source, utm_medium, utm_campaign, utm_content, utm_term)
• Technical Information: Hashed IP addresses (for privacy), user agent strings, and browser information
• Email Open Tracking: Email open events via tracking pixels, including hashed IP addresses and user agents when recipients open emails sent through our platform

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide AI-powered cold outreach services, including prospect research, email generation, and campaign management
• Email Outreach: To send personalized outreach emails on your behalf to prospects you've identified
• Analytics & Optimization: To track campaign performance, email open rates, page views, and conversion metrics
• Communication: To respond to inquiries, send service updates, and notify waitlist members when early access becomes available
• Product Improvement: To analyze usage patterns, improve our AI models, and enhance service quality
• Legal Compliance: To comply with applicable laws and regulations

3. Email Outreach Practices

3.1 Outbound Emails

NightOwl sends emails on behalf of our customers to prospects they identify. These emails:

• Are generated using AI to create personalized, relevant outreach messages
• Include tracking pixels to monitor open rates and engagement
• Contain clear sender identification (branded as "NightOwl" or your configured company name)
• Include standard unsubscribe mechanisms as required by anti-spam laws

3.2 Tracking Pixels

Emails sent through NightOwl include a 1x1 transparent tracking pixel (invisible GIF image). When a recipient opens an email, this pixel:

• Sends a request to our servers to log the open event
• Records a hashed IP address and user agent for deduplication
• Updates the prospect's status to "opened" in our system
• Does NOT collect personally identifiable information beyond email open confirmation

Recipients can disable tracking by blocking images in their email client or using email privacy tools.

3.3 Inbound Replies

When prospects reply to outreach emails, we:

• Automatically update the prospect's status to "replied"
• Log the reply event for activity tracking
• Forward the reply to the appropriate campaign owner
• Store reply metadata (subject, sender, timestamp) but not full message content by default

3.4 Gmail Account Connection (Optional)

NightOwl offers an optional Gmail integration that allows outreach emails to be sent directly from your personal or business Gmail account, and for prospect replies to be read from your inbox. This section explains exactly what we access and how we protect your credentials.

What We Access

• Gmail Send permission (gmail.send): To send outreach emails on your behalf from your Gmail address
• Gmail Read permission (gmail.readonly): To read replies from prospects in your inbox so NightOwl can update campaign status
• Email address (userinfo.email): To confirm which Gmail account was connected and display it in your settings

We do not read, store, scan, or process any other email content in your Gmail account beyond outreach-related replies.

How We Store Your Gmail Credentials

• Encryption: Your OAuth access and refresh tokens are encrypted using AES-256-GCM with a unique initialization vector before being stored in our database. The encryption key is never stored alongside the tokens.
• Isolation: Your tokens are stored in a dedicated table with strict per-account access controls. One customer's credentials cannot be accessed by another customer's account.
• No plaintext storage: We never store your Gmail password. We use Google's OAuth 2.0 protocol — NightOwl never sees your password at any point.

Data Retention for Gmail Tokens

• OAuth tokens are retained for the duration of your active connection
• When you disconnect your Gmail account (via Settings → Email Connection → Disconnect), your tokens are immediately revoked with Google and deleted from our database
• Expired or revoked tokens that have not been used for 90 days are automatically purged from our systems
• On account closure, all Gmail tokens are revoked and deleted within 7 days

How to Revoke Access

You can revoke NightOwl's Gmail access at any time through either of these methods:

• In-app: Go to Settings → Email Connection → click "Disconnect" — this immediately revokes tokens with Google and removes them from our database
• Google Account settings: Visit myaccount.google.com/permissions and revoke NightOwl's access

4. Data Storage and Retention

4.1 Where We Store Data

Your data is stored securely in:

• PostgreSQL Database: Hosted on Neon (a secure, cloud-based database provider)
• Geographic Location: United States data centers with encryption in transit (TLS) and at rest

4.2 How Long We Keep Data

• Waitlist Data: Retained until you request deletion or until 12 months after we fulfill your early access request
• Campaign & Prospect Data: Retained for the duration of your active subscription, plus 90 days after account closure for analytics and dispute resolution
• Analytics Data: Page view and email tracking data retained for 24 months
• Gmail OAuth Tokens: Retained while your Gmail account is connected; automatically purged on disconnect or after 90 days of non-use if expired/revoked
• Logs: Server logs retained for 90 days for security and debugging purposes

4.3 Data Deletion

You can request deletion of your data at any time by contacting us at nightowlapp@googlegroups.com. We will delete your data within 30 days, except where retention is required by law.

5. Data Sharing and Disclosure

We do NOT sell your personal information to third parties. We may share your data only in the following circumstances:

• Service Providers: With trusted third-party services that help us operate NightOwl (e.g., database hosting, email delivery, analytics). These providers are contractually obligated to protect your data.
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: If NightOwl is acquired or merges with another company, your data may be transferred to the new entity
• With Your Consent: When you explicitly authorize us to share your information

6. Cookies and Tracking Technologies

NightOwl uses the following tracking technologies:

• Session Storage: Stores UTM parameters for attribution tracking (cleared when browser session ends)
• Local Storage: Stores a unique visitor ID for analytics purposes (persists across sessions)
• Tracking Pixels: Embedded in emails and web pages to track opens and page views

You can disable these technologies through your browser settings, but some features may not work properly without them.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing emails or request we stop processing your data
• Data Portability: Request your data in a machine-readable format
• Object to Processing: Object to certain types of data processing (e.g., marketing)

To exercise any of these rights, contact us at nightowlapp@googlegroups.com. We will respond within 30 days.

8. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: TLS encryption for all data transmitted to/from our servers
• Database Security: Encrypted connections to our PostgreSQL database with access controls
• IP Hashing: IP addresses are hashed using SHA-256 before storage
• Access Controls: Limited access to personal data by authorized personnel only
• Regular Audits: Periodic security reviews and vulnerability assessments

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Bot Traffic Filtering

To ensure accurate analytics, we automatically filter traffic from bots, crawlers, and automated tools. This includes:

• Search engine crawlers (Google, Bing, etc.)
• Social media preview bots (Facebook, Twitter, LinkedIn)
• Monitoring services (Pingdom, UptimeRobot)
• AI crawlers (GPT-Bot, Claude-Bot, etc.)

Bot traffic is excluded from page view analytics and does not trigger email tracking events.

10. Children's Privacy

NightOwl is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last updated" date at the top of this page
• Significant changes will be communicated via email to registered users
• Continued use of NightOwl after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: