Last updated and effective as of October 03, 2023
SturdyAI Inc. (“Sturdy”, “we”, or “us”) is a software company that provides products and services for customers to turn their communications into capital, to make sure that the right information gets to the right people, at the right time, every time.
We collect personal information (or personal data) and non-personal information from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by a third party; we also may receive personal information about you automatically as you use the Services.
Information you Provide Us: We receive personal information about you that you choose to provide to us, including when you create an account; search for or purchase our offerings; configure settings; communicate with us; or otherwise use our Services.
Live Chat: We partner with a trusted third-party vendor to provide you with Live Chat features to better assist you. This may require you to provide your first and last name, email, and other contact information. When using the Live Chat features, please only provide necessary information and do not provide sensitive information. For recordkeeping, training, and quality assurance purposes, we or our third-party vendor may record and maintain a transcript of any communications in the Live Chat.
Information from our Customers: Our customers (“Customers”) may make available information to us so that we can provide them with services. Each Customer chooses what information it shares, which may, for example, include personal information.
Usage and Log Information: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location.
App Data: If you use a Sturdy application, on mobile or other platforms, we may collect analytic information about your device, such as IP address, device ID, OS version, and clickstream.
Information from Public Sources or Third Parties: We may receive additional information about you from public or third-party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.
We also use web beacons and pixels on our Websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our Websites, Services and marketing emails.
Our Services use the following types of cookies for the purposes set out below:
We collect, use, process, and store your personal information:
We will only share your personal information with third parties under the following circumstances:
We use and disclose your non-personal, de-identified or aggregated data in a variety of ways, including to improve the Services.
To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email. For users in the European Economic Area (“EEA”): We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information for EEA Users” below.
We use industry standard technical, administrative and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur.
We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.
You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to email@example.com.
The Services may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, which may differ substantially from ours, and that we do not accept any responsibility or liability for their activities or the content of their privacy policies.
Sturdy does not “sell” or “share” (as those terms are defined in the CCPA) personal information and has not sold any personal information to third parties in the preceding 12 months.
Personal Information We Collect and Disclose for a Business Purpose. Without limiting the description of the information we collect, we collect the categories of personal information about California consumers identified in the chart below. More information regarding the personal information we collect can be found above in the section titled “Information We Collect.”
Categories of Sources. We collect personal information from, without limitation, consumers directly, our customers, our Services’ inferences, service providers, and public sources. More information regarding the sources from which we collect personal information can be found above in the section titled “Information We Collect.”
Our commercial purposes, which include:
Our business purposes as identified in the CCPA, which include:
Recipients of California Personal Information. We disclose, and have disclosed in the last 12 months, the categories of personal information identified as collected in the chart above for business purposes to the following categories of third parties: customers, service providers, data analytics providers, and operating systems and platforms. More information regarding the categories of third parties with whom personal information is disclosed can be found in the section above titled “When We May Disclose Your Personal Information.”
Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:
Responding to Your Request. In accordance with the CCPA, we will respond to your request within forty-five (45) days, unless a shorter period is required under the CCPA. If we require more time, we will inform you of the reason and extension period in writing.
In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Verification Process and Required Information. We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will then typically attempt to match the identifying information provided by you to the personal information already maintained by us to verify the request. If you have a password protected account on the Services, we may verify your identity through the existing authentication practices for your account, in which case we will require you to re-authenticate yourself before we disclose or delete your personal information.
Retention. The personal information collected under this Section shall be retained for no longer than necessary to provide our products, platform, application and Services. The criteria used to determine the period of time certain personal information will be retained shall be governed by (i) whether we use the personal information to provide services to you; (ii) whether the personal information is critical for a transaction (e.g., using your postal address to ship our products); and (iii) Sturdy’s well-established data retention policy.
Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity, as described above, and providing written permission for the authorized agent to act on your behalf.
Minors’ Right to Opt-In. Sturdy does not “sell” or “share” (as those terms are defined in the CCPA) the personal information of minors under 16 years of age.
Non-Discrimination. Sturdy will not discriminate against a user because the user exercised any of the user’s rights described above or afforded to it under applicable data privacy law.
Sturdy acknowledges and understands that we have a responsibility for the processing of Personal Information we receive under the DPF Principles and subsequently transfers to a third party acting as an agent on Sturdy’s behalf. Sturdy shall remain liable under the DPF Principles if its agent processes such Personal Information in a manner inconsistent with the DPF Principles, unless Sturdy proves that it is not responsible for the event giving rise to the damage.
To exercise this right, please contact us:
Under other United States data protection laws, you may have rights similar or materially similar rights to those outlined in Section 10 California Privacy Rights. When applicable and upon effect, you (if a resident of Colorado, Connecticut, Utah or Virginia) may exercise applicable rights to your personal information by sending your request to the following email address: firstname.lastname@example.org.
In compliance with the Data Privacy Framework Principles, Sturdy commits to resolve complaints about our collection or use of your personal data. EU, UK (including Gibraltar) and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Sturdy at the contact address below:
1775 W State St #195
Boise, ID 83702
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sturdy commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to VeraSafe, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not resolved your DPF Principles-related complaint to your satisfaction, please contact or visit terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure for more information. To file a complaint with VeraSafe under the Data Privacy Framework Dispute Resolution Procedure, please submit the required information to VeraSafe here. The services of VeraSafe are provided at no cost to you.
In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.
The Federal Trade Commission (“FTC”) has jurisdiction over Sturdy's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. As a result of Sturdy’s participation in the Data Privacy Framework Program, Sturdy is subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body.
The DPF Principles describe Sturdy’s accountability for personal data that it subsequently transfers to a third-party agent. Under the DPF Principles, Sturdy shall remain liable if Sturdy’s third party agents process the personal data in a manner inconsistent with the DPF Principles, unless Sturdy proves it is not responsible for the event giving rise to the damage.
Note that Sturdy may be required to release the personal data of EU, UK (including Gibraltar) and Swiss individuals whose data is pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF in response to legal requests from public authorities, including to meet national security and law enforcement requirements.
This section only applies to our European Economic Area (“EEA”), Swiss and United Kingdom (including Gibraltar)users.
Individuals located in the EEA, Switzerland and the United Kingdom (including Gibraltar) have certain rights in respect of your personal data, including:
As a Sturdy user:
To enable the Services to function as expected; and to communicate with you in response to customer service inquiries and to deliver non-promotional, service-related emails.
To protect against fraud; Network and information security; and To offer the Services.
In some cases, Sturdy may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.
Limiting the Use and Disclosure of Your Personal Data. Sturdy will offer EEA, Swiss and UK (including Gibraltar) individuals whose personal data has been transferred to us the opportunity to choose whether the personal data we have received may be used or disclosed for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses or disclosures of their personal data by contacting us at email@example.com.
Sturdy users may exercise their rights regarding their personal information as follows:
VeraSafe has been appointed as Sturdy's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Sturdy at firstname.lastname@example.org, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Netherlands BV
1017 DR Amsterdam
If you have any questions about our privacy practices, or if you wish to make a request (including to delete your data), contact us at either:
1775 W State St #195
Boise, ID 83702