Last updated and effective as of February 19, 2021
SturdyAI Inc. (“Sturdy”,“we”, or “us”) is a software company that provides products and services for customers to turn their communications into capital, to make sure that the right information gets to the right people, at the right time, every time.
We collect personal information (or personal data) and non-personal information from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by a third party; we also may receive personal information about you automatically as you use the Services.
Information you Provide Us: We receive personal information about you that you choose to provide to us, including when you create an account; search for or purchase our offerings; configure settings; communicate with us; or otherwise use our Services.
Information from our Customers: Our customers (“Customers”) may make available information to us so that we can provide them with services. Each Customer chooses what information it shares, which may, for example, include personal information.
Usage and Log Information: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location.
App Data: If you use a Sturdy application, on mobile or other platforms, we may collect analytic information about your device, such as IP address, device ID, OS version, and clickstream.
Information from Public Sources or Third Parties: We may receive additional information about you from public or third party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.
We also use web beacons and pixels on our Websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our Websites, Services and marketing emails.
Our Services use the following types of cookies for the purposes set out below:
We collect, use, process, and store your personal information:
We will only share your personal information with third parties under the following circumstances:
We use and share your non-personal, de-identified or aggregated data in a variety of ways, including to improve the Services.
To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email. For users in the European Economic Area (“EEA”): We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information for EEA Users” below.
We use industry standard technical, administrative and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss or other breach will never occur.
We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.
You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to firstname.lastname@example.org.
The Services may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, which may differ substantially from ours, and that we do not accept any responsibility or liability for their activities or the content of their privacy policies.
Sturdy does not sell personal information and has not sold any personal information to third parties in the preceding 12 months.
Personal Information We Collect and Disclose for a Business Purpose. Without limiting the description of the information we collect, we collect the categories of personal information about California consumers identified in the chart below. More information regarding the personal information we collect can be found above in the section titled “Information We Collect.”
Categories of Sources. We collect personal information from, without limitation, consumers directly, our customers, our Services’ inferences, service providers, and public sources. More information regarding the sources from which we collect personal information can be found above in the section titled “Information We Collect.”
Our commercial purposes, which include:
Our business purposes as identified in the CCPA, which include:
Recipients of California Personal Information. We disclose, and have disclosed in the last 12 months, the categories of personal information identified as collected in the chart above for business purposes to the following categories of third parties: customers, service providers, data analytics providers, and operating systems and platforms. More information regarding the categories of third parties with whom personal information is disclosed can be found in the section above titled “When We May Share Your Personal Information.”
Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:
Verification Process and Required Information. We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will then typically attempt to match the identifying information provided by you to the personal information already maintained by us to verify the request. If you have a password protected account on the Services, we may verify your identity through the existing authentication practices for your account, in which case we will require you to re-authenticate yourself before we disclose or delete your personal information.
Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity, as described above, and providing written permission for the authorized agent to act on your behalf.
Minors’ Right to Opt-In. Sturdy does not sell the personal information of minors under 16 years of age.
Non-Discrimination. Sturdy will not discriminate against a user because the user exercised any of the user’s rights described above or afforded to it under applicable data privacy law.
To exercise this right, please contact us:
Sturdy complies with theEU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework asset forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the UnitedKingdom, and Switzerland to the United States pursuant to the Privacy Shield. Sturdy has certified to the Department of Commerce that it adheres to the PrivacyShield Principles. If there is any conflict between the terms in this PrivacyPolicy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit http://www.privacyshield.gov.
In compliance with thePrivacy Shield Principles, Sturdy commits to resolve complaints about our collection or use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Sturdy at the contact address below:
1775 W State St #195
Boise, ID 83702
Sturdy has further committed to refer unresolved Privacy Shield complaints to VeraSafe, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit terms of the VeraSafe Privacy Shield DisputeResolution Procedure for more information. To file a complaint with VeraSafe under the Privacy Shield Dispute ResolutionProcedure, please submit the required information to VeraSafe here. The services of VeraSafe are provided at no cost to you.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the PrivacyShield Principles.
The Federal TradeCommission has jurisdiction over Sturdy's compliance with the Privacy Shield.
Sturdy commits to cooperate with the EU Data Protection Authorities (DPAs) and/or the SwissFederal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
The Privacy ShieldPrinciples describe Sturdy’s accountability for personal data that it subsequently transfers to a third-party agent. Under the Privacy ShieldPrinciples, Sturdy shall remain liable if third party agents process the personal data in a manner inconsistent with the Privacy Shield Principles, unless Sturdy proves it is not responsible for the event giving rise to the damage.
Note that Sturdy may be required to release the personal data of EU, UK and Swiss individuals whose data is pursuant to the Privacy Shield in response to legal requests from public authorities, including to meet national security and law enforcement requirements.
This section only applies to our European Economic Area (“EEA”) users.
Individuals located in the EEA have certain rights in respect of your personal data, including:
As a Sturdy user:
To enable the Services to function as expected; and to communicate with you in response to customer service inquiries and to deliver. non- promotional, service-related emails.
To protect against fraud; Network and information security; and To offer the Services.
In some cases, Sturdy may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.
Sturdy will offer EEA and Swiss individuals whose personal data has been transferred to us the opportunity to choose whether the personal data we have received may be used or disclosed for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses or disclosures of their personal data by contacting us at email@example.com
Sturdy users may exercise their rights regarding their personal information as follows:
VeraSafe has been appointed as Sturdy's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Sturdy at firstname.lastname@example.org, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Netherlands BV
1017 DR Amsterdam
If you have any questions about our privacy practices, or if you wish to make a request (including to delete your data), contact us at either:
2175 NE Raleigh St. Suite 110
Portland, OR 97210