Privacy Policy

RocketOpp LLC ("we," "our," or "us") operates Rocket+ (available at rocketadd.com), a marketing automation platform integrated with GoHighLevel. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.

We maintain SOC 2 Type II and ISO 27001 certifications to ensure the highest standards of security and data protection for our users.

Information You Provide

• Account registration information (name, email address)
• Business information (company name, location details)
• Payment information (processed securely via Stripe)
• Support communications and feedback

Information from Google Services

When you sign in with Google or connect Google services, we may access:

• Basic Profile: Name, email address, and profile picture (for account creation)
• Google Tasks: Task lists and items (with your permission) for productivity integrations
• Google Sheets: Spreadsheet data (with your permission) for data import/export features
• Google Analytics: Website analytics data (with your permission) for reporting features

Google API Services User Data Policy: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google data for the purposes described in this policy and do not transfer it to third parties except as necessary to provide our services.

Information from GoHighLevel Integration

When you connect your GoHighLevel account, we access data based on the OAuth scopes you authorize:

• Contacts: Contact information for CRM automation
• Conversations: Message history for communication features
• Calendars: Appointment data for scheduling features
• Workflows: Workflow configurations for automation
• Opportunities: Pipeline data for sales tracking
• Location Settings: Business configuration and custom values

Automatically Collected Information

• Device and browser information
• IP address and location data
• Usage patterns and feature interactions
• Error logs and performance data

• Provide, maintain, and improve our services
• Process transactions and send related notifications
• Execute automations and workflows you configure
• Send AI-generated content through your connected channels
• Respond to support requests and communications
• Monitor and analyze usage patterns to improve features
• Detect, prevent, and address technical issues
• Comply with legal obligations

We do not sell your personal information. We may share information with:

• Service Providers: Third parties that help us operate our services (Supabase for data storage, Stripe for payments, Vercel for hosting)
• GoHighLevel: Data necessary to provide integrated features through their API
• AI Providers: When you use AI features, prompts may be processed by Anthropic (Claude) or OpenAI based on your configuration
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with any merger or acquisition

We maintain SOC 2 Type II and ISO 27001 certifications, implementing enterprise-grade security controls:

Technical Safeguards

• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• OAuth tokens and API keys encrypted before storage
• Row-level security policies on all database tables
• Multi-factor authentication available for accounts
• Automated vulnerability scanning and penetration testing

Organizational Controls

• Role-based access control limiting employee data access
• Annual security awareness training for all personnel
• Background checks for employees with data access
• Documented incident response and disaster recovery procedures
• Regular third-party security audits

Infrastructure Security

• Hosted on SOC 2 compliant cloud infrastructure (Vercel, Supabase)
• 24/7 monitoring and intrusion detection
• Geographic redundancy and automated backups
• DDoS protection and web application firewall

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability (receive your data in a structured format)
• Withdraw consent at any time

To exercise these rights, contact us at privacy@rocketopp.com

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Upon account deletion, we remove personal data within 30 days, except where retention is required for legal compliance, dispute resolution, or enforcement of agreements.

7. Third-Party Services

Our application integrates with:

• GoHighLevel: CRM platform integration
• Stripe: Payment processing
• Supabase: Database and authentication
• Anthropic/OpenAI: AI content generation
• Vercel: Application hosting

Each service has its own privacy policy governing their data practices.

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us: