Privacy Policy

At Strongly.AI, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.strongly.ai) or use our StronglyAI, Inc. software and services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you provide directly to us, including but not limited to:

• Name
• Email address
• Company name
• Job title
• Phone number
• Billing information
• User account credentials
• Any other information you choose to provide

1.2 Usage Data

We automatically collect information on how you access and use our website and services, including:

• IP address
• Browser type and version
• Device information (e.g., device type, operating system)
• Pages visited and features used
• Time and date of your visit
• Referring website
• Click-stream data
• Other diagnostic data

1.3 AI Interaction Data

When using our Strongly.AI software, we may collect and process data related to your interactions with AI models, including:

• Input prompts and queries
• Output responses and generated content
• Usage patterns and frequency
• Performance metrics and error logs
• Model preferences and settings
• Feedback and ratings provided

1.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and store certain information. These technologies help us analyze trends, administer the website, track users' movements around the site, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

1.5 Web Analytics (Google Analytics)

We use Google Analytics 4 (provided by Google LLC) on www.strongly.ai to understand how visitors find and use our site. Google Analytics sets first-party cookies on your device and reports aggregated traffic data back to us.

The categories of data Google Analytics collects on our behalf include:

• Pages you visit, time on page, and click-through behavior
• Referrer (the site you came from)
• Approximate geographic location (city / country, derived from your IP — IP addresses are truncated by Google before storage and are not exposed to us)
• Device type, operating system, browser version, screen resolution
• A randomly generated client identifier stored in a first-party cookie (typically _ga and _ga_HE0Z0KVVFW)

Consent Mode (default = denied). Strongly.AI uses Google's Consent Mode v2. When you first visit the site, analytics storage is set to denied by default — Google Analytics will not set tracking cookies or attach identifiers until you explicitly accept via our cookie banner. While the banner is showing (i.e. you have not yet decided), the initial pageview hit is sent to Google as a "cookieless ping" with no cookies and no user identifier; Google uses these only for aggregated modeled metrics and they cannot be tied back to you.

If you click Reject All, we additionally set Google's hard-disable flag (window['ga-disable-G-HE0Z0KVVFW'] = true). After that flag is set, the Google Analytics script in your browser stops sending any hits at all — not pageviews, not events, not cookieless pings. Your choice is persisted (1-year cookie + localStorage) so this remains in effect on return visits.

How to opt out. You can opt out of Google Analytics tracking at any time by:

• Clicking Reject All on our cookie banner (or clearing your stored choice via your browser's storage settings to be re-prompted).
• Installing the Google Analytics Opt-Out Browser Add-on.
• Using your browser's "Do Not Track" / "Global Privacy Control" signal, which we honor.
• Blocking third-party cookies, the googletagmanager.com domain, or analytics scripts via a browser extension.

Retention. Aggregated traffic data is retained by Google Analytics for the period set on our Google Analytics property (currently 14 months). After that window, user- and event-level data is automatically deleted by Google; only aggregated reports remain.

Sharing settings. We have not enabled Google Signals, Google Ads linking, or any "Share data with Google" toggle on our Google Analytics property. Data we send to Google Analytics is not used by Google to personalize ads, train Google's models, or improve other Google services beyond providing analytics to us.

International transfers + legal basis. Google LLC processes this data in the United States. Transfers from the European Economic Area, UK, and Switzerland rely on the EU-US Data Privacy Framework + Standard Contractual Clauses (see Section 7). Our legal basis under GDPR is consent for visitors in those jurisdictions (captured by the cookie banner) and legitimate interest for visitors elsewhere. Google's own privacy policy is at https://policies.google.com/privacy; their data-processing terms specific to Google Analytics are at https://business.safety.google/privacy/.

1.6 Platform Usage Data

When you use the StronglyAI platform, we collect telemetry and metering data necessary for billing, service operation, and platform reliability. This includes API call volumes, token counts, compute resource consumption, feature utilization metrics, and system performance data. This data is used solely for service delivery, capacity planning, and invoicing purposes. For enterprise customers, the processing of platform usage data is governed by our Data Processing Addendum (DPA).

2. How We Use Your Information

We use the collected information for various purposes, including but not limited to:

• Providing, maintaining, and improving our services
• Personalizing and enhancing user experience
• Analyzing usage patterns to optimize our offerings
• Communicating with you about our products, services, and promotions
• Providing customer support and responding to inquiries
• Processing transactions and sending related information
• Detecting and preventing fraudulent or unauthorized activities
• Complying with legal obligations and enforcing our terms of service
• Conducting research and development to enhance our platform and services. Important: StronglyAI does not use Customer Data (as defined in our Data Processing Addendum) to train, fine-tune, or improve AI models. Any research and development activities use only aggregated, anonymized, and de-identified data that cannot be linked back to any individual or customer.
• Aggregating and anonymizing data for analytical purposes

3. Data Retention

We retain personal information and AI interaction data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you
• Whether there is a legal obligation to which we are subject
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations)

4. Data Protection and Security

We implement robust security measures to protect your personal information and AI interaction data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security audits and vulnerability assessments
• Multi-factor authentication for user accounts
• Access controls and logging mechanisms
• Employee training on data protection and privacy best practices
• Physical security measures for our data centers and offices
• Incident response and data breach notification procedures

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including hosting, data analysis, payment processing, customer service, and marketing assistance. The category of "data analysis" includes Google LLC, who processes pseudonymized web-traffic data through Google Analytics as described in Section 1.5. Our full list of sub-processors is maintained on our Sub-Processor List page; that list is updated whenever a sub-processor is added, removed, or replaced.

5.2 Business Partners

We may share your information with our business partners to offer you certain products, services, or promotions. However, text messaging originator opt-in data and consent will not be shared with any third parties.

5.3 Legal Requirements

We may disclose your information where required to do so by law or subpoena or if we believe that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of Strongly.AI
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We do not sell your personal information to third parties for their direct marketing purposes.

5.5 Enterprise Customers and Data Processing

For enterprise customers who have entered into a subscription agreement with StronglyAI, the processing of personal data is governed by our Data Processing Addendum (DPA), which forms part of the Master Subscription Agreement. The DPA details our obligations as a data processor, including security measures, sub-processor management, and data subject rights. A current list of sub-processors used by StronglyAI is available on our Sub-Processor List page.

5.6 SMS and Text Messaging

If you opt in to receive SMS or text messages from Strongly.AI, your opt-in consent and any information collected in connection with that consent (including your phone number) will not be shared with, sold to, rented to, or disclosed to any third parties or affiliates for their own marketing purposes. We will only use your messaging consent data to send you the communications you have opted in to receive. You may opt out of text messages at any time by replying STOP.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access and obtain a copy of your personal information
• The right to rectify or update your personal information
• The right to delete your personal information (subject to certain exceptions)
• The right to restrict or object to our processing of your personal information
• The right to data portability
• The right to withdraw consent (where processing is based on consent)
• The right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request in accordance with applicable data protection laws.

7. International Data Transfers

Your information, including personal information, may be transferred to - and maintained on - computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.

When we transfer personal information from the European Economic Area, UK, or Switzerland to the United States or other countries, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, such as:

• EU-US Data Privacy Framework (DPF)
• UK Extension to the EU-US Data Privacy Framework
• Swiss-US Data Privacy Framework
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules

8. Children's Privacy

Our services are not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as soon as possible. If you believe we might have any information from or about a child under 13, please contact us using the information provided in the "Contact Us" section.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Third-Party Links and Services

Our website and services may contain links to third-party websites, products, or services. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights regarding your personal information:

• Right to know what personal information we collect, use, and disclose.
• Right to delete your personal information (subject to limited exceptions, such as records we are required to keep for legal compliance).
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of your personal information (see "Do Not Sell or Share" below).
• Right to opt out of automated decision-making (where applicable).
• Right to non-discrimination - we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights.

11.1 Do Not Sell or Share My Personal Information

Short version: Strongly.AI does not sell your personal information for money, and does not engage in "cross-context behavioral advertising" that the CPRA defines as "sharing." You are already opted out by default for both.

Under the CCPA / CPRA:

• "Sell" means disclosing personal information to a third party for monetary or other valuable consideration.
• "Share" means disclosing personal information to a third party for "cross-context behavioral advertising" - building an advertising profile of you that can be used across unrelated services.

We do not:

• Sell personal information to data brokers, advertisers, or any other third party.
• Enable Google Signals, Google Ads linking, or any "Share data with Google products" toggle on our Google Analytics property.
• Use any tag, pixel, or SDK whose business purpose is cross-context behavioral advertising (no Meta Pixel, no LinkedIn Insight Tag, no TikTok Pixel, no third-party advertising cookies).
• Share personal information with any third party for their own marketing.

We do use Google Analytics 4 with Google's Consent Mode v2 set to default-denied for analytics storage. Visitor data goes to Google as our service provider (a relationship the CCPA / CPRA explicitly distinguishes from "selling" or "sharing"). See Section 1.5 for the full Google Analytics disclosure.

11.2 Browser-level signals (Global Privacy Control)

Strongly.AI honors the Global Privacy Control (GPC) signal. If your browser or browser extension is configured to send a GPC header on requests, we treat that header as a verified opt-out of any sale or share of your personal information - no additional action from you is required. The GPC specification is the recommended technical standard for the CCPA / CPRA opt-out right; details on how to enable it are at that link.

11.3 Cookie banner as a sale/share opt-out

The "Reject All" button on our cookie banner is also a CCPA / CPRA sale/share opt-out. Clicking it sets the analytics kill-switch flag on this browser (window['ga-disable-G-HE0Z0KVVFW'] = true), which fully stops Google Analytics hit dispatch - no pageviews, no events, no cookieless pings - for the remainder of your session and on subsequent visits (the choice persists for one year via first-party storage). See Section 1.5 for the technical mechanics.

11.4 How to exercise your rights

To submit a verifiable consumer request, email us at legal@strongly.ai. Include enough information for us to confirm you are the person whose data is at issue (typically the email address you used with us, or for a Strongly Report submission, the public submission identifier from your confirmation page). We respond to verifiable requests within 45 days, with a possible 45-day extension as the law permits.

11.5 Authorized agents

You may designate an authorized agent to make a request on your behalf. We require (a) written, signed permission from you authorizing the agent to act, AND (b) verification of your identity directly. We may deny requests from agents who do not submit proof of authorization.