Privacy Policy

Effective date: [TODO: insert effective date]

1. Introduction

[TODO: legal copy — who we are, what this policy covers, how it applies to customers and respondents. Include data controller identification.]

2. Information We Collect

[TODO: legal copy — categorize data collected:]

  • Account data: [TODO: name, company, email, hashed password]
  • Billing data: [TODO: payment method stored via Stripe — we do not store raw card numbers]
  • Survey content: [TODO: survey objectives, questions, respondent answers, interview transcripts]
  • Usage data: [TODO: log data, IP addresses, browser type, pages visited]
  • Respondent data: [TODO: data provided by respondents during interviews, collected on behalf of customers]

3. How We Use Your Information

[TODO: legal copy — service delivery, billing, communications, product improvement (with appropriate controls), legal compliance, fraud prevention.]

4. Legal Basis for Processing

[TODO: legal copy — applicable for GDPR: contract performance, legitimate interests, legal obligation, consent where required.]

5. Sharing and Disclosure

[TODO: legal copy — we do not sell personal data. List sub-processors: Stripe (payments), SMTP2Go (email), AI provider, cloud infrastructure. Legal disclosures.]

6. Data Retention

[TODO: legal copy — account data retention while active plus grace period, interview transcript retention policy, how customers can request deletion.]

7. Security

[TODO: legal copy — encryption in transit (TLS), encryption at rest, access controls, password hashing (bcrypt), Stripe PCI compliance for payment data.]

8. International Transfers

[TODO: legal copy — if applicable, describe cross-border data transfers and safeguards (Standard Contractual Clauses, adequacy decisions, etc.).]

9. Your Rights

[TODO: legal copy — depending on your jurisdiction, you may have rights including:]

  • [TODO: Right of access — obtain a copy of your personal data]
  • [TODO: Right to rectification — correct inaccurate data]
  • [TODO: Right to erasure — request deletion of your data]
  • [TODO: Right to portability — receive your data in a portable format]
  • [TODO: Right to object — object to certain processing]
  • [TODO: Rights related to automated decision making]

10. Cookies and Tracking

[TODO: legal copy — describe cookies used: session cookies, any analytics, no third-party advertising trackers. Cookie consent mechanism if applicable.]

11. Children's Privacy

[TODO: legal copy — service not directed to individuals under 16 (or applicable age), process for handling data inadvertently collected from minors.]

12. Changes to This Policy

[TODO: legal copy — how we will notify you of material changes, effective date updates, continued use constitutes acceptance.]

13. Contact and Complaints

For privacy-related requests or complaints, contact us at info@surveyninja.ca. [TODO: If applicable, add DPO contact and supervisory authority information.]