Reference → SGEN Privacy Policy

SGEN Privacy Policy

Last updated: 2026-05-27

This Privacy Policy explains how NEGS117 LLC (doing business as "SGEN") ("SGEN," "we," "us," "our") collects, uses, discloses, and protects information when you access or use our websites, applications, platform, and related services (collectively, the "Services").

This policy applies to:

  • Account holders and administrators using SGEN.
  • Visitors and customers of websites and stores built on SGEN ("End Users"), where SGEN processes information on behalf of an SGEN customer.
By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

1. Roles: SGEN vs. Our Customers

SGEN is a platform that lets customers build, host, and manage websites and related functionality — forms, ecommerce, analytics, integrations.

Account and platform data. For information we collect about you as an SGEN account holder (login, billing, platform usage), SGEN acts as a data controller.

Customer website data. For information collected through websites built on SGEN (form submissions, customer orders, visitor analytics configured by the customer), the SGEN customer is the data controller. SGEN acts as a service provider and data processor on the customer's behalf.

EU and UK customers who use SGEN as a processor for their own end-user data should refer to our Data Processing Agreement at /dpa, or contact legal@sgen.com to request a copy.

If you are an End User of a customer's website, review that website's privacy policy for information about the customer's practices.

2. Information We Collect

We collect information three ways: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

A. Information you provide

Account registration. Name, email address, password (stored in hashed form), and optional profile details such as company name and profile photo.

Billing and subscription. Billing contact details and subscription status. Payment information is processed by third-party payment processors (Stripe). We do not store full payment card numbers.

Content and configuration. Content you upload or create — websites, pages, media, products — plus settings and configuration you apply within the platform.

Communications. Information you send via support requests, surveys, feedback, or other contact.

Phone number. We may collect your phone number for account verification and one-time passwords (OTPs) via SMS. We do not use phone numbers for marketing. SMS opt-in data and consent are not shared with third parties or affiliates for marketing or promotional purposes.

B. Information collected automatically

Device and network data. Browser type, operating system, device identifiers, IP address, approximate location derived from IP, and similar technical data.

Log and activity data. Access times, pages viewed, actions taken in the platform, referring URLs, error logs, and performance data.

Usage analytics. Interaction patterns, feature usage, time spent, navigation paths, and diagnostic events.

Cookies and similar technologies. We use cookies, pixels, local storage, and similar technologies for authentication, security, preferences, analytics, and (where applicable) marketing. See our Cookie Policy at /cookie-policy.

C. Information from third parties

OAuth providers. If you sign in using Google, GitHub, or other OAuth providers, we receive basic profile information (name, email, profile photo) as authorised by you.

Analytics providers. We may receive aggregated or event-level analytics signals from analytics providers.

Payment processors. We receive payment confirmations, billing status, and subscription metadata from our payment processors.

3. How We Use Information

We use information to:

  • provide, operate, maintain, and improve the Services;
  • create and manage accounts, authentication, and security;
  • process subscriptions and send invoices, receipts, and service communications;
  • provide support and respond to requests;
  • monitor and analyse usage, performance, and trends;
  • detect, prevent, and investigate fraud, abuse, security incidents, and illegal activity;
  • enforce our Terms of Service and Acceptable Use Policy; and
  • comply with legal obligations.
Aggregated and de-identified data. We may generate aggregated and de-identified data from use of the Services — platform performance metrics, feature adoption, reliability statistics. This data does not identify you or your End Users and may be used for product improvement and analytics.

4. Legal Bases for Processing (EU and UK)

If you are located in the EU (EEA) or UK, we process personal data under one or more of the following legal bases under the UK GDPR and EU GDPR:

Contract. To provide the Services you have requested.

Legitimate interests. To operate, secure, and improve the Services; prevent fraud and abuse; communicate about the Services where permitted.

Legal obligation. To comply with applicable law — tax, lawful requests, regulatory obligations.

Consent. Where required — certain cookies, marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

If you have questions about the specific legal basis for any processing activity, contact legal@sgen.com.

5. Google API Services — Limited Use

SGEN's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google account to SGEN, we may request access to specific Google services to enable features:

Google serviceScopePurpose
Google Account (basic profile)email, profile, openidAccount creation, authentication, profile personalisation
Google Search Consolewebmasters.readonlyDisplay search performance data in your dashboard (read-only)
Google Analyticsanalytics.readonlyDisplay analytics data in your dashboard (read-only)
Google Business Profilebusiness.manageAllow you to manage your Business Profile from within SGEN at your direction
Limited use compliance:
  • We use Google data only for the purposes described above.
  • We do not sell Google user data.
  • We do not use Google user data for advertising.
  • We do not transfer Google user data to third parties except as necessary to provide the Services, with your consent, or as required by law.
  • Human access to Google user data is limited to support needs with your affirmative consent, or where required by law.

6. How We Share Information

We do not sell your personal information.

We share information only in the following circumstances:

Service providers. We share information with vendors who help us operate the Services — cloud hosting, content delivery, monitoring, email delivery, customer support tooling, payment processing. They are permitted to process information only to provide services to us and must protect it under contractual obligations.

For EU and UK customers, these vendors may be sub-processors under our Data Processing Agreement. A list of current sub-processors is available at /sub-processors or on request via legal@sgen.com.

Integrations you enable. If you connect third-party services (analytics, CRMs, email providers), those third parties may receive data as part of the integration. Your use of third-party services is governed by their terms and privacy policies.

Legal and safety. We may disclose information to comply with law, subpoenas, court orders, or lawful government requests, or to protect the rights, safety, and security of SGEN, our users, or others. Where permitted, we will notify you before disclosing information.

Business transfers. If SGEN is involved in a merger, acquisition, financing, reorganisation, or sale of assets, information may be transferred as part of that transaction. We will notify you as required by law.

Aggregated and de-identified information. We may share aggregated or de-identified information that cannot reasonably be used to identify you.

7. Data Retention

We retain information for as long as necessary to provide the Services and for legitimate business or legal purposes — security, dispute resolution, compliance.

Data typeTypical retention
Account dataRetained while account is active. On deletion, personal account data is deleted or de-identified consistent with the retention periods listed above and any longer period required by law
Customer website content and dataRetained while the customer account is active. Deletion timing may depend on customer actions and platform configuration
Billing and tax recordsRetained as required by applicable law and standard accounting practices
Security logsRetained for a limited period appropriate for security and debugging
Aggregated and de-identified analyticsMay be retained longer
EU and UK customers subject to GDPR should note that retention periods above are indicative. Where a Data Processing Agreement is in place, the DPA governs retention and deletion obligations for customer data processed on your behalf.

8. Your Rights and Choices

All users

Marketing emails. Unsubscribe using the link in any marketing email. Transactional and service emails may still be sent as necessary to provide the Services.

Cookies. Manage preferences through our cookie banner (where available) and through your browser settings.

Account controls. Access, update, or delete certain information through your account settings where available.

EU residents (GDPR — EEA)

Under the EU General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data:

  • Access (Art 15). Request a copy of the personal data we hold about you.
  • Rectification (Art 16). Request correction of inaccurate or incomplete data.
  • Erasure (Art 17). Request deletion of your personal data, subject to legal grounds for continued retention.
  • Restriction of processing (Art 18). Request that we restrict how we use your data in certain circumstances.
  • Data portability (Art 20). Receive your personal data in a structured, commonly used, machine-readable format.
  • Object (Art 21). Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent. Where processing is based on consent, withdraw consent at any time without affecting prior lawfulness.
To exercise any of these rights, contact legal@sgen.com. We will respond within 30 days (extendable to 60 days for complex requests, with notice). We may need to verify your identity.

EU residents may lodge a complaint with the supervisory authority in their EU member state of residence, work, or place of alleged infringement. A full list of EU supervisory authorities is available at edpb.europa.eu.

UK residents (UK GDPR — post-Brexit)

UK residents have equivalent rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The supervisory authority in the UK is the Information Commissioner's Office (ICO) at ico.org.uk.

To lodge a complaint with the ICO: ico.org.uk/make-a-complaint.

EU and UK customers seeking representative information may contact legal@sgen.com.

California residents (CCPA/CPRA)

California residents may have rights to know, access, delete, correct, and opt out of certain sharing and targeted advertising where applicable. SGEN does not sell personal information.

9. Security

SGEN uses administrative, technical, and organisational safeguards designed to protect information against unauthorised access, disclosure, alteration, and destruction. No system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for using strong passwords and available security features (such as two-factor authentication where offered).

For SGEN's full security architecture and posture, see /security.

10. International Data Transfers

SGEN is based in the United States. Information may be processed in the United States and other countries where we or our service providers operate.

When we transfer personal data from the EU or UK to countries not recognised as providing an adequate level of protection, we use appropriate safeguards. SGEN uses Standard Contractual Clauses (SCCs) as the default cross-border transfer mechanism. For the Data Privacy Framework status of specific service providers, contact legal@sgen.com.

11. Children's Privacy

The Services are not directed to children under 13 (or under 16 in certain jurisdictions, including the EU and UK). We do not knowingly collect personal information from children. If you believe a child has provided personal information to SGEN, contact legal@sgen.com and we will take appropriate steps to delete it.

12. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, security, preferences, analytics, and (where applicable) marketing. See our Cookie Policy at /cookie-policy for a full breakdown by category (essential, analytics, marketing).

EU and UK visitors: our cookie banner provides granular controls. You can accept, reject, or manage categories of cookies. Consent for non-essential cookies is not a condition of using the Services.

13. Changes to This Policy

We may update this Privacy Policy. We will update the "Last Updated" date above. If changes are material, we will provide additional notice — by email or in-product notice — as required by applicable law, including EU GDPR Art 13/14 obligations where applicable.

14. Contact

Privacy and legal enquiries: legal@sgen.com

Company: NEGS117 LLC d/b/a SGEN

Address: 360 E Desert Inn Rd #1501, Las Vegas NV 89109, USA

Related compliance documents

The following companion documents are available on request or at the paths listed. Contact legal@sgen.com for any document not yet published.

  • /security — SGEN security posture statement
  • /dpa — Data Processing Agreement template, Art 28 compliant
  • /sub-processors — Current sub-processors list
  • /cookie-policy — Cookie categories and controls
On this page