Pigeon Perch
Get Started

Privacy Policy

Last updated: April 17, 2026

1. About This Policy

This Privacy Policy describes how Pigeon Perch LLC ("Pigeon Perch", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with our website, marketing pages, and email marketing platform (together, the "Services"). Our relationship with personal information depends on who you are:

  • If you are a visitor to our marketing site or a Pigeon Perch customer (account holder): we act as a controller under the General Data Protection Regulation (GDPR), UK GDPR, and equivalent laws, and we are a "business" under the California Consumer Privacy Act (as amended by the CPRA, together "CCPA") and analogous U.S. state laws.
  • If you are a recipient, subscriber, or contact of one of our customers: we generally act as a processor (GDPR) or "service provider" (CCPA) on behalf of the customer, who is the controller/business. Our processing of your personal information is governed by our contract with that customer and our Data Processing Addendum. If you are a recipient and wish to exercise rights regarding your personal information, please contact the sender directly in the first instance.

2. Information We Collect

We collect personal information in three broad categories, described below.

2.1 Account and Subscriber Data (we are controller)

When you sign up for an account, request a demo, or communicate with us, we collect:

  • Identifiers: name, email address, phone number, job title, company name, mailing address.
  • Account credentials: password hash (we never store plaintext passwords), session tokens, multi-factor authentication secrets.
  • Billing and financial data: payment-method information (processed by Stripe — we receive tokenized references, not full card numbers), invoicing details, tax identifiers, purchase history, and subscription status.
  • Communications with us: support tickets, email correspondence, in-app chats, feedback, and survey responses.
  • Preferences: notification settings, locale, and other account preferences.

2.2 Contact Data and End-User Data (we are processor)

Our customers upload, sync, or collect personal information about their own email subscribers, SMS recipients, website visitors, and other end-users ("Contact Data") through the Services. Contact Data may include:

  • Contact identifiers: names, email addresses, phone numbers, company, and similar fields.
  • Postal and geographic information: city, state, country, postal code, IP-derived coarse location, and optionally precise location for location intelligence features.
  • Demographic and custom properties: any customer-defined fields (age bands, plan tiers, purchase history, SKU preferences, etc.).
  • Engagement history: opens, clicks, bounces, unsubscribes, complaints, page views, form submissions, and similar behavioral data.
  • Location interest signals: listing views, searches, and other behavioral signals processed by our location intelligence system, along with derived interest scores.
  • Inferred data: engagement scores, segment memberships, and other derived attributes.

We process Contact Data strictly on the documented instructions of our customers, as described in the Data Processing Addendum.

2.3 Usage and Technical Data (we are controller)

When you use our Services or visit our marketing site, we automatically collect:

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, and language preferences.
  • Usage data: pages and features accessed, timestamps, referring URLs, search terms, and clickstream data inside the Services.
  • Cookies and similar technologies: as described in Section 9.
  • Log and diagnostic data: crash reports, error logs, and performance metrics.

3. Sources of Information

We collect information directly from you (when you sign up, submit forms, or communicate with us), automatically (via cookies, server logs, and tracking snippets), from our customers (when they upload Contact Data or integrate the Services with their website), and from third parties (e.g., enrichment providers, social media platforms if you connect them, and public business directories where applicable).

4. How We Use Information

We use personal information for the following purposes:

  • Providing the Services: delivering, maintaining, and securing the platform; authenticating users; processing transactions; and providing customer support.
  • Processing Contact Data for customers: sending emails and SMS, tracking engagement, computing segments, running automations, and generating analytics — all on customers' behalf.
  • Account management and billing: administering accounts, processing payments, sending billing notices, and enforcing our Terms.
  • Communications with customers and prospects: sending transactional messages (account alerts, security notices, service updates, billing); and, where permitted, marketing messages about our Services, subject to your opt-out preferences.
  • Analytics and product improvement: understanding how the Services are used, diagnosing issues, and developing new features. Where reasonably necessary we may generate aggregated, de-identified, or statistical information from personal information for these purposes.
  • AI and machine learning: we may use Contact Data only as necessary to provide AI Features to the customer who submitted it. We do not train our own or third-party AI models on Contact Data, and our AI sub-processors are contractually prohibited from doing so.
  • Security, fraud prevention, and abuse detection: detecting and preventing spam, phishing, fraud, credential stuffing, and other misuse; monitoring deliverability reputation; and cooperating with law enforcement where appropriate.
  • Legal compliance: complying with applicable laws (including CAN-SPAM, TCPA, GDPR, and tax obligations), responding to lawful requests from public authorities, and enforcing our Terms.
  • Corporate transactions: due diligence, negotiation, and execution of mergers, acquisitions, financings, and similar transactions.

5. Legal Bases for Processing (EEA, UK, Switzerland)

Where the GDPR or UK GDPR applies, we rely on the following legal bases for processing personal information:

  • Performance of a contract (Art. 6(1)(b)): where processing is necessary to provide the Services to you under our Terms.
  • Legitimate interests (Art. 6(1)(f)): where necessary for our legitimate interests in operating, securing, improving, and marketing the Services, provided those interests are not overridden by your fundamental rights and freedoms. We conduct balancing tests before relying on this basis.
  • Consent (Art. 6(1)(a)): where required — for example, for certain cookies and for some direct marketing. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): where processing is necessary to comply with a legal duty to which we are subject.

For Contact Data, the relevant customer (acting as controller) determines and documents the legal basis for the processing it directs us to perform.

6. How We Share Information

We do not sell your personal information for money. We share personal information in the following circumstances:

  • Sub-processors and service providers. We engage trusted third parties to help deliver the Services. Current sub-processors include:
    • Amazon Web Services (AWS): cloud hosting (EC2, RDS, S3), email delivery (SES), event streaming, object storage, and CDN. Region: U.S.
    • Twilio: SMS/MMS delivery and carrier connectivity. Region: U.S.
    • Stripe: payment processing, invoicing, and subscription billing. Region: U.S.
    • Anthropic: large-language-model processing for AI Features. Region: U.S. Anthropic is contractually prohibited from training on inputs and outputs.
    • HubSpot: CRM integration for customers who opt in. Region: U.S.
    • Shopify: product catalog sync for customers who opt in. Region: U.S. / Canada.
    • Cloudflare: DNS, WAF, DDoS mitigation. Region: global edge.
    • MaxMind / GeoIP: IP geolocation.
    A current list of sub-processors is available on request and will be provided with our Data Processing Addendum. We require sub-processors to be bound by contractual obligations no less protective than those in this Policy.
  • Integrations you enable. If you choose to integrate the Services with another platform (e.g., Shopify, HubSpot, an MLS feed), we will share personal information with that platform as directed by you. The receiving platform's privacy policy governs its use of your information.
  • Legal and safety. We may disclose personal information when we believe in good faith that disclosure is necessary to comply with applicable law, valid legal process (e.g., a subpoena or court order), or a governmental request; to protect the rights, property, or safety of Pigeon Perch, our customers, or others; or to enforce our Terms.
  • Corporate transactions. In connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar event, we may transfer personal information. We will notify affected users as required by law.
  • With your consent. For any other sharing, we will obtain your consent or notify you beforehand.

De-identified and aggregated data. We may create and share aggregated, de-identified, or statistical data that cannot reasonably be used to identify you, for any lawful purpose.

7. International Data Transfers

Pigeon Perch is headquartered in the United States, and personal information we process will be transferred to and stored on servers in the United States. If you access the Services from outside the United States, your information will be transferred across borders for processing.

For transfers of personal information from the European Economic Area, the United Kingdom, or Switzerland, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): the European Commission's 2021 SCCs, as incorporated into our Data Processing Addendum, govern transfers to us from the EEA.
  • UK International Data Transfer Addendum (IDTA): applies to transfers from the UK, as incorporated into our DPA.
  • EU-U.S. Data Privacy Framework and UK Extension: we intend to self-certify under the EU-U.S. Data Privacy Framework and its UK Extension. [Note: self-certification status to be confirmed with counsel prior to publication.]
  • Supplementary measures: encryption in transit (TLS 1.2+) and at rest, access controls, logging, and other technical and organizational safeguards.

You may request a copy of the relevant transfer mechanism by emailing support@pigeonperch.com.

8. Data Retention

We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Policy, subject to applicable legal requirements.

  • Account data: retained for the duration of your account and for a reasonable period afterward (typically up to 12 months) to enable reactivation and meet legal obligations.
  • Contact Data: retained for the duration of the customer's subscription plus up to 90 days after account closure, unless the customer requests earlier deletion (which we will honor within 30 days, subject to legal retention obligations).
  • Billing and tax records: retained as required by applicable tax, accounting, and financial regulations (typically 7 years in the United States).
  • Logs and diagnostic data: retained for 30-90 days depending on category.
  • Marketing communications data: retained until you unsubscribe or withdraw consent, plus a suppression-list retention period to ensure we do not re-contact you.
  • Support communications: retained for up to three years after resolution.

We may retain personal information for longer periods where required to exercise or defend legal claims, respond to regulatory inquiries, or resolve disputes.

9. Cookies and Similar Technologies

We and certain third parties use cookies, pixels, local storage, and similar technologies on our marketing site and within the Services. We use the following categories:

  • Strictly necessary. Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
  • Functional. Remember preferences (e.g., locale, UI state, collapsed sidebar sections) to improve the experience.
  • Analytics. Help us understand aggregate usage (e.g., Google Analytics on the marketing site). These can be rejected where required by law.
  • Marketing. Only used where you have consented and where applicable cookie law (including the EU ePrivacy Directive and UK PECR) requires.

You can control cookies via your browser settings and, where applicable, through our cookie consent banner. Disabling certain cookies may affect the Services.

10. Tracking Snippet (Customer Sites)

Our customers may deploy our tracking snippet on their own websites to power features like engagement scoring, web event tracking, and contact identification. When the snippet is loaded, we receive information about visits and events that the customer (acting as controller) directs us to collect. The customer is responsible for obtaining any legally required notices and consents from its visitors prior to deploying the snippet.

11. Your Rights

11.1 General Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate or incomplete personal information.
  • Deletion: request that we delete personal information, subject to exceptions for retention obligations, legal claims, and similar purposes.
  • Restriction: request that we limit how we use certain personal information.
  • Portability: receive a copy of certain personal information in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of prior processing.
  • Non-discrimination: exercise your rights without retaliation.

To exercise these rights, email support@pigeonperch.com. We will verify your identity and respond within the timeframes required by applicable law. You also have the right to lodge a complaint with a supervisory authority.

11.2 California Residents (CCPA/CPRA)

This section supplements the above and provides additional disclosures required by California law for California residents.

Categories of personal information collected (last 12 months): identifiers; customer records (Cal. Civ. Code § 1798.80(e)); commercial information; internet or electronic network activity; geolocation data; professional or employment-related information; and inferences drawn from any of the above. We do not collect Social Security numbers, driver's license numbers, or other sensitive personal information beyond what is described in this Policy. We do not knowingly collect personal information of minors under 16.

Sources and purposes: as described in Sections 3 and 4 above.

Disclosure for business purposes: we have disclosed each category listed above to the categories of recipients described in Section 6 for the business purposes described in Section 4. We have not "sold" personal information within the meaning of the CCPA. For California residents, we may "share" personal information with advertising partners for cross-context behavioral advertising as that term is defined by the CPRA. You have the right to opt out of sharing; please see our "Do Not Sell or Share My Personal Information" link or email support@pigeonperch.com.

Sensitive personal information: we do not use or disclose sensitive personal information for purposes beyond those specified in Cal. Civ. Code § 1798.121.

Your California rights:

  • Right to know/access: request the categories and specific pieces of personal information we collected, the sources, the purposes, and the categories of recipients in the past 12 months.
  • Right to delete: subject to exceptions.
  • Right to correct: inaccurate personal information.
  • Right to opt out: of "sale" and "sharing," and to limit use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.
  • Right to data portability.
  • Authorized agent: you may designate an authorized agent to submit requests on your behalf; we require proof of authorization.

11.3 Other U.S. State Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws have rights similar to those described above, including access, correction, deletion, portability, and the right to opt out of targeted advertising, the sale of personal data, and certain profiling. Some states require us to recognize Universal Opt-Out Mechanisms (such as the Global Privacy Control signal), which we do where legally required. You may appeal any denial of your rights by contacting support@pigeonperch.com.

11.4 EEA, UK, and Swiss Rights

You have the rights described in Section 11.1 as provided by the GDPR and UK GDPR, along with the right to lodge a complaint with your local Data Protection Authority (in the UK, the Information Commissioner's Office; in the EEA, your local supervisory authority).

12. Children's Privacy

The Services are not directed to children under the age of 16, and we do not knowingly collect personal information from individuals under 16. If you believe we have collected information from a child under 16, please contact us at support@pigeonperch.com and we will take steps to delete it. Customers using the Services are responsible for ensuring compliance with laws governing the collection of children's data (including COPPA) in any Contact Data they upload.

13. Security

We maintain technical and organizational measures designed to protect personal information against unauthorized access, loss, alteration, and destruction, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls and the principle of least privilege for employees and contractors.
  • Multi-factor authentication for administrative access.
  • Regular backups, vulnerability scanning, and dependency patching.
  • Incident response procedures, security logging, and audit trails.
  • Employee training on security and privacy best practices.

No security measures are perfect. You are responsible for protecting the confidentiality of your account credentials.

14. Data Breach Notification

In the event of a confirmed personal data breach affecting your information, we will notify you and, where required, applicable supervisory authorities, consistent with our contractual commitments and applicable law (including GDPR Articles 33-34 and U.S. state breach notification laws).

15. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22. Features such as engagement scoring, location interest ranking, and segment computation are decisional aids used by our customers; they do not, by themselves, trigger legal consequences for individuals.

16. Do Not Track Signals

We do not currently respond to "Do Not Track" signals because no consistent industry standard has been adopted. Where required by applicable state law, we honor Universal Opt-Out Mechanisms such as the Global Privacy Control (GPC) signal.

17. Marketing Communications

We may send you marketing emails about our Services. You can unsubscribe at any time by clicking the unsubscribe link in the email or by emailing support@pigeonperch.com. Transactional communications (account alerts, receipts, service notices) cannot be unsubscribed from as long as you maintain an account.

18. Third-Party Links and Services

The Services may link to third-party websites or include third-party integrations. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party service you use.

19. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy on our website and, where appropriate, notify you by email or in-app notice. The "Last updated" date at the top of this Policy indicates when the most recent changes were made. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

20. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact:

Pigeon Perch LLC
418 Broadway, STE R, Albany, NY 12207
Email: support@pigeonperch.com

For EEA/UK representatives: [INSERT EU REPRESENTATIVE NAME AND ADDRESS if you appoint a Representative under GDPR Art. 27, and UK Representative if applicable.]

Data Protection Officer: [INSERT DPO CONTACT if applicable — DPO appointment is not legally required for all organizations, but is a common industry practice.]

See also our Terms & Conditions.