Emojot Privacy Policy
Last Updated: May 2026
1 - Introduction
Emojot, Inc. and its affiliates, including Emojot (Private) Limited, Sri Lanka, (collectively, “Emojot,” “we,” “our,” or “us”) provide a cloud-based, business-to-business Unified Experience Intelligence platform (the “Platform” or “Services”). Emojot helps business clients sense, understand, and act on customer, employee, brand, operational, social, reputation, complaint-related, and workflow-related experience signals across their enterprise.
This Privacy Policy explains how Emojot collects, uses, discloses, transfers, protects, and retains personal data in connection with our websites, products, services, marketing activities, and business operations.
Emojot primarily provides its Services to business clients. In many cases, our clients determine what personal data is collected through the Platform, why it is collected, how long it is retained, and how it is used. In those cases, the client is the data controller or business, and Emojot acts as a data processor or service provider on behalf of that client. Emojot may also act as a data controller for information we collect for our own business purposes, such as website visitors, business contacts, marketing leads, prospective customers, and users who interact directly with Emojot.
Emojot does not sell personal data.
2 - Scope of this Policy
This Privacy Policy applies to personal data processed by Emojot in connection with:
- Emojot websites and online properties;
- Emojot’s cloud-based Platform and Services;
- customer, employee, complaint, social listening, online reputation, workflow, and analytics use cases configured by Emojot clients;
- business development, marketing, sales, support, and customer success activities;
- security, compliance, audit, and operational activities.
This Privacy Policy does not apply to third-party websites, platforms, social networks, applications, or services that are not owned or controlled by Emojot, even if they are linked from or integrated with our Services. Those third parties maintain their own privacy notices and practices.
3 - Emojot’s Role: Controller, Processor, and Service Provider
3.1 - Emojot as a Data Processor or Service Provider
When Emojot processes personal data on behalf of a business client through the Platform, Emojot generally acts as a data processor or service provider. In these cases, the client is responsible for determining the purposes and lawful basis of processing, configuring the Platform, providing required privacy notices, obtaining required consents, managing end-user permissions, setting retention requirements, and responding to applicable data subject or consumer rights requests.
Examples of client-controlled processing may include:
- customer feedback and survey programs;
- employee experience surveys and workplace feedback programs;
- customer complaint management workflows;
- social listening, online reputation monitoring, and review management;
- customer service, messaging, and chatbot interactions;
- business process automation and case routing;
- analytics, reporting, benchmarking, and experience intelligence dashboards;
- integrations with client systems, third-party platforms, social channels, review platforms, CRM systems, HR systems, contact centers, or other enterprise applications.
Emojot processes client-controlled personal data only in accordance with applicable agreements, data processing terms, client instructions, and applicable law.
3.2 - Emojot as a Data Controller
Emojot acts as a data controller when we process personal data for our own business purposes, such as:
- managing our websites;
- responding to inquiries;
- managing business contacts and accounts;
- providing product demonstrations;
- conducting marketing and lead generation;
- managing contracts and billing;
- securing and improving our Services;
- complying with legal, regulatory, security, and compliance obligations.
4 - The Emojot Platform: Unified Experience Intelligence
Emojot’s Platform is designed to help organizations unify experience signals into actionable intelligence. Depending on how a client configures the Services, Emojot may process personal data and related metadata to help clients understand what is happening, why it is happening, where it is happening, and what action should be taken.
The Platform may support use cases such as:
- customer experience feedback and analytics;
- employee experience feedback and analytics;
- complaint intake, classification, routing, escalation, and resolution tracking;
- online reputation management and review monitoring;
- social listening and brand signal tracking;
- competitor benchmarking where configured by the client;
- sentiment, emotion, topic, and trend analysis;
- business process automation and workflow management;
- regulatory SLA tracking and audit trails;
- AI-assisted recommendations, alerts, summaries, and insights.
5 - Personal Data We Collect and Process
The categories of personal data Emojot collects or processes depend on the context in which the data is provided and how clients configure the Services.
5.1 - Business User and Account Data
We may collect information about authorized users of our Platform and Services, including:
- name;
- business email address;
- phone number;
- company name;
- job title or role;
- account credentials or authentication information;
- subscription, billing, and account administration details;
- support requests and communications.
We use this information to create and manage accounts, authenticate users, provide secure access, support clients, administer subscriptions, and operate the Services.
5.2 - End-Customer Data Processed for Clients
When clients use Emojot to collect or analyze customer experience signals, we may process information submitted by or about their customers, including:
- name;
- email address;
- phone number;
- customer identification number;
- feedback text;
- ratings and scores;
- survey responses;
- service-related complaints;
- issue categories;
- attachments or supporting information submitted through complaint or feedback channels;
- interaction history where configured by the client.
5.3 - Employee and Workforce Experience Data Processed for Clients
When clients use Emojot for employee experience or workforce feedback programs, we may process information submitted by or about employees, contractors, or other workforce participants, including:
- name;
- email address;
- phone number;
- employee identification number;
- department, role, branch, location, or team information;
- survey responses;
- feedback text;
- opinions, concerns, or complaints;
- workplace experience indicators;
- case or workflow data where configured by the client.
Clients are responsible for providing required employee notices and obtaining any required consents or approvals for employee-related processing.
5.4 - Publicly Available, Social Listening, and Online Reputation Data
Where configured by a client and permitted by applicable law and platform terms, Emojot may process publicly available or third-party experience signals, including information from:
- public social media posts;
- public profiles or usernames;
- review sites;
- ratings platforms;
- app stores;
- public forums;
- blogs;
- websites;
- public comments;
- competitor or market benchmark sources;
- other publicly available digital channels.
This information may include names, usernames, public profile information, posts, comments, ratings, reviews, timestamps, engagement metrics, sentiment indicators, and related metadata.
Emojot does not control third-party platforms or public sources. Clients are responsible for ensuring that their configuration and use of public-source or third-party data complies with applicable laws, third-party terms, and their own privacy obligations.
5.5 - Complaint, Case, Workflow, and Audit Data
When clients use Emojot for complaint handling, case management, workflow automation, or regulated process tracking, we may process:
- complaint details;
- issue type or category;
- severity, urgency, or risk classification;
- responsible team, role, branch, or agent;
- SLA status and deadlines;
- escalation history;
- notes and resolution details;
- evidence or attachments;
- audit trail events;
- timestamps and user actions.
5.6 - Experience Context and Enterprise Hierarchy Metadata
To support Unified Experience Intelligence, Emojot may process contextual metadata associated with experience signals, including:
- region, country, branch, store, site, department, counter, team, agent, or other hierarchy information;
- journey stage;
- channel;
- campaign, workflow, or sensor identifier;
- stakeholder type, such as customer, employee, partner, or visitor;
- time, date, and session context;
- device, browser, and technical metadata;
- location data where provided by the client, user, or device and permitted by law.
This context helps clients identify where experience issues arise, understand root causes, route actions, and measure outcomes.
5.7 - AI-Generated, Derived, and Analytical Data
Emojot may generate derived data or analytics from the data processed through the Platform, including:
- sentiment indicators;
- emotion indicators;
- topic classifications;
- summaries;
- translations;
- anomaly signals;
- trend indicators;
- predicted risk or urgency;
- recommended actions;
- workflow routing suggestions;
- aggregated benchmarks and reports.
Where such outputs relate to identifiable individuals, they are treated as personal data in accordance with applicable law.
5.8 - Marketing and Lead Generation Data
We may collect personal data in the course of marketing, sales, and business development activities, including:
- name;
- business contact details;
- company name;
- job title;
- country or region;
- product interests;
- event, webinar, or demo registration details;
- communications with Emojot;
- website interactions and campaign engagement data.
We use this information to respond to inquiries, provide information about our products and services, manage marketing communications, conduct business development, and improve our outreach.
5.9 - Technical, Operational, and Security Data
We automatically collect certain information to support security, availability, operations, analytics, and service improvement, including:
- IP address;
- browser type;
- operating system;
- device identifiers;
- access times;
- referring website addresses;
- usage logs;
- authentication events;
- audit logs;
- error logs;
- system performance data;
- security monitoring data.
We may use cookies and similar technologies as described in this Policy and any applicable Cookie Notice.
5.10 - Sensitive Personal Data
Emojot does not intentionally collect sensitive personal data unless it is provided by a client, user, or individual through a configured use case, or unless required for a specific lawful purpose. Depending on the client’s configuration, sensitive data may be included in open-text feedback, complaints, employee feedback, or attachments submitted through the Platform.
Where sensitive personal data is processed, Emojot applies appropriate safeguards and processes such data in accordance with client instructions, applicable agreements, and applicable law.
6 - How We Use Personal Data
Emojot uses personal data for the following purposes, depending on the context:
- to provide, operate, maintain, and secure the Services;
- to authenticate users and manage access;
- to enable clients to collect, analyze, and respond to experience signals;
- to support complaint handling, case routing, workflow automation, escalation, and resolution tracking;
- to generate dashboards, reports, alerts, summaries, recommendations, and insights;
- to support customer service, technical support, and account management;
- to monitor system performance, reliability, and security;
- to detect, investigate, prevent, and respond to security incidents, fraud, misuse, and policy violations;
- to improve and develop our Services;
- to conduct marketing, business development, and customer communications;
- to comply with legal, contractual, regulatory, security, and compliance obligations;
- to enforce agreements and protect the rights, safety, and property of Emojot, our clients, users, and others.
7 - AI, Analytics, and Automated Processing
Emojot uses artificial intelligence, machine learning, analytics, and automation technologies to support the functionality of the Platform. These technologies may be used to:
- classify feedback, complaints, topics, and themes;
- detect sentiment and emotion indicators;
- summarize text or interactions;
- translate content;
- identify trends, anomalies, and emerging risks;
- recommend actions or next steps;
- route complaints, cases, or workflows;
- support SLA tracking and escalation;
- generate dashboards, reports, and alerts;
- assist customer service or chatbot interactions where configured by a client.
AI-generated outputs are designed to assist clients and authorized users. Emojot does not use AI to make decisions that produce legal or similarly significant effects on individuals unless directed by a client under appropriate contractual, legal, and human-review safeguards.
Clients are responsible for determining whether AI-assisted processing is appropriate for their use case, providing required notices, obtaining required consents, and ensuring appropriate human oversight where required by law or internal policy.
8 - Lawful Bases for Processing
Where applicable data protection law requires a lawful basis for processing, Emojot relies on one or more of the following lawful bases:
- Consent: where an individual has given consent, such as for certain marketing communications or optional feedback activities;
- Contract: where processing is necessary to perform a contract with a client, supplier, partner, or user;
- Legitimate interests: such as providing, securing, improving, and promoting our Services, managing business relationships, conducting analytics, preventing fraud, and maintaining system integrity;
- Legal obligations: where processing is necessary to comply with applicable laws, regulations, legal processes, or governmental requests;
- Client instructions: where Emojot processes personal data as a processor or service provider on behalf of a client.
Where we rely on consent, individuals may withdraw consent at any time. Where we rely on legitimate interests, individuals may have the right to object to processing, subject to applicable law.
9 - Cookies and Similar Technologies
Emojot may use cookies, pixels, tags, local storage, and similar technologies on our websites and Services. These technologies may be used to:
- enable core website and Platform functionality;
- authenticate users and maintain secure sessions;
- remember preferences;
- analyze website and product usage;
- improve performance and user experience;
- support marketing and campaign measurement;
- detect and prevent fraud, abuse, and security risks.
Cookies may be placed by Emojot or by third-party service providers. Depending on your location, you may be able to manage cookie preferences through a cookie banner, preference center, browser settings, or other available mechanisms.
Where required by applicable law, Emojot will obtain consent before using non-essential cookies or similar technologies.
10 - How We Disclose Personal Data
Emojot may disclose personal data to the following categories of recipients:
10.1 - Clients
Where Emojot processes personal data on behalf of a client, we may make that data available to the relevant client and authorized client users in accordance with the client’s configuration, permissions, and agreement with Emojot.
10.2 - Service Providers and Subprocessors
We may disclose personal data to service providers, subprocessors, and vendors that support our business and Services, including providers of:
- cloud hosting and infrastructure;
- database services;
- identity and access management;
- analytics and monitoring;
- customer support;
- security monitoring;
- communications and email delivery;
- CRM, marketing, and business operations;
- professional services, legal, audit, and compliance support.
These service providers are authorized to process personal data only as necessary to provide services to Emojot and are subject to appropriate contractual and security obligations.
10.3 - Third-Party Integrations Configured by Clients
Clients may configure integrations between Emojot and third-party systems, platforms, or channels. Data shared through such integrations is governed by the client’s configuration, the relevant third-party terms, and applicable law. Emojot is not responsible for privacy or security practices of third-party systems that are not controlled by Emojot.
10.4 - Legal, Regulatory, and Safety Purposes
We may disclose personal data where we believe disclosure is necessary or appropriate to:
- comply with applicable law, regulation, legal process, or governmental request;
- protect the rights, safety, and property of Emojot, our clients, users, or others;
- detect, investigate, prevent, or respond to fraud, security incidents, or misuse;
- enforce agreements and policies;
- support legal claims, audits, investigations, or compliance requirements.
Where legally permitted and appropriate, Emojot will notify affected clients of requests for client-controlled data.
10.5 - Business Transactions
If Emojot is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction, personal data may be disclosed or transferred as part of that transaction, subject to appropriate safeguards and applicable law.
11 - International Data Transfers
Emojot operates globally and may transfer personal data to the United States, Sri Lanka, and other countries where Emojot, its affiliates, clients, service providers, or subprocessors operate.
Emojot’s primary cloud infrastructure is hosted in the United States. Personal data collected in the European Economic Area, United Kingdom, or other jurisdictions may be transferred to the United States or other countries in accordance with applicable data protection laws.
For transfers from the European Union and the United Kingdom, Emojot relies primarily on its certification under the EU–U.S. Data Privacy Framework and the UK Extension to the EU–U.S. Data Privacy Framework, where applicable. Where other transfer mechanisms are required, such as Standard Contractual Clauses or equivalent safeguards, Emojot will implement appropriate safeguards to protect personal data.
12 - Data Privacy Framework Commitments for Covered Transfers
Emojot applies privacy and security safeguards to personal data processed through its Services regardless of where individuals are located. This section provides additional information about Emojot’s commitments for personal data transferred to the United States in reliance on the Data Privacy Framework.
Emojot complies with the EU–U.S. Data Privacy Framework and the UK Extension to the EU–U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Emojot has certified to the U.S. Department of Commerce that it adheres to the EU–U.S. Data Privacy Framework Principles with respect to personal data received from the European Union and the United Kingdom in reliance on the Data Privacy Framework.
If there is any conflict between the terms of this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.
To learn more about the Data Privacy Framework program, and to view Emojot’s certification, please visit https://www.dataprivacyframework.gov.
12.1 - Accountability for Onward Transfers
Emojot may transfer personal data to third-party agents, service providers, or subprocessors that perform services on our behalf. Emojot remains responsible and liable under the Data Privacy Framework Principles if third-party agents process personal data in a manner inconsistent with the Principles, unless Emojot proves that it is not responsible for the event giving rise to the damage.
12.2 - Choice
Individuals may have the right to opt out of having their personal data disclosed to third parties or used for purposes materially different from the purpose for which it was originally collected or subsequently authorized. Emojot will obtain affirmative express consent where required for sensitive personal data under the Data Privacy Framework Principles.
12.3 - Access, Correction, and Deletion
Individuals may have the right to access personal data Emojot holds about them and to request correction, amendment, or deletion where inaccurate or processed in violation of the Data Privacy Framework Principles, subject to contractual, legal, and technical limitations.
Where Emojot processes personal data on behalf of a client, individuals may need to direct their request to the relevant client.
12.4 - Recourse, Enforcement, and Liability
Emojot’s compliance with the Data Privacy Framework is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
In compliance with the EU–U.S. Data Privacy Framework and the UK Extension, Emojot commits to resolve complaints about our collection or use of personal data. Individuals whose personal data is covered by the Data Privacy Framework should first contact Emojot using the contact information provided in this Policy.
If we are unable to resolve a Data Privacy Framework-related complaint directly, Emojot commits to refer unresolved complaints to JAMS, an alternative dispute resolution provider based in the United States. The services of JAMS are provided at no cost to individuals. More information is available at https://www.jamsadr.com/DPF-Dispute-Resolution.
For human resources data received in reliance on the Data Privacy Framework in the context of the employment relationship, Emojot commits to cooperate and comply with the advice of the panel established by the EU data protection authorities and the UK Information Commissioner’s Office, as applicable.
Under certain conditions, individuals may invoke binding arbitration for residual claims not resolved by other redress mechanisms.
13 - Security
Emojot maintains a security and compliance program aligned with internationally recognized standards. Emojot is ISO/IEC 27001:2022 certified and has completed a attestation covering applicable trust services criteria, including Security, Availability, and Confidentiality. These certifications and attestations support Emojot’s commitment to protecting customer data through independently reviewed governance, security, risk management, access control, monitoring, and operational controls.
Emojot’s safeguards include, as applicable:
- encryption in transit using TLS;
- encryption at rest;
- encrypted backups;
- role-based access control;
- least-privilege access;
- multi-factor authentication;
- identity and access governance;
- SOC 2 Type II
- segregated development, testing, and production environments;
- centralized logging and monitoring;
- vulnerability scanning and patch management;
- secure software development practices;
- peer code review;
- security testing;
- incident response procedures;
- business continuity and disaster recovery planning;
- employee security and privacy training.
No system is completely secure. Emojot continuously evaluates and improves its security controls to address evolving risks.
14 - Data Retention
Emojot retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with client agreements, meet legal and regulatory obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.
Where Emojot processes personal data on behalf of a client, retention periods are generally determined by the client’s configuration, instructions, and applicable agreement with Emojot.
When personal data is no longer required, Emojot will delete, anonymize, or securely dispose of it in accordance with applicable law, client instructions, and Emojot’s retention and deletion procedures.
Backups and logs may be retained for limited periods for security, continuity, audit, legal, or operational purposes before being securely deleted or overwritten according to applicable retention schedules.
15 - Your Rights and Choices
Depending on your location and the context in which Emojot processes your personal data, you may have rights to:
- access personal data;
- correct or update personal data;
- request deletion of personal data;
- restrict or object to processing;
- request data portability;
- withdraw consent;
- opt out of marketing communications;
- object to certain automated processing or profiling where applicable;
- lodge a complaint with a data protection authority or regulator.
To exercise these rights, please contact Emojot using the contact information in this Policy.
Where Emojot processes personal data on behalf of a client, we may refer your request to the relevant client or ask you to contact the client directly. Emojot will support clients in responding to rights requests as required by applicable agreements and law.
You may unsubscribe from Emojot marketing communications by using the unsubscribe link in our emails or by contacting us.
16 - California Privacy Notice
This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies.
16.1 - Categories of Personal Information
Depending on the context, Emojot may collect or process the following categories of personal information:
- identifiers, such as name, email address, phone number, IP address, and account identifiers;
- commercial information, such as product interests, account details, and transaction-related information;
- internet or electronic network activity information, such as website usage, log data, device information, and interaction data;
- geolocation information, where provided or inferred from IP address or client configuration;
- professional or employment-related information, such as job title, company, department, or employee identifier;
- audio, electronic, visual, or similar information, where submitted through the Platform or support channels;
- inferences, analytics, sentiment indicators, recommendations, or derived insights generated from other information;
- sensitive personal information, if submitted through client-configured use cases or otherwise required for a specific lawful purpose.
16.2 - Sources of Personal Information
We may collect personal information from:
- individuals directly;
- Emojot clients;
- authorized Platform users;
- public sources;
- social media, review, and third-party platforms where configured by a client;
- service providers and business partners;
- cookies and similar technologies;
- security, operational, and analytics systems.
16.3 - Purposes of Collection and Use
We collect and use personal information for the purposes described in this Privacy Policy, including providing the Services, supporting clients, securing the Platform, conducting analytics, managing business relationships, marketing Emojot products and services, and complying with legal obligations.
16.4 - Sale or Sharing of Personal Information
Emojot does not sell personal information for money. Emojot also does not sell client-controlled personal data.
If Emojot uses advertising or analytics technologies that may be considered “sharing” under California law, California residents may exercise applicable opt-out rights through available cookie preference tools or by contacting Emojot.
16.5 - California Rights
California residents may have the right to:
- know what personal information we collect, use, disclose, sell, or share;
- access personal information;
- request deletion;
- request correction;
- opt out of sale or sharing where applicable;
- limit use or disclosure of sensitive personal information where applicable;
- not be discriminated against for exercising privacy rights.
Requests may be submitted using the contact information in this Policy. Where Emojot acts as a service provider for a client, we may direct the request to the relevant client.
17 - EEA and UK Privacy Notice
This section applies to individuals in the European Economic Area and the United Kingdom where the GDPR or UK GDPR applies.
17.1 - Controller and Processor Roles
For client-controlled data processed through the Platform, the relevant client is generally the controller and Emojot is the processor. For Emojot’s own business activities, Emojot is the controller.
17.2 - Legal Bases
The legal bases Emojot relies on are described in Section 8 of this Policy.
17.3 - International Transfers
Emojot may transfer personal data outside the EEA or UK as described in Section 11. Emojot uses appropriate safeguards such as Data Privacy Framework certification, Standard Contractual Clauses, or other lawful transfer mechanisms where applicable.
17.4 - Rights
Individuals in the EEA and UK may have the right to access, rectify, erase, restrict, object, request portability, withdraw consent, and lodge a complaint with a supervisory authority.
Where Emojot processes personal data on behalf of a client, individuals should generally contact the relevant client to exercise these rights.
18 - Sri Lanka Personal Data Protection Act Notice
This section applies where the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka, as amended or supplemented from time to time, applies to Emojot’s processing of personal data.
Emojot has operations in Sri Lanka through Emojot (Private) Limited and may process personal data in Sri Lanka in connection with the provision, support, development, security, compliance, and operation of the Services.
18.1 - Controller and Processor Roles
Where Emojot processes personal data on behalf of a business client, the client generally determines the purposes and means of processing and Emojot acts in accordance with the client’s instructions, applicable agreements, and applicable law.
Where Emojot processes personal data for its own business purposes, such as managing websites, sales, marketing, support, security, compliance, finance, administration, and business operations, Emojot acts as the relevant controller under applicable law.
18.2 - Purposes of Processing
Emojot may process personal data for the purposes described in this Privacy Policy, including to:
- provide, operate, secure, and improve the Services;
- support Unified Experience Intelligence use cases configured by clients;
- manage user accounts, authentication, and access controls;
- process customer, employee, complaint, workflow, social listening, online reputation, and analytics data on behalf of clients;
- provide support, account management, and business communications;
- conduct security monitoring, audit logging, compliance reviews, and incident response;
- comply with legal, regulatory, contractual, and governance obligations.
18.3 - Data Subject Rights
Subject to applicable law and any limitations under the PDPA, individuals may have rights in relation to their personal data, including rights to request access, correction, deletion or erasure, withdrawal of consent where processing is based on consent, objection to certain processing, and other rights recognized under applicable data protection law.
Where Emojot processes personal data on behalf of a client, individuals may need to submit their request directly to the relevant client. Emojot will support clients in responding to such requests as required by applicable agreements and law.
18.4 - Cross-Border Processing
Emojot may transfer or make personal data available outside Sri Lanka where necessary to provide the Services, support global operations, host data, use approved service providers or subprocessors, comply with legal obligations, or perform client agreements.
Where the PDPA applies to a transfer or processing of personal data outside Sri Lanka, Emojot will implement appropriate safeguards or rely on applicable transfer mechanisms as required by law.
18.5 - Security and Governance
Emojot applies administrative, technical, and organizational safeguards designed to protect personal data. These safeguards include access control, encryption, monitoring, vulnerability management, incident response, employee training, and governance processes described in this Privacy Policy.
18.6 - Contact and Complaints
Individuals with questions or requests relating to personal data processed by Emojot may contact Emojot using the contact details in this Privacy Policy. Individuals may also have the right to contact the Data Protection Authority of Sri Lanka where applicable.
19 - Children’s Privacy
Emojot’s websites and Services are not directed to children. Emojot does not knowingly collect personal data from children for its own purposes.
If a client uses Emojot to collect information from minors, the client is responsible for ensuring that such collection and processing complies with applicable law, including providing required notices and obtaining required parental, guardian, school, or other consents where necessary.
If Emojot becomes aware that it has collected personal data from a child outside a permitted context, we will take appropriate steps to delete the data or notify the relevant client, as applicable.
20 - Third-Party Offerings and Links
Our websites and Services may contain links to third-party websites, services, platforms, social networks, or applications. These third parties have their own privacy policies and practices. Emojot is not responsible for the privacy, security, or content practices of third parties that are not owned or controlled by Emojot.
21 - Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, business practices, or privacy practices. When we update this Policy, we will revise the “Last Updated” date above. Where required by law, we will provide additional notice or obtain consent for material changes.
22 - Contact Information
For questions, concerns, or requests regarding this Privacy Policy or Emojot’s privacy practices, please contact us at:
Emojot, Inc.
2108 N ST, STE N
Sacramento, CA 95816
United States
Email: privacy@emojot.com
Emojot Privacy Policy
1 - Introduction
Emojot, Inc. and its affiliates, including Emojot (Private) Limited, Sri Lanka, (collectively, “Emojot,” “we,” “our,” or “us”) provide a cloud-based, business-to-business Unified Experience Intelligence platform (the “Platform” or “Services”). Emojot helps business clients sense, understand, and act on customer, employee, brand, operational, social, reputation, complaint-related, and workflow-related experience signals across their enterprise.
This Privacy Policy explains how Emojot collects, uses, discloses, transfers, protects, and retains personal data in connection with our websites, products, services, marketing activities, and business operations.
Emojot primarily provides its Services to business clients. In many cases, our clients determine what personal data is collected through the Platform, why it is collected, how long it is retained, and how it is used. In those cases, the client is the data controller or business, and Emojot acts as a data processor or service provider on behalf of that client. Emojot may also act as a data controller for information we collect for our own business purposes, such as website visitors, business contacts, marketing leads, prospective customers, and users who interact directly with Emojot.
Emojot does not sell personal data.
2 - Scope of this Policy
This Privacy Policy applies to personal data processed by Emojot in connection with:
- Emojot websites and online properties;
- Emojot’s cloud-based Platform and Services;
- customer, employee, complaint, social listening, online reputation, workflow, and analytics use cases configured by Emojot clients;
- business development, marketing, sales, support, and customer success activities;
- security, compliance, audit, and operational activities.
This Privacy Policy does not apply to third-party websites, platforms, social networks, applications, or services that are not owned or controlled by Emojot, even if they are linked from or integrated with our Services. Those third parties maintain their own privacy notices and practices.
3 - Emojot’s Role: Controller, Processor, and Service Provider
3.1 - Emojot as a Data Processor or Service Provider
When Emojot processes personal data on behalf of a business client through the Platform, Emojot generally acts as a data processor or service provider. In these cases, the client is responsible for determining the purposes and lawful basis of processing, configuring the Platform, providing required privacy notices, obtaining required consents, managing end-user permissions, setting retention requirements, and responding to applicable data subject or consumer rights requests.
Examples of client-controlled processing may include:
- customer feedback and survey programs;
- employee experience surveys and workplace feedback programs;
- customer complaint management workflows;
- social listening, online reputation monitoring, and review management;
- customer service, messaging, and chatbot interactions;
- business process automation and case routing;
- analytics, reporting, benchmarking, and experience intelligence dashboards;
- integrations with client systems, third-party platforms, social channels, review platforms, CRM systems, HR systems, contact centers, or other enterprise applications.
Emojot processes client-controlled personal data only in accordance with applicable agreements, data processing terms, client instructions, and applicable law.
3.2 - Emojot as a Data Controller
Emojot acts as a data controller when we process personal data for our own business purposes, such as:
- managing our websites;
- responding to inquiries;
- managing business contacts and accounts;
- providing product demonstrations;
- conducting marketing and lead generation;
- managing contracts and billing;
- securing and improving our Services;
- complying with legal, regulatory, security, and compliance obligations.
4 - The Emojot Platform: Unified Experience Intelligence
Emojot’s Platform is designed to help organizations unify experience signals into actionable intelligence. Depending on how a client configures the Services, Emojot may process personal data and related metadata to help clients understand what is happening, why it is happening, where it is happening, and what action should be taken.
The Platform may support use cases such as:
- customer experience feedback and analytics;
- employee experience feedback and analytics;
- complaint intake, classification, routing, escalation, and resolution tracking;
- online reputation management and review monitoring;
- social listening and brand signal tracking;
- competitor benchmarking where configured by the client;
- sentiment, emotion, topic, and trend analysis;
- business process automation and workflow management;
- regulatory SLA tracking and audit trails;
- AI-assisted recommendations, alerts, summaries, and insights.
5 - Personal Data We Collect and Process
The categories of personal data Emojot collects or processes depend on the context in which the data is provided and how clients configure the Services.
5.1 - Business User and Account Data
We may collect information about authorized users of our Platform and Services, including:
- name;
- business email address;
- phone number;
- company name;
- job title or role;
- account credentials or authentication information;
- subscription, billing, and account administration details;
- support requests and communications.
We use this information to create and manage accounts, authenticate users, provide secure access, support clients, administer subscriptions, and operate the Services.
5.2 - End-Customer Data Processed for Clients
When clients use Emojot to collect or analyze customer experience signals, we may process information submitted by or about their customers, including:
- name;
- email address;
- phone number;
- customer identification number;
- feedback text;
- ratings and scores;
- survey responses;
- service-related complaints;
- issue categories;
- attachments or supporting information submitted through complaint or feedback channels;
- interaction history where configured by the client.
5.3 - Employee and Workforce Experience Data Processed for Clients
When clients use Emojot for employee experience or workforce feedback programs, we may process information submitted by or about employees, contractors, or other workforce participants, including:
- name;
- email address;
- phone number;
- employee identification number;
- department, role, branch, location, or team information;
- survey responses;
- feedback text;
- opinions, concerns, or complaints;
- workplace experience indicators;
- case or workflow data where configured by the client.
Clients are responsible for providing required employee notices and obtaining any required consents or approvals for employee-related processing.
5.4 - Publicly Available, Social Listening, and Online Reputation Data
Where configured by a client and permitted by applicable law and platform terms, Emojot may process publicly available or third-party experience signals, including information from:
- public social media posts;
- public profiles or usernames;
- review sites;
- ratings platforms;
- app stores;
- public forums;
- blogs;
- websites;
- public comments;
- competitor or market benchmark sources;
- other publicly available digital channels.
This information may include names, usernames, public profile information, posts, comments, ratings, reviews, timestamps, engagement metrics, sentiment indicators, and related metadata.
Emojot does not control third-party platforms or public sources. Clients are responsible for ensuring that their configuration and use of public-source or third-party data complies with applicable laws, third-party terms, and their own privacy obligations.
5.5 - Complaint, Case, Workflow, and Audit Data
When clients use Emojot for complaint handling, case management, workflow automation, or regulated process tracking, we may process:
- complaint details;
- issue type or category;
- severity, urgency, or risk classification;
- responsible team, role, branch, or agent;
- SLA status and deadlines;
- escalation history;
- notes and resolution details;
- evidence or attachments;
- audit trail events;
- timestamps and user actions.
5.6 - Experience Context and Enterprise Hierarchy Metadata
To support Unified Experience Intelligence, Emojot may process contextual metadata associated with experience signals, including:
- region, country, branch, store, site, department, counter, team, agent, or other hierarchy information;
- journey stage;
- channel;
- campaign, workflow, or sensor identifier;
- stakeholder type, such as customer, employee, partner, or visitor;
- time, date, and session context;
- device, browser, and technical metadata;
- location data where provided by the client, user, or device and permitted by law.
This context helps clients identify where experience issues arise, understand root causes, route actions, and measure outcomes.
5.7 - AI-Generated, Derived, and Analytical Data
Emojot may generate derived data or analytics from the data processed through the Platform, including:
- sentiment indicators;
- emotion indicators;
- topic classifications;
- summaries;
- translations;
- anomaly signals;
- trend indicators;
- predicted risk or urgency;
- recommended actions;
- workflow routing suggestions;
- aggregated benchmarks and reports.
Where such outputs relate to identifiable individuals, they are treated as personal data in accordance with applicable law.
5.8 - Marketing and Lead Generation Data
We may collect personal data in the course of marketing, sales, and business development activities, including:
- name;
- business contact details;
- company name;
- job title;
- country or region;
- product interests;
- event, webinar, or demo registration details;
- communications with Emojot;
- website interactions and campaign engagement data.
We use this information to respond to inquiries, provide information about our products and services, manage marketing communications, conduct business development, and improve our outreach.
5.9 - Technical, Operational, and Security Data
We automatically collect certain information to support security, availability, operations, analytics, and service improvement, including:
- IP address;
- browser type;
- operating system;
- device identifiers;
- access times;
- referring website addresses;
- usage logs;
- authentication events;
- audit logs;
- error logs;
- system performance data;
- security monitoring data.
We may use cookies and similar technologies as described in this Policy and any applicable Cookie Notice.
5.10 - Sensitive Personal Data
Emojot does not intentionally collect sensitive personal data unless it is provided by a client, user, or individual through a configured use case, or unless required for a specific lawful purpose. Depending on the client’s configuration, sensitive data may be included in open-text feedback, complaints, employee feedback, or attachments submitted through the Platform.
Where sensitive personal data is processed, Emojot applies appropriate safeguards and processes such data in accordance with client instructions, applicable agreements, and applicable law.
6 - How We Use Personal Data
Emojot uses personal data for the following purposes, depending on the context:
- to provide, operate, maintain, and secure the Services;
- to authenticate users and manage access;
- to enable clients to collect, analyze, and respond to experience signals;
- to support complaint handling, case routing, workflow automation, escalation, and resolution tracking;
- to generate dashboards, reports, alerts, summaries, recommendations, and insights;
- to support customer service, technical support, and account management;
- to monitor system performance, reliability, and security;
- to detect, investigate, prevent, and respond to security incidents, fraud, misuse, and policy violations;
- to improve and develop our Services;
- to conduct marketing, business development, and customer communications;
- to comply with legal, contractual, regulatory, security, and compliance obligations;
- to enforce agreements and protect the rights, safety, and property of Emojot, our clients, users, and others.
7 - AI, Analytics, and Automated Processing
Emojot uses artificial intelligence, machine learning, analytics, and automation technologies to support the functionality of the Platform. These technologies may be used to:
- classify feedback, complaints, topics, and themes;
- detect sentiment and emotion indicators;
- summarize text or interactions;
- translate content;
- identify trends, anomalies, and emerging risks;
- recommend actions or next steps;
- route complaints, cases, or workflows;
- support SLA tracking and escalation;
- generate dashboards, reports, and alerts;
- assist customer service or chatbot interactions where configured by a client.
AI-generated outputs are designed to assist clients and authorized users. Emojot does not use AI to make decisions that produce legal or similarly significant effects on individuals unless directed by a client under appropriate contractual, legal, and human-review safeguards.
Clients are responsible for determining whether AI-assisted processing is appropriate for their use case, providing required notices, obtaining required consents, and ensuring appropriate human oversight where required by law or internal policy.
8 - Lawful Bases for Processing
Where applicable data protection law requires a lawful basis for processing, Emojot relies on one or more of the following lawful bases:
- Consent: where an individual has given consent, such as for certain marketing communications or optional feedback activities;
- Contract: where processing is necessary to perform a contract with a client, supplier, partner, or user;
- Legitimate interests: such as providing, securing, improving, and promoting our Services, managing business relationships, conducting analytics, preventing fraud, and maintaining system integrity;
- Legal obligations: where processing is necessary to comply with applicable laws, regulations, legal processes, or governmental requests;
- Client instructions: where Emojot processes personal data as a processor or service provider on behalf of a client.
Where we rely on consent, individuals may withdraw consent at any time. Where we rely on legitimate interests, individuals may have the right to object to processing, subject to applicable law.
9 - Cookies and Similar Technologies
Emojot may use cookies, pixels, tags, local storage, and similar technologies on our websites and Services. These technologies may be used to:
- enable core website and Platform functionality;
- authenticate users and maintain secure sessions;
- remember preferences;
- analyze website and product usage;
- improve performance and user experience;
- support marketing and campaign measurement;
- detect and prevent fraud, abuse, and security risks.
Cookies may be placed by Emojot or by third-party service providers. Depending on your location, you may be able to manage cookie preferences through a cookie banner, preference center, browser settings, or other available mechanisms.
Where required by applicable law, Emojot will obtain consent before using non-essential cookies or similar technologies.
10 - How We Disclose Personal Data
Emojot may disclose personal data to the following categories of recipients:
10.1 - Clients
Where Emojot processes personal data on behalf of a client, we may make that data available to the relevant client and authorized client users in accordance with the client’s configuration, permissions, and agreement with Emojot.
10.2 - Service Providers and Subprocessors
We may disclose personal data to service providers, subprocessors, and vendors that support our business and Services, including providers of:
- cloud hosting and infrastructure;
- database services;
- identity and access management;
- analytics and monitoring;
- customer support;
- security monitoring;
- communications and email delivery;
- CRM, marketing, and business operations;
- professional services, legal, audit, and compliance support.
These service providers are authorized to process personal data only as necessary to provide services to Emojot and are subject to appropriate contractual and security obligations.
10.3 - Third-Party Integrations Configured by Clients
Clients may configure integrations between Emojot and third-party systems, platforms, or channels. Data shared through such integrations is governed by the client’s configuration, the relevant third-party terms, and applicable law. Emojot is not responsible for privacy or security practices of third-party systems that are not controlled by Emojot.
10.4 - Legal, Regulatory, and Safety Purposes
We may disclose personal data where we believe disclosure is necessary or appropriate to:
- comply with applicable law, regulation, legal process, or governmental request;
- protect the rights, safety, and property of Emojot, our clients, users, or others;
- detect, investigate, prevent, or respond to fraud, security incidents, or misuse;
- enforce agreements and policies;
- support legal claims, audits, investigations, or compliance requirements.
Where legally permitted and appropriate, Emojot will notify affected clients of requests for client-controlled data.
10.5 - Business Transactions
If Emojot is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction, personal data may be disclosed or transferred as part of that transaction, subject to appropriate safeguards and applicable law.
11 - International Data Transfers
Emojot operates globally and may transfer personal data to the United States, Sri Lanka, and other countries where Emojot, its affiliates, clients, service providers, or subprocessors operate.
Emojot’s primary cloud infrastructure is hosted in the United States. Personal data collected in the European Economic Area, United Kingdom, or other jurisdictions may be transferred to the United States or other countries in accordance with applicable data protection laws.
For transfers from the European Union and the United Kingdom, Emojot relies primarily on its certification under the EU–U.S. Data Privacy Framework and the UK Extension to the EU–U.S. Data Privacy Framework, where applicable. Where other transfer mechanisms are required, such as Standard Contractual Clauses or equivalent safeguards, Emojot will implement appropriate safeguards to protect personal data.
12 - Data Privacy Framework Commitments for Covered Transfers
Emojot applies privacy and security safeguards to personal data processed through its Services regardless of where individuals are located. This section provides additional information about Emojot’s commitments for personal data transferred to the United States in reliance on the Data Privacy Framework.
Emojot complies with the EU–U.S. Data Privacy Framework and the UK Extension to the EU–U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Emojot has certified to the U.S. Department of Commerce that it adheres to the EU–U.S. Data Privacy Framework Principles with respect to personal data received from the European Union and the United Kingdom in reliance on the Data Privacy Framework.
If there is any conflict between the terms of this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.
To learn more about the Data Privacy Framework program, and to view Emojot’s certification, please visit https://www.dataprivacyframework.gov.
12.1 - Accountability for Onward Transfers
Emojot may transfer personal data to third-party agents, service providers, or subprocessors that perform services on our behalf. Emojot remains responsible and liable under the Data Privacy Framework Principles if third-party agents process personal data in a manner inconsistent with the Principles, unless Emojot proves that it is not responsible for the event giving rise to the damage.
12.2 - Choice
Individuals may have the right to opt out of having their personal data disclosed to third parties or used for purposes materially different from the purpose for which it was originally collected or subsequently authorized. Emojot will obtain affirmative express consent where required for sensitive personal data under the Data Privacy Framework Principles.
12.3 - Access, Correction, and Deletion
Individuals may have the right to access personal data Emojot holds about them and to request correction, amendment, or deletion where inaccurate or processed in violation of the Data Privacy Framework Principles, subject to contractual, legal, and technical limitations.
Where Emojot processes personal data on behalf of a client, individuals may need to direct their request to the relevant client.
12.4 - Recourse, Enforcement, and Liability
Emojot’s compliance with the Data Privacy Framework is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
In compliance with the EU–U.S. Data Privacy Framework and the UK Extension, Emojot commits to resolve complaints about our collection or use of personal data. Individuals whose personal data is covered by the Data Privacy Framework should first contact Emojot using the contact information provided in this Policy.
If we are unable to resolve a Data Privacy Framework-related complaint directly, Emojot commits to refer unresolved complaints to JAMS, an alternative dispute resolution provider based in the United States. The services of JAMS are provided at no cost to individuals. More information is available at https://www.jamsadr.com/DPF-Dispute-Resolution.
For human resources data received in reliance on the Data Privacy Framework in the context of the employment relationship, Emojot commits to cooperate and comply with the advice of the panel established by the EU data protection authorities and the UK Information Commissioner’s Office, as applicable.
Under certain conditions, individuals may invoke binding arbitration for residual claims not resolved by other redress mechanisms.
13 - Security
Emojot maintains a security and compliance program aligned with internationally recognized standards. Emojot is ISO/IEC 27001:2022 certified and has completed a attestation covering applicable trust services criteria, including Security, Availability, and Confidentiality. These certifications and attestations support Emojot’s commitment to protecting customer data through independently reviewed governance, security, risk management, access control, monitoring, and operational controls.
Emojot’s safeguards include, as applicable:
- encryption in transit using TLS;
- encryption at rest;
- encrypted backups;
- role-based access control;
- least-privilege access;
- multi-factor authentication;
- identity and access governance;
- SOC 2 Type II
- segregated development, testing, and production environments;
- centralized logging and monitoring;
- vulnerability scanning and patch management;
- secure software development practices;
- peer code review;
- security testing;
- incident response procedures;
- business continuity and disaster recovery planning;
- employee security and privacy training.
No system is completely secure. Emojot continuously evaluates and improves its security controls to address evolving risks.
14 - Data Retention
Emojot retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with client agreements, meet legal and regulatory obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.
Where Emojot processes personal data on behalf of a client, retention periods are generally determined by the client’s configuration, instructions, and applicable agreement with Emojot.
When personal data is no longer required, Emojot will delete, anonymize, or securely dispose of it in accordance with applicable law, client instructions, and Emojot’s retention and deletion procedures.
Backups and logs may be retained for limited periods for security, continuity, audit, legal, or operational purposes before being securely deleted or overwritten according to applicable retention schedules.
15 - Your Rights and Choices
Depending on your location and the context in which Emojot processes your personal data, you may have rights to:
- access personal data;
- correct or update personal data;
- request deletion of personal data;
- restrict or object to processing;
- request data portability;
- withdraw consent;
- opt out of marketing communications;
- object to certain automated processing or profiling where applicable;
- lodge a complaint with a data protection authority or regulator.
To exercise these rights, please contact Emojot using the contact information in this Policy.
Where Emojot processes personal data on behalf of a client, we may refer your request to the relevant client or ask you to contact the client directly. Emojot will support clients in responding to rights requests as required by applicable agreements and law.
You may unsubscribe from Emojot marketing communications by using the unsubscribe link in our emails or by contacting us.
16 - California Privacy Notice
This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies.
16.1 - Categories of Personal Information
Depending on the context, Emojot may collect or process the following categories of personal information:
- identifiers, such as name, email address, phone number, IP address, and account identifiers;
- commercial information, such as product interests, account details, and transaction-related information;
- internet or electronic network activity information, such as website usage, log data, device information, and interaction data;
- geolocation information, where provided or inferred from IP address or client configuration;
- professional or employment-related information, such as job title, company, department, or employee identifier;
- audio, electronic, visual, or similar information, where submitted through the Platform or support channels;
- inferences, analytics, sentiment indicators, recommendations, or derived insights generated from other information;
- sensitive personal information, if submitted through client-configured use cases or otherwise required for a specific lawful purpose.
16.2 - Sources of Personal Information
We may collect personal information from:
- individuals directly;
- Emojot clients;
- authorized Platform users;
- public sources;
- social media, review, and third-party platforms where configured by a client;
- service providers and business partners;
- cookies and similar technologies;
- security, operational, and analytics systems.
16.3 - Purposes of Collection and Use
We collect and use personal information for the purposes described in this Privacy Policy, including providing the Services, supporting clients, securing the Platform, conducting analytics, managing business relationships, marketing Emojot products and services, and complying with legal obligations.
16.4 - Sale or Sharing of Personal Information
Emojot does not sell personal information for money. Emojot also does not sell client-controlled personal data.
If Emojot uses advertising or analytics technologies that may be considered “sharing” under California law, California residents may exercise applicable opt-out rights through available cookie preference tools or by contacting Emojot.
16.5 - California Rights
California residents may have the right to:
- know what personal information we collect, use, disclose, sell, or share;
- access personal information;
- request deletion;
- request correction;
- opt out of sale or sharing where applicable;
- limit use or disclosure of sensitive personal information where applicable;
- not be discriminated against for exercising privacy rights.
Requests may be submitted using the contact information in this Policy. Where Emojot acts as a service provider for a client, we may direct the request to the relevant client.
17 - EEA and UK Privacy Notice
This section applies to individuals in the European Economic Area and the United Kingdom where the GDPR or UK GDPR applies.
17.1 - Controller and Processor Roles
For client-controlled data processed through the Platform, the relevant client is generally the controller and Emojot is the processor. For Emojot’s own business activities, Emojot is the controller.
17.2 - Legal Bases
The legal bases Emojot relies on are described in Section 8 of this Policy.
17.3 - International Transfers
Emojot may transfer personal data outside the EEA or UK as described in Section 11. Emojot uses appropriate safeguards such as Data Privacy Framework certification, Standard Contractual Clauses, or other lawful transfer mechanisms where applicable.
17.4 - Rights
Individuals in the EEA and UK may have the right to access, rectify, erase, restrict, object, request portability, withdraw consent, and lodge a complaint with a supervisory authority.
Where Emojot processes personal data on behalf of a client, individuals should generally contact the relevant client to exercise these rights.
18 - Sri Lanka Personal Data Protection Act Notice
This section applies where the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka, as amended or supplemented from time to time, applies to Emojot’s processing of personal data.
Emojot has operations in Sri Lanka through Emojot (Private) Limited and may process personal data in Sri Lanka in connection with the provision, support, development, security, compliance, and operation of the Services.
18.1 - Controller and Processor Roles
Where Emojot processes personal data on behalf of a business client, the client generally determines the purposes and means of processing and Emojot acts in accordance with the client’s instructions, applicable agreements, and applicable law.
Where Emojot processes personal data for its own business purposes, such as managing websites, sales, marketing, support, security, compliance, finance, administration, and business operations, Emojot acts as the relevant controller under applicable law.
18.2 - Purposes of Processing
Emojot may process personal data for the purposes described in this Privacy Policy, including to:
- provide, operate, secure, and improve the Services;
- support Unified Experience Intelligence use cases configured by clients;
- manage user accounts, authentication, and access controls;
- process customer, employee, complaint, workflow, social listening, online reputation, and analytics data on behalf of clients;
- provide support, account management, and business communications;
- conduct security monitoring, audit logging, compliance reviews, and incident response;
- comply with legal, regulatory, contractual, and governance obligations.
18.3 - Data Subject Rights
Subject to applicable law and any limitations under the PDPA, individuals may have rights in relation to their personal data, including rights to request access, correction, deletion or erasure, withdrawal of consent where processing is based on consent, objection to certain processing, and other rights recognized under applicable data protection law.
Where Emojot processes personal data on behalf of a client, individuals may need to submit their request directly to the relevant client. Emojot will support clients in responding to such requests as required by applicable agreements and law.
18.4 - Cross-Border Processing
Emojot may transfer or make personal data available outside Sri Lanka where necessary to provide the Services, support global operations, host data, use approved service providers or subprocessors, comply with legal obligations, or perform client agreements.
Where the PDPA applies to a transfer or processing of personal data outside Sri Lanka, Emojot will implement appropriate safeguards or rely on applicable transfer mechanisms as required by law.
18.5 - Security and Governance
Emojot applies administrative, technical, and organizational safeguards designed to protect personal data. These safeguards include access control, encryption, monitoring, vulnerability management, incident response, employee training, and governance processes described in this Privacy Policy.
18.6 - Contact and Complaints
Individuals with questions or requests relating to personal data processed by Emojot may contact Emojot using the contact details in this Privacy Policy. Individuals may also have the right to contact the Data Protection Authority of Sri Lanka where applicable.
19 - Children’s Privacy
Emojot’s websites and Services are not directed to children. Emojot does not knowingly collect personal data from children for its own purposes.
If a client uses Emojot to collect information from minors, the client is responsible for ensuring that such collection and processing complies with applicable law, including providing required notices and obtaining required parental, guardian, school, or other consents where necessary.
If Emojot becomes aware that it has collected personal data from a child outside a permitted context, we will take appropriate steps to delete the data or notify the relevant client, as applicable.
20 - Third-Party Offerings and Links
Our websites and Services may contain links to third-party websites, services, platforms, social networks, or applications. These third parties have their own privacy policies and practices. Emojot is not responsible for the privacy, security, or content practices of third parties that are not owned or controlled by Emojot.
21 - Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, business practices, or privacy practices. When we update this Policy, we will revise the “Last Updated” date above. Where required by law, we will provide additional notice or obtain consent for material changes.
22 - Contact Information
For questions, concerns, or requests regarding this Privacy Policy or Emojot’s privacy practices, please contact us at:
Emojot, Inc.
2108 N ST, STE N
Sacramento, CA 95816
United States
Email: privacy@emojot.com