Privacy Policy

Last updated: February 4, 2026

1. Purpose

This Privacy Policy explains how Probo ("Probo", "we", "us", "our") collects, uses, stores, and shares information when you:

• visit getprobo.com and related pages,
• use our hosted product and services (the "Service"), or
• otherwise interact with us (for example, requesting a demo or contacting support).

Who we are
Probo
Legal entity: Probo Inc.
Address: 490 Post St, STE 640, San Francisco, CA, 94102, US
Email: privacy@getprobo.com

Controller vs. Processor

• For our website and business operations (including sales and marketing), Probo typically acts as a controller.
• For the Service, Probo typically acts as a processor when we process Customer Content on behalf of a business customer.

2. Statements

2.1 What we collect and how we use it

2.1.1 Information you provide

Depending on how you use Probo, we may collect:

• Account information: name, work email, company name, role/title, authentication details.
• Customer Content: content you upload or generate in Probo (which may include personal data depending on what you put into the Service).
• Support and communications: information you include in emails, forms, chat/support tickets, or calls.
• Billing/admin information (if applicable): billing contact details, invoices, and payment-related records.

2.1.2 Information collected automatically

When you use our website or Service, we may collect:

• Device and usage data: IP address, browser type, device identifiers, operating system, referring pages, pages/actions within the Service.
• Log data: authentication events, timestamps, audit/security events, and other logs used for security and troubleshooting.

2.1.3 Cookies and similar technologies

We use cookies and similar technologies to:

• keep the site and Service functioning (session and security),
• understand usage and improve performance (analytics).

See our Cookie Policy: https://www.getprobo.com/cookie-policy

2.1.4 Integration Data (applies to all integrations, including Google)

If you connect third-party services (for example identity providers, cloud providers, code repositories, ticketing systems, or Google Workspace), we may receive Integration Data as authorized by you and limited to the permissions/scopes you approve.

How we use Integration Data (including Google user data)
We use Integration Data only to provide, operate, and improve the user-facing features you enable in Probo.

We do not use Integration Data (including Google user data) for:

• targeted advertising or "cross-context behavioral advertising,"
• selling to data brokers or information resellers,
• creditworthiness or lending decisions,
• building advertising profiles,
• training generalized AI/ML models.

Google user data
If you connect Google via OAuth, Probo's access, use, and transfer of Google user data will comply with the Google API Services User Data Policy, including the Limited Use requirements.

Disconnecting and revoking access
You can disconnect an integration from within Probo. If you connected Google, you can also revoke Probo's access through your Google Account security settings. After disconnection/revocation, we stop requesting new data from that integration.

2.1.5 Why we process Personal Data

We use Personal Data and other information to:

• provide and operate the Service (including creating accounts and processing Customer Content as instructed by customers),
• secure and protect the Service (monitoring, detecting, preventing fraud/abuse, troubleshooting),
• maintain and improve our website and Service (analytics, debugging, performance),
• communicate with you (service messages and support),
• sales and marketing (responding to requests, sending newsletters/updates where permitted; you can opt out),
• comply with legal obligations and enforce our agreements.

2.2 How we share information

We do not sell Personal Data.

We may share information in the following situations:

2.2.1 Service providers (subprocessors)

We use vendors to help operate the Service (for example hosting, analytics, customer support tools, and security monitoring). They are permitted to process data only under our instructions and contractual obligations.

A list of subprocessors may be available here: https://compliance.getprobo.com/subprocessors

2.2.2 Within your organization

If you use Probo through an organization account, workspace administrators may access and manage certain account information, workspace configuration, and activity needed to administer the workspace.

2.2.3 At your direction

We share information when you instruct us to, for example:

• connecting integrations,
• inviting collaborators,
• exporting data,
• sharing reports or documents with an auditor or third party you choose.

2.2.4 Legal and safety reasons

We may disclose information if we believe it is reasonably necessary to:

• comply with applicable law or lawful requests,
• protect rights, safety, and security of Probo, our users, or others,
• investigate fraud or security issues.

2.2.5 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and security measures.

2.2.6 International transfers

We may process and store information in countries other than where you live, including where we and our service providers operate. Where required, we use appropriate safeguards for international transfers (such as contractual protections).

2.3 Security, retention, deletion, and privacy rights

2.3.1 Security

We maintain technical and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

Our safeguards include:

• encryption in transit (e.g., TLS),
• encryption at rest (AES-256),
• row-level encryption using AES-256 for sensitive fields/data where applicable,
• access controls and least-privilege permissions.

No method of transmission or storage is 100% secure, but we maintain safeguards appropriate to the risk and nature of the data processed.

2.3.2 Retention and deletion

A) Service / product data (Customer Content and workspace data)

• We retain Customer Content and other Service data for as long as the applicable Master Service Agreement (MSA) (or other governing customer agreement) remains valid and the customer account is active.
• If a customer terminates or does not renew ("churns"), we provide a period of time for the customer to export their data.
• After that export period ends, we remove Customer Content and other Service data from our product systems (production environments), subject to limited retention in backups and logs for security, compliance, and disaster recovery purposes. Backup copies and logs are deleted or overwritten on a rolling basis.

B) Integration Data
Integration Data collected into the Service (including Google user data, if connected) follows the same retention rules as other Service data. If you disconnect an integration, we stop requesting new data from that integration, but previously collected data may remain in Customer Content/workspace records until deleted under the rules above or until removed by the customer (where the Service supports deletion).

C) Sales/marketing data (website inquiries, newsletters, CRM records)
Sales and marketing records (for example demo requests, newsletter signups, and sales communications) are retained separately from Service data.

• Opting out of marketing emails stops marketing messages, but may not delete historical sales/marketing records.
• To request deletion of sales/marketing data, contact privacy@getprobo.com and specify that your request is for "sales/marketing data deletion".

2.3.3 Your choices and rights (general)

Depending on where you live, you may have rights to:

• access your Personal Data,
• correct inaccurate Personal Data,
• delete Personal Data,
• receive a copy of certain data (portability),
• object to or restrict certain processing,
• withdraw consent where processing is based on consent,
• opt out of certain processing (where applicable under law).

If you are an end user in a customer workspace, privacy requests relating to Customer Content should typically be directed to the customer (the workspace owner). We support our customers in responding to such requests where applicable.

To exercise rights, contact privacy@getprobo.com.

2.3.4 U.S. State privacy disclosures

This section provides additional disclosures for residents of U.S. states with comprehensive privacy laws. Rights vary by state and may depend on your relationship with Probo (for example, website visitor vs. user in a business workspace).

California (CCPA/CPRA)

• Categories of personal information we may collect (depending on your interactions):
  • identifiers (name, email, IP address, account identifiers),
  • internet/network activity (website and Service usage, logs),
  • professional/employment information (company name, role/title),
  • commercial information (billing/admin records, if applicable),
  • approximate geolocation (derived from IP),
  • Customer Content categories you/your organization upload.
• Purposes: described in Section 2.1.5 (provide the Service, security, support, improvement, and permitted marketing).
• Disclosures: described in Section 2.2 (service providers, your organization, at your direction, legal, business transfers).
• Sale/Sharing:
  • We do not sell personal information.
  • We do not share personal information for cross-context behavioral advertising.
• Sensitive personal information:
  • We do not use or disclose sensitive personal information except as needed to provide the Service, maintain security, and for other permitted business purposes.
• Your California rights (where applicable):
  • right to know/access, delete, correct,
  • right to opt out of sale/sharing (if applicable),
  • right to limit certain uses of sensitive personal information (if applicable),
  • right to non-discrimination for exercising your rights.
• Submitting requests: email privacy@getprobo.com. We may verify your identity before fulfilling requests. Authorized agents may submit requests where permitted by law.

Other U.S. states (e.g., CO, CT, VA, UT, TX, and others)
Residents of certain states may have rights to:

• access/confirm processing,
• correct inaccuracies (in some states),
• delete,
• obtain a portable copy,
• opt out of targeted advertising, sale of personal data, or certain profiling (as defined by applicable law).

Appeals (where required)
If we deny a request and your state law provides an appeal right, you may appeal by emailing privacy@getprobo.com with the subject line "Privacy Rights Appeal".

Opt-out preference signals
Where required by applicable law, we honor user-enabled opt-out preference signals (such as browser-based signals).

2.3.5 Business customers and DPA

When processing Customer Content on behalf of a business customer, Probo typically acts as a processor.

Data Processing Addendum (DPA)
A DPA is available on request and is separate from our Master Service Agreement (MSA).
To request it, contact legal@getprobo.com or privacy@getprobo.com.

2.3.6 Children's privacy

The Service is not directed to children and we do not knowingly collect personal data from children under 13 (or the age required by local law).

2.3.7 Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and provide additional notice where required.