StaffifyAI

‍

Last updated: 25 August 2025

This Privacy Policy explains how StaffifyAI (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our websites, create an account, or use our services.

We operate as a data controller for website visitors, trial users, and subscribers. We do not act as a processor for our customers’ end-users at launch.

If you have questions, contact us at support@staffifyai.com.

‍

1. Who we are

‍

Privacy contact: support@staffifyai.com
EU Supervisory Authority: Autoriteit Persoonsgegevens (Netherlands)
UK & US users: This Policy covers UK GDPR and U.S. state privacy rights (including California CPRA).

We have not appointed a DPO at this time. If we appoint one, we will update this Policy.

‍

2. What data we collect

‍

We collect the following categories of data (as provided by you or generated by your use of the Service):

• Account data: name, email, password hash.
• Billing data (via Stripe): card last four digits, billing address, country, subscription details. We do not store full card numbers.
• Usage & device data: IP address, device/user-agent, pages viewed, actions taken, timestamps, referral sources.
• Content you provide: text, code, files, and other materials you submit to use the Service.
• Support communications: messages you send to us (email/chat).
• Marketing preferences: newsletter opt-in/opt-out.
• Error/diagnostic logs: application and infrastructure logs for reliability and security.

We do not intentionally collect special category data (e.g., health, biometric, racial/ethnic data).

‍

3. How we use your data (purposes & legal bases)

‍

We process personal data under the GDPR on the following bases:

• Contract (Art. 6(1)(b)): to create your account, provide the Service, process subscriptions, and respond to support requests.
• Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud/abuse, debug and improve performance, measure product usage, and defend legal claims.
• Consent (Art. 6(1)(a)): for non-essential cookies/analytics and marketing emails (you can withdraw consent anytime).
• Legal obligation (Art. 6(1)(c)): to comply with tax and accounting laws and respond to lawful requests from authorities.

4. Cookies, analytics & ads

• We use a consent banner (CMP) for non-essential cookies.
• Analytics: Google Analytics 4 (via Google Tag Manager) for aggregated usage insights.
• Ads/retargeting: not at launch; may be enabled later (e.g., Google/Meta). You can change preferences in the cookie banner/settings when available.

You can block cookies in your browser, but some features may not work.

‍

5. Sharing your data (recipients)

‍

We require processors to protect data, use it only on our instructions, and implement appropriate security.

We may also disclose data (i) to comply with law, (ii) to protect rights, safety, or property, or (iii) in connection with a business transfer (merger, acquisition).

We do not sell or share personal information for cross-context behavioral advertising under CPRA.

‍

6. International data transfers

‍

Where data is transferred outside the EEA/UK (e.g., to the U.S.), we rely on SCCs and other appropriate safeguards. Copies of relevant transfer mechanisms can be requested at support@staffifyai.com (with redactions where necessary).

‍

7. Security

‍

We implement appropriate technical and organizational measures, including:

• Encryption in transit and at rest
• Role-based access control and least-privilege principles
• Audit logging for administrative access
• Secrets management & key encryption
• Signed URLs for controlled file access
• Regular backups with a 30-day rolling retention
• Ongoing monitoring, patching, and incident response procedures

No system is 100% secure; we will notify you and authorities of data breaches as required by law.

‍

8. Data retention

‍

We keep data only as long as needed:

• Account data: for the life of the account + 12 months
• Billing/invoices: 7–10 years (legal/tax)
• Logs: 30 days
• Support tickets: 24 months
• Backups: 30-day rolling
• AI prompts/context: no persistent retention by us; where vendors temporarily retain for abuse monitoring, we aim to limit to ≤ 30 days

We may anonymize and retain data for statistics and product improvement.

‍

9. Your rights (EU/UK)

‍

Under the GDPR/UK GDPR, you have the right to access, rectify, erase, restrict, object, and port your data, and to withdraw consent at any time (without affecting processing prior to withdrawal).

To exercise rights, email support@staffifyai.com. You also have the right to complain to your local authority (e.g., Autoriteit Persoonsgegevens in the Netherlands).

‍

10. U.S. state privacy rights (incl. California CPRA)

‍

Residents of certain U.S. states (including California) have:

• Right to know/access the categories and specific pieces of personal information we collected.
• Right to delete personal information (subject to legal exceptions).
• Right to correct inaccurate personal information.
• Right to opt-out of sale/share (we do not sell/share for cross-context advertising).
• Right to limit use of sensitive personal information (we do not use SPI for inferring characteristics).
• Non-discrimination for exercising rights.

Requests: support@staffifyai.com. If we later adopt targeted advertising or additional trackers, we will provide opt-out mechanisms (incl. honoring GPC signals).

‍

11. Automated decision-making & profiling

‍

Our Service includes automated recommendations (e.g., deployment suggestions, scaling, workflows). We maintain human override and logging for transparency and safety.

‍

12. Children’s privacy

‍

The Service is not directed to children and is intended for individuals 16 years and older. We do not knowingly collect personal data from children under 16. If you believe a child has provided data, contact support@staffifyai.com to request deletion.

If you prefer 18+, tell me and I’ll adjust this section.

‍

13. Third-party links

‍

Our site may link to third-party websites or services. Their privacy practices are governed by their own policies.

‍

14. Changes to this Policy

‍

We may update this Policy from time to time. If we make material changes, we will notify you (e.g., by email or in-app) and update the “Last updated” date.

‍

15. Contact

‍

Questions or requests about this Policy or your data rights:
Email: support@staffifyai.com‍

‍