Customer Terms of Service at Referral Rock

Privacy Policy

We at Referral Rock (Referral Rock Inc.) are committed to protecting your privacy. This Privacy Policy applies to our website and blog on (Website), our newsletters (Newsletter), and our Subscription Service (the Subscription Services) owned and controlled by Referral Rock. This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information.

By using the Website, Newsletter, or the Subscription Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use the Website, Newsletter, or the Subscription Service.

We periodically update this Privacy Policy. If you subscribe to the Subscription Service, then you will receive notice when this Privacy Policy is modified. We encourage you to review this Privacy Policy periodically.

This Privacy Policy has been compiled to better serve those who are concerned with how their "Personally Identifiable Information" (PII) is being used online. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect, or otherwise handle your PII in accordance with our website.

Scope of this Privacy Policy

Please be aware that this Privacy Policy does not govern all the information Referral Rock may process. Our commitment to customers and service providers is governed by a separate Data Processing Agreement.

Our commitments to employees are governed by our internal employment policies.

In all instances, we are committed to transparency with our customers, employees, and protecting your data privacy.

Contact Us

If you require any more information or have any questions about our Privacy Policy or our treatment of the information you provide us, please contact us using the information below.

Referral Rock Inc.
950 N Washington, Suite 404
Alexandria, VA 22314

Personal Information

What “personal information” do we collect from the people that visit our Blog, Newsletter, Website, or App?

When you sign up for and use the Subscription Services, consult with our sales or customer success team, send us an email, post on our Blog, integrate the Subscription Services with another website or service (for example, when you choose to connect your ecommerce account with Referral Rock), or communicate with us in any way, you are voluntarily giving us information about yourself and your Contacts. That information may include name, email address, IP address, phone number, credit card information, demographic information, and other information about yourself, your Contacts, or your business. By giving us this information, you consent to this information being collected, used, disclosed, transferred to the United States and stored by us, as described in this Privacy Policy and our Terms of Service.


Payment Information

We collect and process payment information from you when you subscribe to the Subscription Service, including credit card numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect sensitive information from you.


Information about Children

The Websites are not intended or targeted for children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe we have collected information about a child under 16, please contact us at, so we may delete the information.


Children Online Privacy Protection Act (COPPA)

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13.

Navigational Information

What "navigational information" do we collect from the people who visit our Blog, Newsletter, Website, or App?

This refers to information about your computer and your visits, such as your IP address, geographical location, browser type, referral source, length of visit, pages viewed, emails opened, or other computer/visit based information.


Do we use "cookies?"

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow), which enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences, based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user's preferences for future visits
  • Personalize and improve your online experience

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (e.g., Chrome, Internet Explorer) settings. Each browser is a little different, so look at your browser’s help menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you disable cookies on your browser, some features will be disabled. It will turn off some of the features that make your site experience more efficient, and some of our services will not function properly, including tracking of referrals and access to some administration features.

Third-Party Links

We do not include or offer third-party products or services on our website.



Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. 

We use Google AdSense Advertising on our website.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google's use of the DART cookie enables it to serve ads to our users, based on their visit to our site and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

We have implemented the following:

  • Remarketing with Google AdSense
  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting

We, along with third-party vendors like Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.

Opting out:

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out Page or permanently using the Google Analytics Opt Out Browser Add-On.


How does our site handle Do Not Track (DNT) signals?

We honor Do Not Track (DNT) signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.

How We Use the Information We Collect

We never sell personal information

We will never sell your personal information to any third party. 


How do we use your personal information? 

We may use the information we collect from you when you register, make a purchase, sign up for our Newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested
  • To improve our website in order to better serve you
  • To quickly process your transactions
  • To send periodic emails regarding your order or other products and services related to the Subscription Service, or that you have opted in to receive
  • Provide other companies with statistical information about our users – but this information will not be used to identify any individual user
  • To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms
  • To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements
  • To provide, support, and improve the Subscription Services. This may include sharing your or your Contacts’ information with third parties in order to provide and support our Subscriptions Services, or to make certain features available to you (For example, we use Tango Card to process and distribute Gift Cards.)


Use of navigational information

We use navigational information to operate and improve the Websites, Newsletters, and the Subscription Service. We may also use navigational information alone or in combination with personal information to provide you with personalized information about Referral Rock.


How do we use the information inside your Referral Rock account?

Demographic information collected in your account for your referral programs are for your use only. This includes, but is not exclusive to, member and referral demographic information, such as name, email address, IP address (for tracking purposes), and any other custom fields you set in the software. Referral Rock doesn’t contact, share, distribute, sell, or otherwise use account data in any way outside of the built in functionality within the software. It is only accessible by the Referral Rock team for troubleshooting and support purposes.


Use of credit card information

If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide, except for the sole purpose of credit card processing on our behalf.


California Online Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website, stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more at

According to CalOPPA, we agree to the following:

  • Users can visit our site anonymously.
  • Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
  • Our Privacy Policy link includes the word "Privacy," and can be easily be found on the page specified above.
  • Users will be notified of any privacy policy changes on our Privacy Policy page.
  • Users are able to change their personal information by logging into their account.

Security of Your Personal Information

How do we protect personal information?

Your personal information is contained behind secured networks, and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.


Retention of personal information

We retain personal information you provide us as long as we consider it potentially useful in contacting you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request, as described in "Opting Out and Unsubscribing" below. 


Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

If a security breach causes an unauthorized intrusion into our system that materially affects you, then Referral Rock will notify you via email within 72 hours (as compliant with both the Fair Information Practices and the General Data Protection Regulation). For more information, see our GDPR page.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.


International Transfer of Information

To facilitate our global operations, we may transfer and access personal information from around the world, including the United States. This Privacy Policy shall apply even if we transfer personal information to other countries.

Opting Out and Unsubscribing

Reviewing, Correcting, and Removing Your Personal Information

Upon request, Referral Rock will provide you with information about whether we hold any of your personal information. If you provide us with your personal information, you have the following rights with respect to that information:

  • To review the user information you have supplied to us 
  • To request that we correct any errors, outdated information, or omissions in user information you have supplied to us 
  • To request that your user information not be used to contact you 
  • To request that your user information be removed from any solicitation list we use 
  • To request that your user information be deleted from our records

To exercise any of these rights, please contact us at We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

The above rights are compliant with the GDPR rulings of right to be forgotten, right to data portability, right of modification, and withdrawal of consent. For more information, see our GDPR page.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: If you need further assistance regarding your rights, please contact us using the contact information provided above, and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.



The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.


Anti-Spam Policy

Spam is often in the eye of the beholder. If you ask ten different people for a definition of spam, you'll probably get ten different answers. So here’s our best explanation:

  • Spam, as applied to email, means "unsolicited bulk email."
  • "Unsolicited" means the recipient has not granted the sender affirmative consent (permission) to email them.
  • "Bulk" means the message is sent as part of a larger collection of messages, all having materially similar content.

We won’t send unsolicited bulk email, for commercial or non-commercial purposes. Unsolicited bulk email is defined as email sent to more than 10 individuals with whom we do not have a prior business relationship. All of our bulk emails will have an opt-out mechanism and other required information. 

Privacy Shield

Referral Rock complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and the United Kingdom to the United States pursuant to Privacy Shield. Referral Rock has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Privacy Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Referral Rock is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information we hold about you. You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield should direct their query to  If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Referral Rock is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Referral Rock complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, Referral Rock commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Referral Rock at
Referral Rock has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at

Confidentiality; Proprietary Rights

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical, or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party).

Proprietary Information includes, without limitation, trade secrets, know-how, including software and documentation thereto, marketing, sales, operating, performance, costs, and customer lists, in any form, tangible or intangible. Proprietary information of Referral Rock includes non-public information regarding features, functionality, and performance of the Service. Proprietary Information of the Customer includes non-public data provided by Customer to Referral Rock to enable the provision of the Services (“Customer Data”).

The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public, or (b) was in its possession or known by the Receiving Party prior to receipt from the Disclosing Party, as evidenced by the Receiving Party’s written records, or (c) was rightfully disclosed to the Receiving Party without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party.

If the Receiving Party is required by applicable law or requested (by legal process, civil investigative demand or similar process) to disclose any of the Disclosing Party’s Proprietary Information, the Receiving Party shall notify the Disclosing Party immediately of such requirement so that the Disclosing Party may seek an appropriate protective order or waive compliance with the confidentiality covenants in this Agreement. Any such disclosure by the Receiving Party pursuant to the preceding sentence shall be limited to the extent required by applicable law, or order, subpoena, regulatory requirement, or litigation disclosure, and the Receiving Party shall reasonably cooperate with the Disclosing Party in any effort made by the Disclosing Party to seek a protective order or other appropriate protection of the Disclosing Party’s Proprietary Information.

Customer shall own all right, title, and interest in and to the Customer Data. Referral Rock shall own and retain all right, title, and interest in and to: (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing.

Notwithstanding anything to the contrary, Referral Rock shall have the right to collect and analyze data and other information relating to the provision, use, and performance of various aspects of the Services and related systems and technologies (including, without limitation, anonymized, aggregate information derived from Customer Data), and Referral Rock will be free (during and after the term hereof) to use such information and data solely to improve and enhance the Services and for other diagnostic and corrective purposes in connection with the Services. No rights or licenses are granted except as expressly set forth herein.