Privacy Policy

Last updated: April 27, 2026

1. Introduction

Postforge, Inc. ("we," "us," or "our") operates Visitor IQ (the "Service"), accessible at visitoriq.postforge.com. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service — including information about your website visitors that we process on your behalf.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account or use the Service, we collect:

  • Name and email address (from Manus OAuth login)
  • Billing information (processed by our payment provider; we do not store full card numbers)
  • Configuration data such as pixel settings, audience filters, and integration credentials
  • Communications you send to our support team

2.2 Visitor Data Collected via the Tracking Pixel

When you install the Visitor IQ pixel on your website, our Service automatically collects the following data about your website visitors:

  • Technical identifiers: IP address, device fingerprint, browser type and version, operating system, screen resolution, and user-agent string
  • Behavioral data: pages visited, time on page, referral source, session duration, and click events
  • Enriched identity data: name, email address, phone number, job title, company name, company size, company revenue, and geographic location — derived by matching technical identifiers against our identity graph
  • Intent signals: computed intent scores based on behavioral patterns

This data is processed on your behalf as a data processor (under GDPR) or service provider (under CCPA). You, as the website operator, are the data controller or business responsible for ensuring you have a lawful basis for this processing.

2.3 Automatically Collected Service Data

We collect standard server logs, API usage metrics, and performance data to operate and improve the Service.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Identify website visitors and enrich their profiles using our identity graph
  • Sync identified visitor data to third-party platforms you connect (CRMs, ad platforms, email tools) at your direction
  • Improve and develop new features of the Service
  • Send transactional communications (account confirmations, billing receipts, security alerts)
  • Respond to your support requests
  • Comply with legal obligations

We do not sell visitor data to third parties. We do not use visitor data collected on your behalf for our own advertising purposes.

4. Identity Graph and Data Sources

Visitor IQ maintains an identity graph of approximately 308 million verified contact records. This graph is built from publicly available sources, licensed data providers, and opt-in data partnerships. All records are refreshed on a rolling 30-day cycle using USPS National Change of Address (NCOA) verification to maintain accuracy.

When a visitor lands on your website, we match their technical signals (IP address, device fingerprint) against this graph to produce an enriched profile. The match is probabilistic — we return the closest matching record above our confidence threshold.

5. Data Sharing and Disclosure

5.1 At Your Direction

When you configure a sync rule, you instruct us to transmit identified visitor data to a third-party platform (e.g., HubSpot, Klaviyo, Facebook, Google Ads). You are responsible for ensuring that such transmission complies with applicable law and the terms of those third-party platforms.

5.2 Service Providers

We share data with trusted service providers who assist in operating the Service (cloud hosting, database providers, analytics). These providers are contractually bound to process data only on our instructions and to maintain appropriate security measures.

5.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Postforge, Inc., our customers, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, visitor data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain identified visitor profiles for as long as your account is active or as needed to provide the Service. You may delete individual visitor records or request bulk deletion at any time from your dashboard. Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law.

7. Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, and regular third-party security audits. Visitor IQ is SOC 2 Type II certified. While we take reasonable precautions, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights Under GDPR (EEA / UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Our legal bases for processing personal data under GDPR are: (a) performance of a contract (providing the Service to you); (b) legitimate interests (improving the Service, fraud prevention); and (c) compliance with legal obligations.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to delete: request deletion of your personal information, subject to certain exceptions
  • Right to opt out of sale: we do not sell personal information as defined under CCPA
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at [email protected] or use the "Do Not Sell My Personal Information" link in the footer.

10. Cookies and Tracking Technologies

The Visitor IQ tracking pixel uses first-party cookies and device fingerprinting to identify returning visitors and maintain session continuity. We also use cookies on our own website for authentication (session cookies) and analytics (aggregate, anonymized usage data).

You can control cookie preferences through the consent banner displayed on your first visit, or by adjusting your browser settings. Note that disabling cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].

12. International Data Transfers

Postforge, Inc. is based in the United States. If you are accessing the Service from outside the United States, your data may be transferred to and processed in the United States. For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the lawful transfer mechanism.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date, and by sending an email notification to the address associated with your account at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Postforge, Inc.

Privacy Team

Email: [email protected]

We use cookies

Manage your preferences below

Visitor IQ uses strictly necessary cookies to operate the Service, and optional cookies for analytics and marketing. We also use visitor identification technology on your behalf when you install our pixel. Privacy Policy