Privacy Policy

Last updated October 24, 2025

This Privacy Policy applies to So What Labs Ltd (“So What Labs”, “we”, “our”, or “us”) and all products, modules, and applications offered through the So What Labs Platform (collectively, the “Services”).
These Services currently include multiple applications such as analytics, advertising optimisation, insights, and marketing intelligence tools, and may expand over time.
By creating an account or using any app or module within the So What Labs Platform, you acknowledge that this Privacy Policy applies to your use of all such Services.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@sowhatlabs.com.

Google API Services Usage Disclosure

So What Labs’ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Limited Use

Our app strictly complies with all conditions specified in the limited use policy of Google.

  • Do not allow humans to read the user’s data unless you have obtained the user’s affirmative agreement to view specific messages, files, or other data.
  • Do not use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
  • Limit your use of data to providing or improving user-facing features that are prominent in the requesting application’s user interface. All other uses of the data are prohibited;
  • Only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface.

Data Sharing with AI Models

We use AI and machine-learning technologies within the So What Labs Platform to generate insights, summaries, and recommendations.
These models never access, retain, or train on Google user data.
Data obtained from Google APIs (such as Google Analytics 4, Google Ads, or Google Search Console) is processed only within our platform to deliver the analytics, insights, and reports that you specifically request.

Any AI-powered language-processing features operate on aggregated and anonymised analytical data, and no data is shared externally for model training or retention.

We do not sell or transfer Google user data, and we delete or anonymise it within 30 days after account deletion or disconnection.

These practices are designed to ensure compliance with the Google API Services User Data Policy (including the Limited Use requirements) and other applicable privacy and data-protection regulations.

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal and business information that you provide to us directly, as well as marketing-platform data that you authorise us to access.

We collect personal information that you voluntarily provide to us when you register on the So What Labs Platform, use any of our apps, express an interest in obtaining information about us or our Services, participate in activities on the Platform, or otherwise contact us.

Personal Information Provided by You

The personal information we collect depends on the context of your interactions with us and the specific apps or modules you use. This information may include:

  • Names

  • Email addresses

  • Phone numbers

  • Usernames and passwords

  • Company name and role (if applicable)

  • Billing addresses

  • Payment details (handled by our payment processor)

Connected Marketing and E-Commerce Account Data

When you choose to connect third-party marketing, advertising, or e-commerce accounts to the So What Labs Platform—such as Google Analytics, Google Ads, Google Search Console, Shopify, Facebook, LinkedIn, or other supported integrations—we collect certain data from those services via their official APIs.
This may include campaign metrics, traffic data, conversion information, advertising spend, impressions, clicks, and other analytics data necessary to deliver our analytics, insights, and optimisation features.

We only access this information after you grant explicit authorisation within the Platform, and we use it solely to provide analytics and insights.

You may disconnect these integrations at any time from within your account settings.

Sensitive Information

We do not intentionally collect or process sensitive personal information (such as health, biometric, or religious data).

Payment Data

If you make purchases or subscribe to paid plans, we may collect information necessary to process your payment, such as payment instrument type and transaction reference.
All payment data is securely handled and stored by Stripe. You can view Stripe’s privacy policy here: https://stripe.com/gb/privacy.

Social Media Login Data

We may give you the option to register or log in using your existing social-media account (e.g., Facebook, LinkedIn, Google).
If you choose to do so, we will receive information as described in the section titled “HOW DO WE HANDLE YOUR SOCIAL LOGINS?”

All personal information you provide must be true, complete, and accurate. Please notify us promptly of any changes.

Information automatically collected

In Short: We automatically collect certain device, usage, and analytics information when you use the So What Labs Platform.

When you access or navigate the Platform, we automatically collect limited technical information that does not directly identify you. This includes data about how and when you use the Platform, which helps us maintain security, improve performance, and understand usage patterns across our apps.

The information we collect may include:

  • Device and browser information (such as IP address, device type, operating system, language settings, and browser version)

  • Log and usage data (such as time stamps, app features used, pages viewed, search queries, and diagnostic logs)

  • Location data (approximate geographic region inferred from your IP address)

  • Analytics and performance data gathered via cookies and similar technologies

We also use cookies and similar tracking technologies to analyse traffic and personalise your experience.
You can learn more about how we use these technologies in our Cookie Notice.

Data collected through analytics and cloud infrastructure

In Short: Some analytics data from connected accounts is stored securely in Google BigQuery, part of Google Cloud Platform.

When you connect external accounts, their authorised data is imported into our secure analytics environment and stored in Google BigQuery.
This allows us to deliver advanced analytics, trend analysis, and AI-powered insights across your connected platforms.
All such data is encrypted in transit and at rest, accessible only to authorised So What Labs engineers, and used solely for your analytics and reporting purposes.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. 

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfil and manage your orders. We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the Services.
  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see ‘ WHAT ARE YOUR PRIVACY RIGHTS? ‘ below.
  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
  • To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
  • To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We process your information only when we have a lawful basis to do so — for example, when it’s needed to provide our Services, when you’ve given consent (such as connecting a marketing account), when we must comply with law, or when it’s necessary for our legitimate business interests.

If you are located in the EU or UK

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases on which we rely to process your personal information. Depending on the context, we may rely on one or more of the following:

1. Consent

We rely on your consent when you:

  • Connect or authorise a third-party marketing, analytics, or e-commerce account (e.g., Google Analytics, Google Ads, Shopify, Facebook, LinkedIn) to the So What Labs Platform.

  • Allow us to access and analyse data from those external accounts.

  • Opt in to receive marketing communications or AI-powered recommendations.

You may withdraw your consent at any time from within your account settings or by contacting us. Withdrawal will not affect processing already carried out.

2. Performance of a Contract

We process your information where it is necessary to perform our contractual obligations to you — for example:

  • To create and maintain your So What Labs account;

  • To deliver analytics, dashboards, and insights from your connected data sources;

  • To provide customer support and billing.

3. Legitimate Interests

We may process personal data when it is necessary for our legitimate business interests and those interests do not override your fundamental rights and freedoms. These include:

  • Operating, maintaining, and improving the multi-app So What Labs Platform;

  • Performing aggregated or anonymised analytics to improve our user-facing features and services.

  • Securing our infrastructure (including BigQuery-based systems) and preventing fraud or abuse;

  • Understanding how users interact with our apps to improve user experience;

  • Communicating relevant product updates and offers.

Whenever we rely on legitimate interests, we perform a balancing test to ensure your privacy rights are not disproportionately affected.

4. Legal Obligations

We may process personal data where it is necessary to comply with legal or regulatory duties — for example, responding to lawful requests from public authorities, maintaining financial records, or fulfilling tax, accounting, or audit requirements.

5. Vital Interests

We may process information when necessary to protect your vital interests or those of another person, such as in emergencies involving potential threats to life or safety.

If you are located in Canada

We process your personal information under express or implied consent, depending on the situation. You may withdraw consent at any time.

In exceptional cases, applicable law may allow processing without consent, including (for example):

  • Where collection is clearly in the individual’s interests and consent cannot be obtained in time;

  • For investigations, fraud detection, or security incidents;

  • For business-transaction due-diligence, subject to legal safeguards;

  • To comply with court orders, subpoenas, or legal proceedings; or

  • Where the information is publicly available and permitted by regulation.

6. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share personal information only when it’s necessary to operate our Services, comply with the law, or complete a business transaction — and always under appropriate safeguards.

We may share your personal information in the following situations:

a. Service Providers and Sub-Processors

We work with a limited number of trusted third-party providers who perform services on our behalf, such as data hosting, analytics, payment processing, customer support, and AI-powered language interpretation.
These providers are bound by contractual obligations to keep your data secure, use it only for the agreed purposes, and comply with applicable privacy laws.
Our current key subprocessors include:

Processor / Partner Purpose Data Location
Google Cloud Platform (BigQuery) Secure cloud storage and analytics infrastructure for connected marketing data UK/EU/US
Stripe Payment processing for subscriptions and transactions Global
OpenAI and affiliated AI model providers Natural-language interpretation and insights generation (Only aggregated and anonymised data is used for language processing features. Google API data is never shared with these providers.) US
Other authorised vendors Platform hosting, communications, and technical support Various

b. Third-Party Integrations Authorised by You

When you connect external accounts (such as Google Analytics, Google Ads, Shopify, Facebook, or LinkedIn) to your So What Labs account, we access data from those platforms only with your explicit consent and through their official APIs.
We do not share your connected-account data back to those providers or with any unauthorised third party.

c. Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of So What Labs Ltd by another entity.
If such a change occurs, we will ensure your personal data continues to be protected in line with this Privacy Policy.

d. Legal Requirements and Protection of Rights

We may disclose information if required by law, regulation, or court order, or when necessary to:

  • Respond to lawful requests by public authorities;

  • Enforce our agreements or policies;

  • Protect the rights, property, or safety of So What Labs, our users, or others.

e. Aggregated or Anonymised Data

We may share aggregated or anonymised analytics for research or benchmarking. This information cannot reasonably be used to identify you.

7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Yes — we use cookies and similar technologies to operate our Services, analyse usage, and enhance user experience.

We and our partners may use cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to collect or store information when you interact with the So What Labs Platform.
These technologies help us to:

  • Maintain and secure your login session;

  • Measure traffic and usage across different So What Labs apps;

  • Understand performance and improve our Services; and

  • Provide personalised experiences where you have consented.

You can learn more about the categories of cookies we use and how to manage or refuse them in our Cookie Notice.

8. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in using a social-media account, we receive limited profile information to verify your identity and create your So What Labs account.

Our Platform allows you to register or sign in using third-party social-media credentials (for example, Facebook, Google, or LinkedIn).
When you do so, the social-media provider will share certain information with us so that we can authenticate your login. The exact data depends on the provider and your privacy settings, but may include your name, email address, profile picture, and other public-profile fields you authorise.

We use this information only for:

  • creating or linking your So What Labs account;

  • verifying your identity and allowing secure access to our Services; and

  • personalising your user profile where appropriate.

We do not post on your behalf or access your social-media contacts, activity, or messages.
We recommend reviewing your social-media provider’s privacy notice to understand how they collect, use, and share your information, and to adjust your privacy settings as you prefer.

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information only for as long as necessary to deliver our Services, comply with legal requirements, or resolve disputes — and we delete it within 30 days after your account is closed or a connected service is disconnected.

Data from connected third-party marketing/ecommerce accounts (including Google API-based properties) will be deleted or anonymised within 30 days after the user disconnects the account or deletes their So What Labs account.
This includes both the information you provide directly and the data imported from connected marketing or e-commerce accounts (for example, Google Analytics, Google Ads, Shopify, Facebook, LinkedIn).

Specific retention practices

  • Account Data: Retained for the duration of your account. When you delete or close your account, all associated personal information is permanently deleted or anonymised within 30 days, unless a longer period is required by law (for example, for tax, billing, or fraud-prevention purposes).

  • Connected-Account Data: Retained only while the integration remains active. If you disconnect a linked account, all data imported from that service is deleted or anonymised within 30 days of disconnection.

  • Analytics and BigQuery Storage: Data stored in Google BigQuery is encrypted in transit and at rest, periodically reviewed, and purged or anonymised once it is no longer needed for analytics, reporting, or AI-driven insights.

  • Backups: Archived copies are automatically purged after their backup-retention cycle ends. During this period, they are isolated from all active systems and not used for any processing.

After the 30-day post-deletion period, all remaining personal and connected-account data are permanently removed from our active systems and backup archives.
If immediate deletion is not technically feasible, the data is securely isolated and retained solely for legal or compliance purposes until deletion becomes possible.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We protect your information using a combination of administrative, technical, and physical safeguards, including encryption and secure cloud infrastructure.

We maintain appropriate and reasonable organisational and technical security measures to protect any personal information we process.
These measures include:

  • Encryption in transit and at rest for all customer data stored in Google Cloud BigQuery and other systems;

  • Multi-factor authentication (MFA) and least-privilege access controls for all internal systems;

  • Regular security reviews, logging, and monitoring of access to cloud environments;

  • Data isolation between customer accounts; and

  • Secure development and deployment practices consistent with modern cloud-security standards.

All third-party service providers (including Google Cloud Platform, Stripe, and OpenAI) are required to implement comparable security safeguards and comply with applicable privacy regulations.

Despite our efforts, no electronic transmission or storage technology can be guaranteed to be 100% secure.
While we continually work to strengthen our protections, we cannot guarantee that unauthorised third parties will never defeat our security measures.
You should access the So What Labs Platform only through secure networks and take appropriate precautions to protect your account credentials.

11. DO WE COLLECT INFORMATION FROM MINORS?

In Short: No. Our Services are intended for users aged 18 and older.

We do not knowingly collect personal data from, or market to, children under 18 years of age.
By using the So What Labs Platform, you represent that you are at least 18 years old or are the parent or legal guardian of a minor who is permitted to use the Services under your supervision.

If we become aware that we have collected personal information from a user under 18 without verifiable parental consent, we will deactivate the account and delete the data promptly.
If you believe a child under 18 has provided information to us, please contact us at support@sowhatlabs.com so we can take appropriate action.

12. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In certain regions, such as the European Economic Area (EEA), United Kingdom (UK), and Canada, you have rights that give you greater control over your personal information. You can review, modify, disconnect linked accounts, or close your So What Labs account at any time.

Regional privacy rights

In some regions (including the EEA, UK, and Canada), you have specific rights under applicable data-protection laws. These may include the right to:

  • Access — request a copy of the personal information we hold about you;

  • Rectify — correct inaccurate or incomplete data;

  • Erase — request deletion of your data (“right to be forgotten”);

  • Restrict processing — limit how we use your information;

  • Data portability — receive your data in a structured, commonly used format;

  • Object — object to processing based on legitimate interests; and

  • Withdraw consent — revoke any consent you have given (for example, for connected-account access or marketing emails).

You can make a rights request by contacting us using the details in “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
We will respond in accordance with applicable data-protection law.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data-protection authority or the UK Information Commissioner’s Office (ICO).
If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing consent

If we rely on your consent to process your information — for example, when you connect external marketing or e-commerce accounts (Google Analytics, Google Ads, Shopify, Facebook, LinkedIn) — you can withdraw that consent at any time by disconnecting those integrations in your account settings or by contacting us.
This will stop new data collection, and existing connected-account data will be deleted or anonymised in accordance with our retention policy.
Withdrawal does not affect processing that occurred before the withdrawal date or any processing based on other lawful grounds.

Opting out of marketing

You can unsubscribe from marketing or promotional communications at any time by using the “unsubscribe” link in our emails or by contacting us.
We may still send you essential, non-marketing messages (e.g., billing or service notifications).

Account information

To review, modify, or delete your So What Labs account information:

  • Log in to your account settings to update or disconnect connected services.

  • Submit a request for account closure if you wish to terminate your account.

Upon termination, we deactivate or delete your account and remove data from active systems. Some information may be retained in backups or for legitimate business or legal purposes (e.g., fraud prevention, billing, or recordkeeping) and will be securely deleted once no longer required.

Cookies and similar technologies

Most browsers accept cookies by default. You can usually set your browser to delete or reject cookies, though this may affect certain features of the So What Labs Platform.
For details on managing cookies or opting out of interest-based advertising, see our Cookie Notice.

If you have questions or wish to exercise any privacy rights, please contact us at support@sowhatlabs.com.

13. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems or applications include a Do-Not-Track (DNT) setting that allows you to signal your preference not to have certain data about your online browsing activities monitored or collected.
At present, no uniform technology standard for recognising or responding to DNT signals has been established, and therefore the So What Labs Platform does not currently respond to DNT browser signals or other automated mechanisms that communicate such preferences.

We respect your privacy choices through the tools we do provide — such as cookie-management options and consent settings described in our Cookie Notice.
If an industry or legal standard for online tracking is later adopted that we are required to follow, we will update this Privacy Policy to reflect our practices accordingly.

12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), regarding how we collect, use, and disclose your personal information.

Your rights under California law

California residents have the right to:

  • Know what categories and specific pieces of personal information we collect, use, disclose, or share;

  • Request deletion of personal information we hold about you, subject to certain exceptions;

  • Correct inaccurate personal information;

  • Opt out of the “sale” or “sharing” of personal information (we currently do not sell or share personal information for advertising purposes);

  • Limit use and disclosure of sensitive personal information (we do not process sensitive personal information for purposes other than those permitted by law); and

  • Be free from discrimination for exercising any of these rights.

You may exercise these rights by emailing support@sowhatlabs.com or using the contact information at the bottom of this notice.
If you use an authorised agent to submit a request, we may require proof of authorisation before acting on it.

Categories of personal information we collect

In the past twelve (12) months, we have collected the following categories of personal information:

Category Examples Collected
A. Identifiers Name, alias, postal address, telephone number, unique identifier, IP address, email address, account name YES
B. Customer Records Information Billing information and limited payment details (via Stripe) YES
C. Protected Classifications Gender, date of birth NO
D. Commercial Information Transaction history, subscription plan details YES
E. Biometric Information Fingerprints, voiceprints NO
F. Internet/Network Activity Browsing history, usage metrics, log data, analytics data collected through our Platform YES
G. Geolocation Data Approximate device location (IP-based) YES
H. Audio/Visual Data Support calls or recorded demos (if applicable) NO
I. Professional or Employment Data Business contact details (for B2B users) YES
J. Education Data Student or academic records NO
K. Inferences Aggregate analytics or preferences derived from usage data YES
L. Sensitive Personal Information None collected or processed for unrelated purposes NO

We also collect marketing and analytics data that you authorise through integrations with Google Analytics, Google Ads, Shopify, Facebook, LinkedIn, and similar services.
Such connected-account data is used only to provide analytics and insights and is stored securely in Google Cloud (BigQuery).

We do not sell or share personal information for cross-context behavioural advertising.
Any disclosures to our service providers (for example, Google Cloud, Stripe, and OpenAI) are governed by written contracts requiring them to use the data solely to perform services on our behalf.

How long we retain your information

We retain the categories of information listed above as long as reasonably necessary to provide our Services and for legitimate business or legal purposes.
For example:

  • Category A/B data – for the duration of your account;

  • Connected-account data – only while the integration is active;

  • Logs/analytics – for system security and performance monitoring before anonymisation.

Verification process

Before responding to a request, we will verify your identity by matching information you provide with data already in our records (for example, name, email, or account credentials).
Any additional information collected for verification is used only for that purpose and deleted once verification is complete.

Other California rights

  • Shine the Light: California Civil Code § 1798.83 allows residents to request details of any personal information disclosed to third parties for direct marketing. We do not share personal data for that purpose.

  • Minors: If you are under 18, reside in California, and have a registered account, you may request removal of any content you have publicly posted. We will make reasonable efforts to remove such material from public view, though backups may persist for a limited time.

So What Labs Ltd has not disclosed, sold, or shared personal information for a commercial purpose in the past twelve (12) months and has no plans to do so.
We will update this notice if that ever changes.

For questions or to exercise your rights, please contact us at support@sowhatlabs.com.

14. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

‘Consumer’ means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

‘Personal data’ means any information that is linked or reasonably linkable to an identified or identifiable natural person. ‘Personal data’ does not include de-identified data or publicly available information.

‘Sale of personal data’ means the exchange of personal data for monetary consideration.

If this definition ‘consumer’ applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact with So What Labs Ltd and our Services. To find out more, please visit the following links:

Your rights with respect to your personal data

  • Right to be informed whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ( ‘profiling’ )

So What Labs Ltd has not sold any personal data to third parties for business or commercial purposes. So What Labs Ltd will not sell personal data in the future belonging to website visitors, users, and other consumers.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy notice and our Cookie Notice: https://www.sowhatlabs.com/cookie_policy .

You may contact us by email at support@sowhatlabs.com or by referring to the contact details at the bottom of this document.

If you are using an authorised agent to exercise your rights, we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorised agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at support@sowhatlabs.com . Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal if denied, you may contact the Attorney General to submit a complaint .

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes. We update this Privacy Policy as needed to remain transparent and compliant with applicable laws and platform changes.

We may revise this Privacy Policy from time to time to reflect updates in our practices, technologies, legal obligations, or the addition of new So What Labs applications and integrations.
The most recent version will always be available at https://sowhatlabs.com/privacy-policy and will be identified by the “Last Updated” date at the top of the page.

If we make material changes that affect how we process your personal information, we will notify you by one or more of the following methods:

  • posting a clear notice on our website or within your So What Labs account,

  • sending an email notification to registered users, or

  • requesting renewed consent if required by law.

We encourage you to review this notice periodically to stay informed about how we protect your information and how you can exercise your rights.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions, comments, or requests regarding this Privacy Policy or our data-protection practices, you can contact us by email or post:

Email: support@sowhatlabs.com

Post:
So What Labs Ltd
9 Corbets Tey Road
Upminster, Essex
United Kingdom
RM14 2AP

If you are located in the European Economic Area (EEA) or United Kingdom and wish to contact our data-protection representative or file a complaint with your data-protection authority, please refer to the details provided in Section 10 – “What Are Your Privacy Rights?”.

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on your jurisdiction, you may have the right to request access to, correction of, or deletion of personal information that we hold about you.
You can manage most of your account data directly by logging into your So What Labs account at:

https://app.sowhatlabs.com/enterprise/profile/

From there, you can:

  • review and update your profile information,

  • disconnect linked marketing or e-commerce accounts, and

  • request deletion of your account and associated data.

If you prefer, you can also email us at support@sowhatlabs.com to submit a privacy-rights request. We will respond in accordance with applicable data-protection laws.

So What are you waiting for?

Get better insights, strategies and content that boosts your business.

Let’s go