Privacy Policy

Account data: name, email address, and password (hashed) when you sign up. If you use Microsoft or Google SSO, we receive your name, email, and profile picture from those providers. Survey data: the open-ended responses you upload for coding, plus any associated metadata (response IDs, timestamps, demographic variables) you choose to attach. This is the data you own and control. Codebooks and coding outputs: the categories, codes, definitions, and AI-generated suggestions we produce while you use the service. Usage data: pages you visit inside the dashboard, features you use, and rough timing/performance signals, captured via Google Analytics 4 and Microsoft Clarity. These do NOT include the content of your survey responses. Billing data: when you purchase credits, Stripe (our payment processor) collects payment-card details on our behalf. We never see or store your full card number — we only retain a Stripe customer ID, the last four digits of your card, and your billing address.

We process the data above to: • Provide the coding service: read the open-ended responses you upload, generate or update codebooks, and code each response. This processing involves sending your verbatims to our AI models (Anthropic Claude) which act as a data processor under contractual obligations not to retain or train on your data. • Send transactional emails (account confirmation, password reset, purchase receipts, project completion notifications) via Resend. • Operate billing and subscription management via Stripe. • Improve the product: aggregate usage patterns to understand which features are valuable. We do not look at the content of individual customers' verbatims for this purpose. • Respond to support requests when you contact us. • Comply with legal obligations (tax records, audit requests, court orders if any). We do not sell or rent personal information. We do not share customer survey data with third parties except the processors listed in "Third-party services" below.

Customer data is stored in Supabase (PostgreSQL hosted on AWS), with primary regions in us-east-1 and eu-west-1 depending on org configuration. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Backups are encrypted and retained for 7 days. We do not ship customer data to systems outside this processing pipeline. Access controls: only authorized engineering personnel can access production databases, and access is audit-logged. We follow the principle of least privilege. Data residency: if your organization requires EU-only data residency, contact us at hello@surveycoder.io to arrange a dedicated EU-region project.

We work with a small number of vetted processors to operate the service. Each is bound by a Data Processing Agreement (DPA) and configured to handle your data only as needed: • Anthropic (PBC) — AI model provider. Survey verbatims are sent to Claude models for codebook generation and coding. Anthropic's enterprise terms prohibit training on customer data and require deletion of input data after processing. • Supabase — Database, authentication, and file storage. Hosts our PostgreSQL database under their SOC 2 Type II controls. • Stripe, Inc. — Payment processing. Handles all credit card data; we never see card numbers. • Resend — Transactional email delivery (signup confirmations, receipts, alerts). • Vercel — Hosting of the frontend application. • Google (Analytics 4 + Google Ads) — Anonymized traffic analytics and ad attribution. • Microsoft Clarity — Anonymous session recording and heatmaps for product improvement. Does not record form inputs or survey content. • LinkedIn Insight Tag — Marketing attribution. We do not transfer customer survey data to any third party not listed above.

Insight Genius LLC is registered in Delaware, United States. Some of our processors (notably Anthropic, Stripe, Vercel) are also US-based. When data is transferred from the EU/EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transfer. All our processors have implemented SCCs and provide supplementary safeguards. By using the service from outside the United States, you consent to the transfer of your data to the US for processing in line with this policy.

• Survey responses and codebooks: as long as you keep the associated project active in your account. When you delete a project, the data is removed from production within 7 days. Backup copies are purged within 30 days. • Account data (name, email): for as long as your account is active, plus 90 days after account closure. • Billing records: 7 years after the transaction date, as required by US tax law. • Usage analytics: aggregated and anonymized after 14 months (Google Analytics default). • Support tickets: 2 years from resolution. You can request earlier deletion of any non-billing data at any time — see "Your rights" below.

We use cookies and similar storage technologies (localStorage, sessionStorage) for: • Authentication: keeping you signed in across pages. • Preferences: language, sidebar collapsed state, etc. • Analytics: anonymous traffic measurement (Google Analytics, Microsoft Clarity). • Ad attribution: tracking which marketing campaigns drove a signup (Google Ads, LinkedIn Insight Tag). We do not use third-party advertising cookies that profile you across sites. You can disable cookies in your browser, though authentication will stop working.

Depending on your jurisdiction, you have the following rights regarding your personal information: Under GDPR (EU/EEA, UK, Switzerland): • Access: request a copy of the personal data we hold about you. • Rectification: ask us to correct inaccurate data. • Erasure: request deletion of your personal data ("right to be forgotten"). • Portability: receive your data in a machine-readable format. • Restriction: limit how we process your data. • Objection: object to processing for direct marketing or legitimate-interest grounds. • Withdraw consent: where processing is based on consent, you can withdraw it at any time. Under CCPA (California residents): • Right to know what personal information we collect, use, and share. • Right to delete your personal information. • Right to opt out of sale (we do not sell personal information). • Right to non-discrimination for exercising your privacy rights. To exercise any of these rights, email hello@surveycoder.io. We respond within 30 days.

Survey Coder Pro is a B2B SaaS product intended for use by professionals in market research and customer experience teams. It is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact hello@surveycoder.io and we will delete it promptly.

We may update this Privacy Policy as our service evolves or as required by law. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email to account owners at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at: Insight Genius LLC Email: hello@surveycoder.io Operator of: Survey Coder Pro Registered in: Delaware, United States For Microsoft and Google SSO data subject requests: include "Privacy request — SSO" in your subject line.