Privacy Policy
Version 1.3 – Last updated: 12 September 2025
Promoter Ninja (HoshinPlan Strategy S.L., Sant Francesc 4, 08290 Cerdanyola del Vallès, Barcelona, Spain) is committed to protecting your privacy. This Privacy Policy applies to both our Website (www.promoter.ninja) and our Subscription Service. It governs our data collection, processing, and usage practices and describes your choices regarding use, access, and correction of your personal information.
Capitalized terms shall have the meanings defined in our Terms of Service. In the event of inaccuracies between the wording between this Privacy Policy and the Terms of Service, the Terms of Service shall prevail.
We want you to understand clearly how we process data in different roles. For the data of our Users (such as account or billing information) Promoter Ninja acts as the Data Controller. For the data of Respondents and for any data that our customers enter into their accounts, Promoter Ninja acts as the Data Processor on behalf of our customers, who remain the controllers of that data.
If you do not agree with the practices described here, please do not use our Website or Subscription Service. For questions, contact: privacy@promoter.ninja.
1. Roles and Responsibilities
Promoter Ninja (HoshinPlan Strategy S.L., Sant Francesc 4, 08290 Cerdanyola del Vallès, Barcelona, Spain) is a data controller within the meaning of the GDPR in certain cases described below, and a data processor in others.
a) Users (customers with accounts)
Purpose: To conclude and perform the Subscription Service (account creation and service use).
Legal basis: Art. 6(1)(b) GDPR (contract).
Processing time: For the duration of the account and thereafter as required by law for legal claims or accounting.
Recipients: IT, customer service, accounting, or legal providers as necessary.
b) People contacting us for support about our Subscription Service
Purpose: The data is processed as part of the legitimate interest of Promoter Ninja, which consists in providing answers, support, and resolving complaints.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Processing time: 12 months from resolution, or longer if required for legal claims.
Recipients: IT, customer service, accounting, or legal providers.
c) People contacting us
Purpose: The data is processed as part of the legitimate interest of Promoter Ninja, which consists in providing answers, support, and resolving complaints.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Processing time: 12 months from resolution, or longer if required for legal claims.
Recipients: IT, customer service, accounting, or legal providers.
d) Website visitors
Purpose: We only set a 'locale' cookie to remember the language preference if the user changes it. No other cookies are used.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Processing time: According to cookie retention periods.
Recipients: IT or infrastructure providers.
2. Information We Collect
Users: account details, contact information, billing data, communications, usage logs.
Respondents: survey responses, timestamps, technical identifiers (IP address, browser, device, and essential cookies for survey logic).
Website Visitors: essential cookies only (session_token – 30 days, locale – 1 year, survey logic cookies – per survey logic).
Children: our service is not intended for or targeted at children under 16. We do not knowingly collect such data.
We also collect log files (IP, browser type, pages viewed, etc.), and process payment details through PCI-compliant third-party providers. We never collect "sensitive" information.
3. Data retention policies
3.1 Survey Data and Feedback Analysis
Promoter Ninja implements tiered data retention policies based on customer subscription tiers to ensure optimal service performance and compliance with data protection regulations. The retention periods are determined by your current subscription tier and are as follows:
Tier 1: Survey data and respondent information are retained for 3 months from the date of collection.
Tier 2: Survey data and respondent information are retained for 6 months from the date of collection.
Tier 3: Survey data and respondent information are retained for 2 years from the date of collection.
Tier 4: Survey data and respondent information are retained for 5 years from the date of collection.
Tier 5: Custom retention periods are agreed upon in the enterprise agreement.
Note: You can view the data retention periods for all subscription tiers on our pricing page and check your current retention period in your organization subscription settings.
Customers retain full control over their data and can manage its retention by deleting specific records or removing the entire account at any time. Data is automatically deleted upon expiration of the applicable retention period. Users also have the ability to search for and retrieve specific data as needed during the retention period.
3.2 Application Users' Data
For users of the application, data is processed from the moment of account creation (i.e., when the Subscription Service enters into force). After an account is deleted, data is retained for the period required by applicable law for the purpose of establishing, pursuing, or defending legal claims and/or to comply with accounting regulations.
3.3 Account Cleanup Policies
To ensure data hygiene and compliance with data protection regulations, Promoter Ninja automatically cleans up certain types of accounts:
Unverified Email Accounts: Accounts with unverified email addresses are automatically deleted after 30 days from account creation.
Stale Free Accounts: Free accounts with no activity for 1 year are automatically deleted.
Inactive Paid Accounts: Paid accounts with no activity for 2 years are automatically deleted.
Account activity includes logging in, creating surveys, receiving responses, or any other interaction with the service. You can prevent account deletion by logging in or using the service before the cleanup period expires.
4. How We Use Information
To provide, maintain, and improve our services.
To process payments and manage billing.
To send important notices (e.g., updates, security alerts).
To provide customer support.
To personalize your experience.
To comply with legal requirements.
We never sell personal information.
5. Sharing of Information
We only share your personal data when necessary and in accordance with GDPR. Categories of recipients include:
Hosting and infrastructure providers (e.g., AWS in the EU) to securely host our platform.
Payment processors to handle subscription billing securely.
Customer support and communication tools we use to provide you with assistance and updates.
Professional advisers and legal authorities when required by applicable law.
All service providers are contractually bound to protect your data and only process it under our instructions. We do not sell personal information.
Service Providers
# | Entity Name | Country (location of processing) | Service / Purpose | Categories of Data Shared |
|---|---|---|---|---|
1 | Amazon Web Services EMEA SARL | Luxembourg (data centres in Ireland) | Hosting and infrastructure | All application data stored and processed in the platform |
2 | MongoDB Limited (Atlas on AWS Ireland) | United Kingdom (data hosted in Ireland) | Database hosting | Application and customer data |
3 | Elastic NV | Netherlands (services across EU) | Search and logging services | Application logs, technical data |
4 | Stripe Payments Europe, Limited | Ireland | Payment processing | Billing information, payment data |
5 | Chargebee Inc. | Germany (Frankfurt DC), headquartered in US/India | Subscription and billing management | Account and billing data |
6 | Twilio Ireland Limited (SendGrid) | Ireland | Transactional email delivery | User email addresses, notification content |
7 | Messente Communications OÜ | Estonia | SMS delivery | Phone numbers and message content |
8 | OpenAI, L.L.C. | United States | AI features (optional, only if enabled) | User-provided text |
6. International Transfers
Data is primarily stored in the EU/EEA. In some cases, we may transfer personal data to countries outside the EU/EEA. Whenever such transfers occur, we ensure that appropriate safeguards are in place, such as:
Adequacy decisions issued by the European Commission;
Standard Contractual Clauses (SCCs) approved by the European Commission;
Other lawful transfer mechanisms under GDPR.
You may request more information about these safeguards by contacting privacy@promoter.ninja.
7. Security
We implement technical and organizational measures such as encryption, access controls, monitoring, and secure hosting to protect your personal data.
8. Your Rights
You have the right to:
Access, rectify, or erase your data.
Restrict or object to processing.
Request portability.
Withdraw consent at any time.
Lodge a complaint with the Agencia Española de Protección de Datos (AEPD) or your local authority.
Contact: privacy@promoter.ninja.
9. Automated Decision-Making
We do not use profiling or automated decision-making that produces legal or similarly significant effects.
10. Single Sign-On
You can log in to our site using a Single Sign-On (SSO) service such as your Google account. This service will authenticate your identity and provide you the option to share certain personal information with us, such as your name and email address, to pre-populate our sign-up form. Such services may also give you the option to post information about your activities on this website to your profile page to share with others within your network.
11. Cookies and Similar Technologies
We only use essential cookies necessary for the website and surveys to function. See our Cookie Policy for details. We do not use analytics or advertising cookies.
12. Anti-Spam Policy
It is prohibited to use the Subscription Service to send unsolicited commercial email in violation of applicable laws. Every email sent using the Subscription Service must include an opt-out mechanism and other legally required information. All customers must agree to adhere to our Acceptable Use Policy at all times. Any violations may result in immediate suspension or termination of the Subscription Service.
13. Updates to this Policy
We will update this policy as needed and post changes here. For significant changes, we will notify you by email or through the service.
Recent Changes (Version 1.3 - 12 September 2025): We have implemented tiered data retention policies based on subscription tiers to ensure optimal service performance and compliance with data protection regulations. Data retention periods now range from 3 months (Tier 1) to 5 years (Tier 4), with custom periods for Tier 5. You can view your current retention period in your organization subscription settings.
14. Contact
HoshinPlan Strategy S.L.
Carrer Sant Francesc, 4
Cerdanyola del Vallès, 08290 Barcelona
Spain
privacy@promoter.ninja