Privacy Policy

Last updated and effective as of May 20, 2024

1. Welcome to Sturdy!

SturdyAI Inc. (“Sturdy”, “we”, or “us”) is a software company that provides products and services for customers to turn their communications into capital, to make sure that the right information gets to the right people, at the right time, every time.

This Privacy Policy applies to your use of Sturdy's tools, website, services, and platform, including any associated Sturdy mobile or desktop applications, sturdy.ai, and other Sturdy websites (collectively “the Services”), as well as your relationship with Sturdy.

By accessing or using the Services, you are agreeing to this Privacy Policy and concluding a legally binding agreement between yourself and Sturdy. If you do not agree with this Privacy Policy, please do not access or use the Services.

You should read our Privacy Policy in full to understand what data we collect, how we use it, and the circumstances where we may disclose it. Please note if that you reside in the EU or other regions outside the US, information collected through our Services will be transferred to and processed in the US or elsewhere. While Sturdy participates in the EU-U.S. and Swiss-U.S. Data Privacy Framework (DPF) program as described below, these locations may not have the same data protection laws as the country in which you initially used our Services. By using our Services, you consent to any transfer and processing in accordance with this Privacy Policy.

This Privacy Policy may change over time. If we make changes to it, we will post the modified Privacy Policy on our website, https://www.sturdy.ai/privacy-policy. We encourage you to visit this page periodically to learn of any updates.

2. Information We Collect

We collect personal information (or personal data) and non-personal information from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by a third party; we also may receive personal information about you automatically as you use the Services.

Information you Provide Us: We receive personal information about you that you choose to provide to us, including when you create an account; search for or purchase our offerings; configure settings; communicate with us; or otherwise use our Services.

Live Chat: We partner with a trusted third-party vendor to provide you with Live Chat features to better assist you. This may require you to provide your first and last name, email, and other contact information. When using the Live Chat features, please only provide necessary information and do not provide sensitive information. For recordkeeping, training, and quality assurance purposes, we or our third-party vendor may record and maintain a transcript of any communications in the Live Chat.

Information from our Customers: Our customers (“Customers”) may make available information to us so that we can provide them with services. Each Customer chooses what information it shares, which may, for example, include personal information.

Usage and Log Information: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location.

App Data: If you use a Sturdy application, on mobile or other platforms, we may collect analytic information about your device, such as IP address, device ID, OS version, and clickstream.

Information from Public Sources or Third Parties: We may receive additional information about you from public or third-party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.

Cookies and Local Storage: We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies and local storage, to gather information about the use of our Services and how people interact with our emails. Cookies and local storage are small files containing a string of characters that is sent and stored and may be accessed on your device when you visit a website. When you use our Services, we, or an authorized third party, may place a cookie or local storage on your device that collects information, including personal information, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience. We use both session-based and persistent cookies on our Websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. You can control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our Websites and Services.

We also use web beacons and pixels on our Websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our Websites, Services and marketing emails.

Our Services use the following types of cookies for the purposes set out below:

Type of cookies

Purpose

Essential cookies

These cookies are essential to provide you with services available through our Services and to enable you to use its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality cookies

These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

Analytics cookies

These cookies enhance functions, performance, and services on the Websites. These cookies may be used to improve how our Websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our Websites are used, including which pages are viewed most often. We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works.

You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies

You can find out more about how Google protects your data here: https://www.google.com/analytics/learn/privacy.html

You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link:
https://tools.google.com/dlpage/gaoptout?hl=en-US

Marketing cookies

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third- party advertisers.

3. How We Use Your Personal Information

We collect, use, process, and store your personal information:

  • To provide the Services.
  • To personalize the Services.
  • To receive and process job applications for jobs with us.
  • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.  
  • With respect to Customer Data, in accordance with our contracts with our Customers.
  • For internal business purposes, such as to improve our Services.
  • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Sturdy and others.
  • To enable communications through the Services.
  • To contact you about additional Sturdy services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
  • As required by applicable law, legal process or regulation.
  • For purposes as disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.

4. When We May Share Your Personal Information

We will only share your personal information with third parties under the following circumstances:

  • At your instruction or if you choose to share.  
  • With affiliated businesses, agents, or vendors that are contractually engaged to provide us with services, such as email management. These companies are obligated by contract to safeguard any personal information they receive from us.
  • With respect to Customer Data, in accordance with our contracts with our Customers.
  • With any of our affiliated companies, including a parent company, subsidiaries, joint ventures, or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy).
  • If we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request to protect the security or integrity of the Services; and/or to protect the rights, property, or safety of Sturdy, its employees, customers, users, or others. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
  • In the event we go through a business transition (such as a merger, acquisition by another company, bankruptcy, or sale of all or a portion of our assets, including, without limitation, during the course of any due diligence process), your personal information will likely be among the assets transferred. By providing your personal information, you agree that we can transfer such information in those circumstances without your further consent. Should such a business transition occur, we will make reasonable efforts to request that the new owner or combined entity (as applicable) follow this Privacy Policy with respect to your personal information. If your personal information would be used contrary to this privacy policy, we will request that you receive prior notice.

5. When We Use and Disclose Non-Personal Information

We use and disclose your non-personal, de-identified or aggregated data in a variety of ways, including to improve the Services.

6. How to Opt-Out of Email Communications

To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email. For users in the European Economic Area (“EEA”): We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information for EEA Users” below.

7. Storage, Security and How to Remove Your Information

We use industry standard technical, administrative and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur.

We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

8. Deactivating Your Account

You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to privacy@sturdy.ai.

9. Third-Party Links

The Services may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, which may differ substantially from ours, and that we do not accept any responsibility or liability for their activities or the content of their privacy policies.

10. California Privacy Rights

This section, which supplements the rest of this Privacy Policy, applies to residents of California, containing disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”). This section applies only to “personal information” that is subject to the CCPA.

Sturdy does not “sell” or “share” (as those terms are defined in the CCPA) personal information and has not sold any personal information to third parties in the preceding 12 months.

Personal Information We Collect and Disclose for a Business Purpose. Without limiting the description of the information we collect, we collect the categories of personal information about California consumers identified in the chart below. More information regarding the personal information we collect can be found above in the section titled “Information We Collect.”

Categories of Personal Information

Examples

Collected in Prior 12 Months

A. Personal and online identifiers.

A real name, alias, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, telephone number, education, employment, or employment history. Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, sex (including gender, gender identity, or gender expression), veteran or military status.

Yes

D. Commercial or transactions information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location.

Yes

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

No

I. Professional or employment-related information.

Current or past job history.

Yes

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

Categories of Sources. We collect personal information from, without limitation, consumers directly, our customers, our Services’ inferences, service providers, and public sources. More information regarding the sources from which we collect personal information can be found above in the section titled “Information We Collect.”

Why We Collect, Use, and Disclose California Information. We use and disclose personal information for our commercial and business purposes, as further described in this Privacy Policy and in the section titled “How We Use Your Personal Information.” These commercial and business purposes include, without limitation:

Our commercial purposes, which include:

  • To provide the Services.
  • To personalize the Services.
  • To receive and process job applications for jobs with us.
  • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.  
  • With respect to Customer Data, in accordance with our contracts with our Customers.  
  • For internal business purposes, such as to improve our Services.
  • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Sturdy and others.
  • To enable communications through the Services.
  • To contact you about additional Sturdy services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
  • As required by applicable law, legal process or regulation.

Our business purposes as identified in the CCPA, which include:

  • Auditing related to our interactions with you.
  • Legal compliance.
  • Detecting and protecting against security incidents, fraud, and illegal activity.
  • Debugging.
  • Performing services (for us or our service providers) such as account servicing, processing orders, and payments, and analytics.
  • Internal research for technological improvement.
  • Internal operations.
  • Activities to maintain and improve our services.
  • Other one-time uses.

Recipients of California Personal Information. We disclose, and have disclosed in the last 12 months, the categories of personal information identified as collected in the chart above for business purposes to the following categories of third parties: customers, service providers, data analytics providers, and operating systems and platforms. More information regarding the categories of third parties with whom personal information is disclosed can be found in the section above titled “When We May Disclose Your Personal Information.”

Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

  • The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have disclosed personal information;
  • The right to request that we delete the personal information we have collected from you or maintain about you.
  • The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
  • The right to correct the personal information we currently retain that is inaccurate.
  • The right to access and request information about our collection, use and the disclosure of your personal information.
  • The right to opt-out of the sale or sharing of your personal information.
  • The right to limit the use and disclosure of your sensitive personal information (as that term is defined under the CCPA), to the extent Sturdy collects such information,
  • The right to portability by requesting that Sturdy provide you with copies of your personal information or being advised when such request cannot be honored.

To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:

Responding to Your Request. In accordance with the CCPA, we will respond to your request within forty-five (45) days, unless a shorter period is required under the CCPA. If we require more time, we will inform you of the reason and extension period in writing.

In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Verification Process and Required Information. We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will then typically attempt to match the identifying information provided by you to the personal information already maintained by us to verify the request. If you have a password protected account on the Services, we may verify your identity through the existing authentication practices for your account, in which case we will require you to re-authenticate yourself before we disclose or delete your personal information.

Retention. The personal information collected under this Section shall be retained for no longer than necessary to provide our products, platform, application and Services. The criteria used to determine the period of time certain personal information will be retained shall be governed by (i) whether we use the personal information to provide services to you; (ii) whether the personal information is critical for a transaction (e.g., using your postal address to ship our products); and (iii) Sturdy’s well-established data retention policy.

Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity, as described above, and providing written permission for the authorized agent to act on your behalf.

Minors’ Right to Opt-In. Sturdy does not “sell” or “share” (as those terms are defined in the CCPA) the personal information of minors under 16 years of age.

Non-Discrimination. Sturdy will not discriminate against a user because the user exercised any of the user’s rights described above or afforded to it under applicable data privacy law.

Sturdy acknowledges and understands that we have a responsibility for the processing of Personal Information we receive under the DPF Principles and subsequently transfers to a third party acting as an agent on Sturdy’s behalf.  Sturdy shall remain liable under the DPF Principles if its agent processes such Personal Information in a manner inconsistent with the DPF Principles, unless Sturdy proves that it is not responsible for the event giving rise to the damage.

11. Nevada Privacy Rights And Other Rights under U.S. Privacy Laws

This section, which supplements the rest of this Privacy Policy, applies to residents of Nevada. Under Nevada law, Nevada residents may submit a request directing us not to make certain disclosures of personal information we maintain about them.

To exercise this right, please contact us:  

Under other United States data protection laws, you may have rights similar or materially similar rights to those outlined in Section 10 California Privacy Rights. When applicable and upon effect, you (if a resident of Colorado, Connecticut, Utah or Virginia) may exercise applicable rights to your personal information by sending your request to the following email address: privacy@sturdy.ai.

12. Data Privacy Framework Information

Sturdy complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF,  and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sturdy has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sturdy has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework Principles, Sturdy commits to resolve complaints about our collection or use of your personal data. EU, UK (including Gibraltar) and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Sturdy at the contact address below:

SturdyAI Inc.
Attn: Privacy
1775 W State St #195
Boise, ID 83702
or
privacy@sturdy.ai

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sturdy commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF  to VeraSafe, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not resolved your DPF Principles-related complaint to your satisfaction, please contact or visit terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure for more information.  To file a complaint with VeraSafe under the Data Privacy Framework Dispute Resolution Procedure, please submit the required information to VeraSafe here. The services of VeraSafe are provided at no cost to you.

In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.

The Federal Trade Commission (“FTC”) has jurisdiction over Sturdy's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. As a result of Sturdy’s participation in the Data Privacy Framework Program, Sturdy is subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body.

The DPF Principles describe Sturdy’s accountability for personal data that it subsequently transfers to a third-party agent. Under the DPF Principles, Sturdy shall remain liable if Sturdy’s third party agents process the personal data in a manner inconsistent with the DPF Principles, unless Sturdy proves it is not responsible for the event giving rise to the damage.

Note that Sturdy may be required to release the personal data of EU, UK (including Gibraltar) and Swiss individuals whose data is pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF in response to legal requests from public authorities, including to meet national security and law enforcement requirements.

13. GDPR, Swiss FADP, UK GDPR : Information for EEA, Swiss and UK (including Gibraltar) Users

This section only applies to our European Economic Area (“EEA”), Swiss and United Kingdom (including Gibraltar)users.

Individuals located in the EEA, Switzerland and the United Kingdom (including Gibraltar) have certain rights in respect of your personal data, including:

  • The right of access to your personal data;
  • The right to correct or rectify any inaccurate personal data;
  • The right to restrict the processing of personal data;
  • The right to object to processing of personal data;
  • The right to erase your personal data; and
  • The right to personal data portability.

As a Sturdy user:

  • We rely on your consent as a lawful basis for processing personal data to provide you with marketing or promotional communications.
  • We process personal data in order to provide you with services as requested by you, or to perform our contract with you as described in this document, including:

              To enable the Services to function as expected; and to communicate with you in response to customer service inquiries and to deliver                 non-promotional, service-related emails.

  • Additionally, we process personal data based on our “legitimate interests” in providing you the Services including:

              To protect against fraud; Network and information security; and To offer the Services.

In some cases, Sturdy may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.

Limiting the Use and Disclosure of Your Personal Data. Sturdy will offer EEA, Swiss and UK (including Gibraltar) individuals whose personal data has been transferred to us the opportunity to choose whether the personal data we have received may be used or disclosed for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses or disclosures of their personal data by contacting us at privacy@sturdy.ai.

14. For Other Global Users

If you are visiting our Services from outside the United States, please be aware that we are based in the United States and the information we collect will be transferred to, processed, and stored on our servers in the United States in accordance with this privacy policy and applicable laws. Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you and our customers as the lawful means of such processing. You may have additional rights with respect to your personal data based on the applicable laws of the countries where you reside. To exercise these rights, you may do so by following the steps outlined in this Policy or emailing us at privacy@sturdy.ai.

15. Exercising Rights, Contacting Us and Accessing Your Information

Sturdy users may exercise their rights regarding their personal information as follows:

  • You may be able to access your personal information through your account settings in the Sturdy platform or by contacting us at privacy@sturdy.ai.
  • You may withdraw your consent to receive cookies or tokens by adjusting your browser settings.
  • You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within Sturdy email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.

VeraSafe has been appointed as Sturdy's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Sturdy at privacy@sturdy.ai, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
The Netherlands

If you have any questions about our privacy practices, or if you wish to make a request (including to delete your data), contact us at either:

SturdyAI Inc.
Attn: Privacy
1775 W State St #195
Boise, ID 83702
or
privacy@sturdy.ai