LEGAL

Privacy Policy

How we protect your data and respect your privacy.

Effective Date: March 12, 2026

1. Introduction

Actual Intelligence ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our organizational intelligence platform.

We believe privacy is fundamental to trust. This policy reflects our commitment to transparency about data practices.

2. Information We Collect

2.1 Information from Organization Administrators

  • Account Information: Name, email address, job title, organization name
  • Billing Information: Payment method details (processed securely by third-party payment processors)
  • Contact Information: Phone number, business address
  • Usage Data: How you interact with our platform, features accessed, session duration

2.2 Information from Assessment Participants

  • Demographic Information: Role, department, tenure (as configured by your organization)
  • Assessment Responses: Answers to assessment questions
  • Technical Data: IP address, browser type, device information

2.3 Automatically Collected Information

  • Log Data: IP addresses, browser types, access times, pages viewed
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Performance Data: System performance metrics, error logs

3. How We Use Your Information

3.1 Service Delivery

  • Providing organizational intelligence assessments and analytics
  • Generating aggregated insights and reports for organization administrators
  • Maintaining and improving platform functionality
  • Ensuring participant anonymity in assessment results

3.2 Communication

  • Sending service updates and important notices
  • Responding to inquiries and support requests
  • Providing assessment invitations (for participants)

3.3 Analytics and Improvement

  • Understanding how users interact with our platform
  • Improving user experience and feature development
  • Identifying and fixing technical issues

4. Participant Privacy and Anonymity

Our Core Commitment: Assessment participant responses are anonymized and aggregated. We do not link individual responses to specific participants in reports delivered to organizations.

4.1 Anonymization Process

  • Individual responses are separated from personally identifiable information
  • Results are aggregated across participant groups
  • Small group sizes are combined to prevent identification
  • Reports show patterns, not individual responses

4.2 What Organizations See

  • Aggregated patterns across demographic groups
  • Statistical trends and insights
  • Group-level sentiment and feedback
  • Not: Individual names, responses, or identifying information

5. Data Sharing and Disclosure

5.1 We Never Sell Your Data

We do not sell, rent, or trade personal information to third parties for marketing purposes.

5.2 Service Providers

We share data with trusted service providers who help us operate our platform:

  • Cloud hosting providers (data storage and processing)
  • Payment processors (billing and payments)
  • Email service providers (transactional communications)
  • Analytics providers (platform usage insights)

All service providers are contractually required to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose information when required by law, such as:

  • Responding to subpoenas, court orders, or legal processes
  • Protecting our rights, property, or safety
  • Investigating fraud or security issues
  • Complying with regulatory requirements

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Monitoring: Continuous security monitoring and incident response

7. Data Retention

  • Active Accounts: Data retained while your account is active
  • Assessment Data: Retained for longitudinal analysis as configured by your organization
  • Deleted Accounts: Data deleted within 90 days of account closure (unless legal retention required)
  • Backups: Backup data retained for disaster recovery (maximum 90 days)

8. Your Rights and Choices

8.1 Access and Correction

You have the right to access and correct your personal information. Contact your organization administrator or us at privacy@actual.is.

8.2 Data Portability

Organization administrators can export their data in standard formats through the platform or by request.

8.3 Deletion

You can request deletion of your personal information, subject to legal retention requirements.

8.4 Opt-Out

  • Assessment Participation: Participation is voluntary; you can decline or skip questions
  • Marketing Communications: Unsubscribe from marketing emails via links provided
  • Cookies: Manage cookie preferences through your browser settings

9. International Data Transfers

Our platform is hosted on infrastructure distributed globally. If you access our services from outside our primary hosting region, your data may be transferred internationally. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Compliance with GDPR for EU data subjects

10. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at privacy@actual.is.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website with a new effective date
  • Notify organization administrators of material changes via email
  • Provide a summary of significant changes

Continued use of our platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

13. Jurisdiction-Specific Rights

13.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

  • Right to be informed about data processing
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

To exercise these rights, contact privacy@actual.is.

13.2 California (CCPA/CPRA)

California residents have rights under CCPA/CPRA:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising privacy rights

Note: We do not sell personal information.

Last Updated: March 12, 2026