Privacy Policy

Last updated: March 29, 2026

Tradebooks Pro LLC ("Company," "we," "us," or "our") operates the SplashStreet platform (the "Service"). This Privacy Policy describes how we collect, use, share, and protect your information when you use the Service. By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name, email address, and phone number (from Google Sign-In or Phone OTP authentication)
  • Profile photo (if provided via Google account)
  • Firebase User ID (automatically generated)

1.2 Business Information

When you set up a business, we collect:

  • Business name, type, address, and phone number
  • Business logo (if uploaded)
  • Business owner identity (linked to your account)

1.3 Contact Lists

You may upload or manually enter customer contact information including names, phone numbers, email addresses, and tags. This data is stored solely for the purpose of enabling SMS campaign delivery and is not used by us for any other purpose.

1.4 Campaign Data

We store:

  • Campaign text (promotional copy you write or polish with AI)
  • Visual hints and style preferences you provide
  • AI-generated images created through the Service
  • Campaign delivery results (sent count, delivery status, opt-out count)
  • Short link click data (click timestamp, referring device information)
  • Campaign approval records (approving user's identity, timestamp, campaign image URL, and message text at the time of approval) — retained for compliance and audit purposes

AI-generated images include C2PA metadata (Coalition for Content Provenance and Authenticity) embedded by OpenAI at the point of creation, which identifies them as AI-generated. We do not remove or modify this provenance metadata.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your credit card numbers or bank account details. We receive from Stripe: your Stripe Customer ID, subscription status, billing cycle dates, and invoice history.

1.6 Usage and Analytics Data

We automatically collect:

  • Pages visited and features used within the Service
  • Device type, browser, and operating system
  • IP address and approximate geographic location
  • Date and time of access
  • Referring URL
  • Short link redirect logs (when campaign recipients click tracked links)
  • SMS delivery status callbacks from Twilio

This data is collected through Google Analytics 4 (GA4), server logs, and platform event tracking. It is used to improve the Service, monitor performance, and understand usage patterns.

1.7 Click Tracking Data

When recipients click short links included in your SMS campaigns, we collect:

  • Contact identifier (to associate the click with a campaign recipient)
  • User agent (browser and device information of the person clicking)
  • Click timestamp
  • Redirect destination URL

This data is used to provide you with campaign performance analytics (click-through rates, engagement metrics) and is not shared with third parties.

1.8 Consent and Opt-Out Records

When contacts are enrolled or opt out of messaging, we collect and retain:

  • Consent timestamp (when consent was recorded)
  • Consent method (how consent was obtained, e.g., manual entry, CSV upload)
  • Attestor identity (the user who recorded or uploaded the consent)
  • IP address (when available at the time of consent recording)
  • Opt-out timestamp and method

Consent and opt-out records are maintained indefinitely for compliance with the TCPA and other applicable messaging regulations.

1.9 Trial Data

If you use the Service through a trial offer, we collect:

  • Trial lead information (name, phone number, business details)
  • Trial tokens and codes used for access
  • AI-generated images created during the trial

Trial lead data and tokens are deleted within 30 days after trial expiration. AI-generated images created during trials are retained as Company assets under the same ownership terms described in our Terms of Service Section 4.

1.10 Team Invite Data

When you invite team members to your business account, we temporarily store the invitee's phone number and invitation status until the invite is accepted, declined, or expires.

1.11 Support Ticket Data

When you submit a support request, we store your business identifier, email address, support category, and the description of your issue. This data is used to resolve your inquiry and improve the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your subscription payments and manage your account
  • Generate AI marketing images based on your prompts and preferences
  • Deliver SMS campaigns to your contact lists via Twilio
  • Send you transactional notifications (account confirmation, billing receipts, service alerts)
  • Process and respond to support tickets
  • Process trial registrations and provide trial access
  • Track campaign performance through short link click analytics
  • Monitor for abuse, fraud, and Terms of Service violations
  • Analyze usage patterns to improve features and user experience
  • Maintain consent and opt-out records for legal compliance
  • Respond to your support requests and inquiries

3. Third-Party Service Providers

We share your data with the following third-party processors, solely for the purposes of operating the Service:

Provider Purpose Data Shared
Google Cloud / Firebase Authentication, database, file storage, hosting All application data
Stripe Payment processing, subscription management Email, payment method, billing details
Twilio SMS delivery, phone number provisioning Contact phone numbers, message content
OpenAI AI image generation, text polishing Business name, promo text, visual hints
SendGrid (Twilio) Email delivery — support tickets, trial notifications Email address, ticket/notification content
Google Analytics Website and app analytics Anonymous usage data, IP address

Important: Contact phone numbers and personal information from your contact lists are transmitted to Twilio solely for SMS delivery. This data is not shared with OpenAI, Google Analytics, SendGrid, or any other third party. OpenAI receives only business name, promotional text, and visual hints — never customer contact information.

Per OpenAI's current API terms, data submitted through the API is not used to train their models.

4. Data We Do NOT Collect or Share

  • We do not sell your personal information to third parties
  • We do not sell or share your customer contact lists with any third party
  • We do not store credit card numbers (handled entirely by Stripe)
  • We do not use your contact lists for our own marketing purposes
  • We do not share your data with advertisers

5. Cookies and Tracking Technologies

We use the following technologies:

  • Authentication Cookies: Firebase Auth uses cookies and local storage to maintain your login session. These are essential for the Service to function.
  • Analytics Cookies: Google Analytics 4 uses cookies to collect anonymous usage data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Local Storage: We use browser local storage to save user preferences (such as selected plan during signup).

6. Data Retention

  • Active Accounts: Your data is retained for as long as your account is active and your subscription is current.
  • After Cancellation: Your business data (profile, contacts, campaigns, customer-facing image library) is retained for 30 calendar days after the end of your billing period. You may download your images during this period.
  • AI-Generated Images: All AI-generated images are Company assets owned by Tradebooks Pro LLC (see Terms of Service Section 4). Images are retained at the Company's sole discretion for platform improvement, style library curation, and marketing purposes. Your perpetual license to use downloaded images survives cancellation.
  • Cost Logs: SMS cost and billing data (per-message cost, recipient phone number) is retained for 24 months for billing reconciliation and dispute resolution.
  • Click Tracking Data: Short link click data (contact identifier, user agent, timestamp, redirect URL) is retained for 12 months.
  • Consent and Opt-Out Records: Consent records (timestamp, method, attestor, IP) and opt-out records are retained indefinitely for TCPA compliance and legal defense purposes.
  • SMS Delivery Logs: Message delivery status and timestamps are recorded as part of cost log entries and retained for 24 months alongside associated billing data.
  • Trial Data: Trial lead information and tokens are deleted within 30 days after trial expiration. AI-generated images from trials are retained as Company assets.
  • Sent Campaign Records: Campaign text and delivery logs older than 30 days may be automatically cleaned up. Campaign metadata (dates, counts) is retained for reporting.

7. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS/HTTPS
  • Data at rest is encrypted using Google Cloud's default encryption
  • API access requires Firebase authentication tokens
  • Stripe webhook signatures are validated to prevent tampering
  • Twilio webhook signatures are validated for SMS integrity
  • API keys and secrets are stored in Google Cloud Secret Manager
  • Administrative access requires explicit authorization flags on user accounts

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

8.1 All Users

  • Access: You can view all your data within the app (business profile, contacts, campaigns, images)
  • Correction: You can update your account and business information at any time
  • Deletion: You can cancel your subscription. After the 30-day retention period, business data is automatically deleted. For full account deletion, contact us.
  • Data Export: You can export contacts as CSV and download images using the bulk download feature

8.2 Controller and Processor Roles

For the purposes of applicable data protection laws:

  • Controller: Tradebooks Pro LLC acts as a data controller for business client data (your account information, business profile, billing data, and usage analytics).
  • Processor: Tradebooks Pro LLC acts as a data processor for end-recipient contact data that you upload and manage through the Service. You, as the business client, are the controller of your customers' contact information and are responsible for having a lawful basis to process that data.

A Data Processing Addendum (DPA) is available upon request. Contact privacy@tradebookspro.com to request a copy.

8.3 European Union Residents (GDPR)

If you are a resident of the European Union, you have additional rights under GDPR:

  • Legal Basis: We process your data under legitimate interest (to provide the Service you subscribed to) and contractual necessity
  • Right to Erasure: You may request complete deletion of your personal data by contacting us
  • Right to Portability: You may request a copy of your data in a machine-readable format
  • Right to Object: You may object to processing of your data for analytics purposes

8.4 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the email below.

9. International Data Transfers

All data collected through the Service is stored on Google Cloud servers located in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your data to the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with data transfer restrictions, please be aware that US data protection laws may differ from those in your jurisdiction. We rely on standard contractual clauses and other appropriate safeguards where applicable.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Tradebooks Pro LLC
Email: privacy@tradebookspro.com