PRIVACY POLICY

This Privacy Policy describes how VaynerX, LLC and certain subsidiaries, affiliates, and entities that it controls, including VaynerMedia, LLC; ChukMedia, LLC; VaynerSpeakers, LLC; VaynerTalent, LLC; and VaynerMedia International Inc. (collectively, "VaynerX," "we," "us," or "our") collect, use, share, and protect information in connection with the Gee platform (the "Platform"), accessible at gee.vaynerx.app, and any related services, integrations, and APIs operated through the Platform (collectively, the "Services").

The Platform is a Meta Business App that facilitates Conversions API (CAPI) data pipelines, Signals Gateway integrations, commerce enablement, and business messaging solutions across the Meta ecosystem. This Privacy Policy applies to all data processed through the Platform, including Meta Platform Data as defined in Meta's Platform Terms.

This Privacy Policy is intended to be consistent with and shall not supersede, modify, or be inconsistent with Meta's Platform Terms, Meta's Developer Policies, or Meta's Business Tools Terms. In the event of any conflict, Meta's terms shall prevail with respect to Meta Platform Data.

1. DATA WE COLLECT

Information You Provide Directly

When you register for or use the Platform, we may collect information you provide directly, including:

• Name, email address, and business contact information
• Business name, role, and organizational affiliation
• Account credentials and authentication tokens
• Communications you send to us (e.g., support requests)

Meta Platform Data

Through the Platform's integrations with Meta's APIs, we may receive and process the following categories of Meta Platform Data:

• Conversions API (CAPI) Event Data: Web events, app events, and offline conversion events transmitted through the Conversions API, including event names, event parameters, user identifiers (hashed email, hashed phone number, client IP address, user agent, click IDs such as fbc and fbp), custom data parameters, and event source URLs.
• Signals Gateway Data: Event data routed through Meta's Signals Gateway infrastructure, including multi-destination routing metadata, event filtering configurations, and pipeline management data.
• Business Messaging Data: Data associated with business messaging interactions across WhatsApp, Messenger, and Instagram Direct, including Page-Scoped User IDs (PSIDs), Instagram-Scoped User IDs (IGSIDs), Click-to-WhatsApp Ad Click IDs (ctwa_clid), conversation metadata, and messaging event data.
• Commerce Data: Product catalog information, order data, checkout events, and commerce-related conversion data processed through Facebook and Instagram Shops integrations.
• Business Account Data: Business Manager IDs, Page IDs, Pixel IDs, Dataset IDs, ad account information, and associated configuration data.

Meta Business Tools Data

The Platform utilizes Meta Business Tools, including the Meta Pixel, Conversions API, and related SDKs. When these tools are deployed on your websites or apps, the following types of data ("Business Tool Data") may be collected and shared with Meta:

• Contact Information: Information that can be used to identify or contact a person, such as email addresses, phone numbers, names, dates of birth, and geographic information. This information is hashed using SHA-256 before transmission to Meta's servers, meaning it is converted into an irreversible, anonymized format before leaving your systems.
• Event Data: Information about actions people take on your website, app, or in your physical store, such as page views, product views, add-to-cart events, purchases, leads, and other custom events.

Meta uses Business Tool Data for the following purposes: matching events to Meta user accounts; ad targeting to deliver more relevant ads; measurement and analytics to help you understand the effectiveness of your advertising; and improving Meta Products including ad delivery and content personalization. Meta may also provide Event Data about individuals to those individuals upon their request.

Automatically Collected Information

When you access the Platform, we automatically collect certain technical information, including:

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, and actions taken within the Platform
• Date and time of access, referring URLs, and session duration
• Cookies and similar tracking technologies (see Section 9)

2. HOW WE USE COLLECTED DATA

We use the data we collect for the following purposes:

• To provide, operate, and maintain the Platform and its integrations
• To process and transmit CAPI events to Meta on behalf of businesses
• To facilitate Signals Gateway data routing and pipeline management
• To enable commerce features including catalog management and checkout event processing
• To support business messaging integrations across Meta's messaging surfaces
• To monitor, analyze, and improve the Platform's performance and reliability
• To communicate with you about your account, updates, and support
• To detect, prevent, and address technical issues, fraud, and security incidents
• To comply with legal obligations and enforce our Terms of Use

3. PROHIBITED DATA PRACTICES

In accordance with Meta's Platform Terms (Section 3.a), we commit to the following prohibitions and require all users of the Platform to adhere to them:

• No Discrimination: We will not process Meta Platform Data to discriminate or encourage discrimination against people based on personal attributes including race, ethnicity, color, national origin, religion, age, sex, sexual orientation, gender identity, family status, disability, medical or genetic condition, or any other categories prohibited by applicable law.
• No Eligibility Determinations: We will not process Meta Platform Data to make eligibility determinations about people, including for housing, employment, insurance, education opportunities, credit, government benefits, or immigration status.
• No Surveillance: We will not process Meta Platform Data to perform, facilitate, or provide tools for surveillance, including processing data about people, places, groups, or events for law enforcement or national security purposes.
• No Selling or Licensing: We will not sell, license, or purchase Meta Platform Data.
• No Unauthorized Profiling: We will not process Meta Platform Data without valid user consent to build or augment user profiles.
• No Re-identification: We will not attempt to decode, circumvent, re-identify, de-anonymize, unscramble, unencrypt, reverse hash, or reverse-engineer any Meta Platform Data.

4. CAPI AND SIGNALS GATEWAY DATA PROCESSING

The Platform acts as a data processor for businesses that use our CAPI and Signals Gateway integrations. In this capacity:

• We process event data on behalf of and at the direction of the business that has configured the integration
• Event data is transmitted to Meta's servers in accordance with Meta's Conversions API specifications
• For Signals Gateway deployments, event data may be routed to multiple destinations as configured by the business, including Meta, Google BigQuery, and custom HTTP endpoints
• We apply data minimization principles, processing only the event data necessary for the configured integrations
• Hashed user identifiers (e.g., SHA-256 hashed email and phone) are transmitted as-received; we do not de-hash or attempt to re-identify individuals from hashed data

5. BUSINESS MESSAGING DATA PROCESSING

When the Platform processes business messaging data for CAPI for Business Messaging integrations:

• Messenger: We process Page-Scoped User IDs (PSIDs) and messaging event metadata to enable conversion tracking for Messenger interactions. Users must opt in to receive messages; we honor all opt-out requests.
• WhatsApp: We process Click-to-WhatsApp Ad Click IDs (ctwa_clid) to attribute conversions from WhatsApp Business conversations. All messaging complies with WhatsApp Business Policy.
• Instagram Direct: We process Instagram-Scoped User IDs (IGSIDs) for conversion tracking on Instagram messaging interactions. We comply with Instagram Platform Policies regarding user content and messaging.

Each messaging channel's data is processed in accordance with the specific requirements of Meta's CAPI for Business Messaging documentation and the applicable channel's terms of service. We do not use messaging data for purposes beyond the specific conversion tracking and attribution for which it was collected.

6. SHARING OF COLLECTED DATA

We may share the data we collect as follows:

• With our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership
• With Meta Platforms, Inc. as required to operate the Platform's CAPI, Signals Gateway, commerce, and messaging integrations
• With our service providers that perform services for us (such as cloud hosting, analytics, and security monitoring), subject to written agreements requiring them to process data solely at our direction and in compliance with Meta's Platform Terms
• To comply with a court order or other legal obligation, to enforce our Terms of Use, and to protect the rights, property, or safety of our users and other third parties
• With government or law enforcement officials as we determine is necessary or appropriate to respond to claims or comply with legal processes
• In connection with any merger, acquisition, or sale of all or substantially all of our business or assets
• With your consent or at your direction

Service Provider Obligations

In accordance with Meta's Platform Terms (Section 5), all service providers that process Meta Platform Data on our behalf are required to:

• Process Platform Data solely at our direction and for the purpose of providing the services we have requested
• Not use Platform Data for their own purposes or for any other entity's purposes
• Comply with Meta's Platform Terms and all applicable policies as if they were in our place
• Immediately cease processing and promptly delete all Platform Data when they cease providing services to us

We maintain a list of our service providers and their contact information and will provide it to Meta upon request.

Tech Provider Disclosure

VaynerX operates the Platform as a Tech Provider on behalf of its clients, as defined in Meta's Platform Terms (Section 5.b). In this capacity:

• We process Meta Platform Data on behalf of and at the direction of our clients for their specified purposes
• We maintain client data in segregated environments; Platform Data maintained on behalf of one client is kept separate from that of other clients
• We maintain an up-to-date list of our clients and their contact information and will provide it to Meta upon request
• We will promptly terminate a client's access to Meta Products through the Platform if Meta requests it
• We will promptly notify clients of any communication from Meta concerning a user's data subject rights request

7. TRANSFER OF COLLECTED DATA

The Platform is operated in the United States. If you are located in another jurisdiction, please be aware that the data we collect will be transferred to, stored, and processed in the United States. By using the Platform, you consent to this transfer, processing, and storage of your data in the United States.

For Signals Gateway deployments hosted in specific cloud regions (e.g., AWS or GCP), event data may be processed in the cloud region selected by the configuring business.

EEA Data Transfers

To the extent that processing of Meta Platform Data includes personal data controlled by Meta Platforms Ireland Limited and involves transfer to a territory outside the European Economic Area without a positive adequacy decision, such transfers are subject to the Standard Contractual Clauses (Module One, controller-to-controller) as referenced in Meta's Platform Terms (Section 10A), with Ireland as the applicable Member State.

UK Data Transfers

To the extent that processing involves personal data controlled by Meta Platforms, Inc. that is subject to the UK GDPR, international transfers are subject to the UK Approved Addendum to the EU Standard Contractual Clauses, as referenced in Meta's Platform Terms (Section 10B).

8. DATA SECURITY

In accordance with Meta's Platform Terms (Section 6), we maintain administrative, physical, and technical safeguards that meet or exceed industry standards given the sensitivity of the Platform Data we process. These safeguards are designed to prevent any unauthorized processing, access, destruction, loss, alteration, disclosure, distribution, or compromise of Platform Data. Specific measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and multi-factor authentication for Platform access
• Regular security assessments, penetration testing, and vulnerability scanning
• Incident response procedures for data breaches (see below)
• Protection of Meta user IDs, access tokens, and app secrets from unauthorized transfer or sharing

However, no data transmission over the internet is completely secure and no security mechanism is impenetrable.

Security Vulnerability Reporting

We maintain an easily accessible mechanism for reporting security vulnerabilities. If you discover a security vulnerability in the Platform, please report it immediately by emailing [email protected]. We will promptly address identified deficiencies.

Incident Reporting

In the event of any unauthorized processing, access, destruction, loss, alteration, disclosure, distribution, or compromise of Platform Data, or any incident reasonably likely to compromise the security, confidentiality, or integrity of our IT systems, we will:

• Notify Meta as soon as practicable and no later than required under applicable laws and regulations
• Notify affected users and relevant authorities as required by applicable law
• Immediately begin remediation and cooperate with Meta, including providing detailed information about the impact and corrective actions

9. COOKIES AND TRACKING TECHNOLOGIES

The Platform uses cookies and similar tracking technologies to maintain session state, remember preferences, and analyze usage patterns. The Platform also deploys Meta Business Tools (including the Meta Pixel) that use cookies and similar technologies to collect Event Data for ad targeting, measurement, and analytics.

You may remove or reject cookies by adjusting settings on your browser. Please note that removing or rejecting cookies could affect the functionality of the Platform.

Opt-Out Options: You can opt out of interest-based advertising from companies participating in the following industry opt-out programs:

• Digital Advertising Alliance (DAA): www.aboutads.info/choices
• European Interactive Digital Advertising Alliance (EDAA): www.youronlinechoices.eu

10. DATA RETENTION

We retain data only as long as necessary in light of the purpose(s) for which it was originally collected. In accordance with Meta's Platform Terms (Section 3.d), we will delete Platform Data when:

• Retaining the data is no longer necessary for a legitimate business purpose consistent with Meta's Platform Terms
• We stop operating the product or service through which the data was acquired
• Meta requests deletion for the protection of users
• A user requests deletion or no longer has an account with us (unless the data has been aggregated, obscured, or de-identified so that it cannot be associated with a particular user, browser, or device)
• Required by applicable law or regulations

Specific retention periods:

• Account data: Retained for as long as your account is active or as needed to provide the Platform's services
• CAPI event data: Processed in transit and not stored beyond the time necessary to transmit to Meta's systems, unless required for debugging or error resolution (maximum 30 days)
• Signals Gateway pipeline data: Retained according to the routing configuration set by the business, subject to a maximum retention period of 90 days for pipeline logs
• Business messaging data: Retained for the duration necessary to complete the conversion attribution, subject to Meta's data retention requirements

If you request deletion of your account, we will delete or anonymize your data within 30 days, except where retention is required by applicable law. If we receive Platform Data in error, we will immediately report this to Meta, delete the data, and provide proof of deletion upon request.

11. CHILDREN AND MINORS

We respect children's privacy. We do not target or knowingly or intentionally collect personal data from children under the age of 13. By using the Platform, you represent and warrant that you are at least 18 years of age. If you become aware that a child has provided us with personal data without parental consent, please email us at [email protected].

We do not share Business Tool Data about children under the age of 13. We do not knowingly transmit event data through the Conversions API or any other Meta Business Tool that relates to individuals under 13 years of age.

12. SENSITIVE DATA

We do not collect, process, or transmit through the Platform any sensitive data categories, including but not limited to: health or medical information, financial account numbers, Social Security numbers, government-issued identification numbers, insurance information, consumer credit reports, or information about an individual's sexual behavior or orientation — except where such processing is explicitly authorized by the individual and permitted by applicable law.

13. YOUR DATA PREFERENCES AND RIGHTS

Use of Collected Data

If you no longer want us to use your collected data as described above, please submit a request by emailing [email protected].

Data Deletion Requests

If you wish to request deletion of your account and all associated data — including any Meta Platform Data stored on our servers — please visit our Data Deletion page or email [email protected] with the subject line "Gee Data Deletion Request." We will process your request within 30 days. The right to request deletion is available to all users who can access the Platform.

14. CALIFORNIA PRIVACY DISCLOSURES

If you are a resident of California, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information as defined under the CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell personal information as defined under the CCPA, and we do not share personal information for cross-context behavioral advertising purposes.

15. UK AND EU PRIVACY DISCLOSURES

If you are located in the UK, EU, or EEA, the following additional disclosures apply under the General Data Protection Regulation (GDPR) and UK GDPR:

• Legal Bases for Processing: (a) Legitimate interests — operating a secure, access-controlled business tool for authorized personnel; (b) Contract performance — providing the features you request when using the Platform; (c) Legal obligation — complying with applicable law and regulatory requirements; (d) Consent — where you have provided explicit consent for specific processing activities.
• Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to lodge a complaint with your local supervisory authority.
• International Transfers: See Section 7 above for details on transfer mechanisms, including Standard Contractual Clauses and the UK Approved Addendum.

16. CONTACT US

To submit a request relating to your data preferences, to exercise any of your privacy rights, or to report a security vulnerability, please contact us:

Privacy inquiries: [email protected]
Security vulnerabilities: [email protected]
General legal inquiries: [email protected]

We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law).

VaynerX, LLC
Attention: Legal — Privacy Policy Enquiry
10 Hudson Yards, 25th Floor
New York, NY 10001