Privacy notice

ExtraApprove provides software for businesses to create and manage extra-work approval records. You can contact us at hello@extraapprove.com.

For business account information, security, service operation, and billing-related records, ExtraApprove acts for its own business purposes.

For customer approval records created by a business user, the business user decides what information is entered, why it is entered, who receives the approval link, and how long the record is needed. In that context, the business user is responsible for the customer relationship and for responding to customer privacy requests about the records they create.

ExtraApprove may collect and store:

• account details such as email address, authentication data, workspace name, and settings;
• approval details such as titles, job references, site addresses, descriptions, prices, currencies, timing notes, and status;
• customer details entered by business users, such as customer name, email address, and optional phone number;
• uploaded proof files such as photos, screenshots, quotes, PDFs, completion evidence, and file metadata;
• customer action records such as typed names, approval decisions, decline reasons, questions, completion confirmations, review notes, verified email, timestamps, and IP addresses;
• transactional email records needed to send secure approval links and troubleshoot delivery; and
• technical data such as device/browser information, logs, security events, and usage needed to operate and protect the service.

We use information to:

• provide, secure, maintain, and improve ExtraApprove;
• create approval records, proof files, customer review pages, activity trails, and PDF proof records;
• authenticate users and verify customer email actions;
• send transactional emails, including secure approval links;
• detect, prevent, and respond to fraud, abuse, misuse, security incidents, and legal requests;
• support users and troubleshoot product issues; and
• comply with legal, accounting, tax, security, and operational obligations.

Where privacy law requires a legal basis, we rely on contract performance to provide the service, legitimate interests to secure and improve the product, legal obligations where applicable, and consent where a specific consent flow is used.

We do not sell personal information. We may share information with vendors that help operate ExtraApprove, including hosting, database, storage, authentication, email delivery, security, analytics, support, and payment providers if billing is enabled.

We may also disclose information if required by law, court order, legal process, security investigation, fraud prevention, or to protect the rights, safety, and property of ExtraApprove, users, customers, or others.

ExtraApprove and its service providers may process and store data in countries outside Fiji and outside the country where a user or customer lives. Those countries may have different privacy laws. Where required, we use appropriate contractual and technical safeguards for service provider processing.

Uploaded evidence is private by default. ExtraApprove may generate temporary signed links so the business and customer can view files connected to a specific approval.

We use reasonable technical and organizational safeguards, including authenticated access, private storage, and restricted database access. No internet service can guarantee perfect security, so users should avoid uploading information that is not needed for the approval record.

We keep account data and approval records for as long as needed to provide the service, maintain records, comply with legal obligations, resolve disputes, prevent abuse, and support business users. Backups, logs, and security records may remain for a limited period after deletion from the main product.

Business users may need to keep approval records for their own legal, tax, accounting, warranty, or dispute reasons. Customer deletion or correction requests about a business-created approval should usually be directed to the business that created the record.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information. You may also have the right to complain to a privacy or consumer authority in your location.

If you are a customer reviewing a business approval, contact that business first because it controls the record it created. You can also contact ExtraApprove at hello@extraapprove.com, and we will help route or evaluate the request.

ExtraApprove is not intended for children under 18. Do not use the service to collect information from children.

Do not upload medical records, government IDs, full payment card numbers, bank account details, tax identifiers, passwords, private keys, or other highly sensitive data unless you have confirmed that your use is lawful, necessary, and appropriate for ExtraApprove.

ExtraApprove sends transactional emails such as secure approval links and account-related messages. These are not marketing emails and are needed to operate the approval workflow.

We may update this notice as ExtraApprove changes. The effective date shows when the notice was last updated.