Privacy Policy

I. Data Controller Identification

A. Primary Data Controller

For purposes of applicable data protection laws, including but not limited to the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"), the Data Controller responsible for the collection, processing, and protection of your Personal Information is:

PEND AI, LLC
A limited liability company organized under the laws of the State of Delaware, United States of America
Registered Address: 254 Chapman Road, Ste 208 #25719, Newark, DE 19702 USA
Email Contact: info@getpend.ai

B. Joint Controller Arrangements

In circumstances where an organization ("Client Organization") engages PEND AI to administer assessments, surveys, or related services to its employees, members, contractors, or other affiliated individuals, such Client Organization may function as either a joint controller or an independent controller with primary responsibility for compliance with applicable data protection obligations.

II. Definitions

• "Personal Information" means information by which you may be personally identified, including your name, email address, telephone number, postal address, geographic location data, employment history, organizational affiliation, payment card information, IP address, and unique device identifiers.
• "Assessment Data" means all responses, results, scores, reports, analyses, and other information generated through your completion of assessments, questionnaires, surveys, or evaluations provided through the Services.
• "Session Data" means notes, outputs, materials, frameworks, policies, or other content produced or captured during facilitated working sessions or advisory engagements conducted through the Services. Session Data produced collaboratively during working sessions is owned by the Client Organization as specified in the applicable engagement agreement.
• "Usage Data" means information automatically collected regarding your interaction with the Services, including access times, pages viewed, navigation patterns, device information, and technical data.
• "Processing" means any operation performed on Personal Information, including collection, recording, organization, storage, alteration, retrieval, use, disclosure, or destruction.

III. Information We Collect

A. Sources of Information Collection

• Directly from you when you voluntarily provide such information
• Automatically through technological means when you access or use the Services
• From third parties, including Client Organizations, business partners, and service providers

B. Information You Provide

• Registration Information: Full name, email address, organizational affiliation, job title, username, and password
• Assessment Data: Your responses, selections, and comments when completing assessments or surveys
• Session Data: Notes, inputs, or other information you provide during facilitated working sessions or advisory engagements
• Transaction Information: Purchase history, billing address, and payment information (processed securely by Stripe)
• Communications: Records of correspondence with Us, including emails and messages

C. Automatically Collected Information

• Usage details: Traffic data, clickstream data, page views, navigation paths, session duration
• Device information: Device identifier, IP address, operating system, browser type and version
• Location data: Geographic location derived from IP address (precise location only with consent)

IV. Cookies and Tracking Technologies

Our Services employ cookies and local storage mechanisms to enhance functionality and user experience. These technologies serve multiple purposes including: retaining user preferences, maintaining session state, storing assessment progress, and enabling analytics through integration with third-party platforms including Google Analytics.

You retain the ability to disable cookies through your browser settings. Please be advised that disabling cookies may result in diminished functionality of certain Services features.

V. How We Use Your Information

• Account Administration: To establish, maintain, and administer your user account
• Assessment Services: To provide analysis, scoring, interpretation, and personalized insights
• Working Sessions and Engagements: To facilitate configure sessions, working sessions, speaking engagements, and other advisory services
• Transaction Processing: To process and fulfill transactions, including coordination with payment processors
• Personalization: To deliver customized content and recommendations
• Communications: To deliver service-related messages, notifications, and support communications
• Analytics: To conduct analysis of Service performance and user engagement patterns
• Research: To develop new products, improve existing Services, and validate assessment methodologies, using anonymized aggregate data only. Individual institutional data is not used for research or benchmarking without explicit written permission from the Client Organization.
• Legal Compliance: To comply with applicable laws and protect Our rights and safety

VI. Information Sharing

We do not sell your personal information.

We may share your information with:

• With Your Consent: When you have provided explicit consent to such disclosure
• Organizational Administrators: When you participate in assessments administered by a Client Organization, designated administrators receive aggregated, role-level findings — not individual responses. Individual responses are never shared with organizational administrators. Aggregate data is presented at the group level; where group sizes are small enough that individuals could be identifiable, data is suppressed or aggregated further. The specific terms of data sharing with each Client Organization are specified in the applicable engagement agreement.
• Service Providers: Third-party providers who perform functions on Our behalf (cloud hosting, payment processing, analytics, customer support)
• Corporate Transactions: In connection with any merger, sale of company assets, financing, or acquisition
• Legal Requirements: When required by law or to protect Our rights and safety

VII. Security Measures

The security and confidentiality of your Personal Information is of paramount importance to Us. We have implemented comprehensive security measures including:

• Encryption: Industry-standard SSL/TLS encryption for data in transit and at rest
• Access Controls: Role-based access controls and multi-factor authentication
• Infrastructure Security: Firewalls, intrusion detection systems, and regular security assessments
• Employee Training: Mandatory privacy and security training for all employees with data access
• Incident Response: Comprehensive incident response plan to detect and mitigate security breaches

VIII. Your Rights (GDPR)

If you are a resident of the European Economic Area, United Kingdom, or Switzerland, you possess certain data protection rights:

• Right of Access: Obtain confirmation of whether your data is being processed and request access
• Right to Rectification: Obtain correction of inaccurate Personal Information
• Right to Erasure: Request deletion of your Personal Information ("Right to be Forgotten")
• Right to Restriction: Obtain restriction of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

IX. Your Rights (CCPA — California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of categories and specific pieces of Personal Information collected
• Right to Delete: Request deletion of Personal Information We collected from you
• Right to Correct: Request correction of inaccurate Personal Information
• Right to Opt-Out: Opt-out of sale or sharing of Personal Information (We do not sell Personal Information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

X. Children's Privacy

The Services are not directed to, intended for, or designed to attract children under the age of eighteen (18) years. We do not knowingly collect Personal Information from children under the age of eighteen (18). In compliance with the Children's Online Privacy Protection Act ("COPPA"), We do not knowingly collect Personal Information from children under the age of thirteen (13).

If you are a parent or legal guardian and believe that your child has provided Personal Information to Us, please contact Us immediately at info@getpend.ai with the subject line "Child Privacy Concern."

XI. Changes to This Policy

PEND AI reserves the right to modify, amend, update, or replace this Privacy Policy at any time. If We make material changes to this Policy, We will provide notice by: (i) updating the "Last Updated" date; (ii) prominently posting a notice on Our website; and/or (iii) sending an email notification. Material changes will take effect thirty (30) days after such notice is provided.

XII. Contact Us