When visiting the website www.staffyai.com, you are required to familiarize yourself with our Privacy Policy. Changes and additions may be made to this Policy, and accordingly, StaffyAI encourages you to periodically review it.
A User who voluntarily provides personal information to StaffyAI automatically grants permission for StaffyAI to use the User’s data for storage and processing purposes.
This Privacy Policy defines the rules, purposes, conditions of use, and storage of StaffyAI Users’ personal data. Based on the Law of Georgia on «Personal Data Protection» and the General Data Protection Regulation (GDPR), StaffyAI aims to protect Users’ personal data.
This document (Privacy Policy) is an integral part of the terms and conditions of use of the StaffyAI website, which is a mutually binding document.
The terms used in this document have the following meanings:
StaffyAI (hereinafter «we,» «our,» «website») - StaffyAI Inc., a company established in accordance with the laws of [Your Jurisdiction, e.g., Delaware, USA], registered at: [Your Registered Address];
Personal data - any information related to an identified or identifiable natural person. A natural person is identifiable when it is possible to identify them directly or indirectly, including by name, surname, identification number, geolocation data, electronic communication identification data, physical, physiological, mental, psychological, genetic, economic, cultural, or social characteristics;
Data processing - any operation performed on data, including collection, retrieval, access, photographing, video monitoring, and/or audio monitoring, organization, grouping, interconnection, storage, modification, recovery, retrieval, use, blocking, deletion, or destruction, as well as disclosure of data by transmission, publication, dissemination, or making it otherwise accessible;
The data subject (hereinafter referred to as the User) - any natural person whose data is being processed;
Consent of the data subject (User) - the freely and clearly expressed will of the data subject, after receiving the relevant information, to process data about them for a specific purpose, expressed actively, in writing (including electronically) or orally;
Data controller - a natural person, legal entity, or public institution that determines the purposes and means of data processing individually or together with others and carries out data processing directly or through a person authorized for processing;
Data processor - a natural person, legal entity, or public institution that processes data for the data controller or on their behalf. A person in a labor relationship with the data controller is not considered a data processor; for the purposes of this document, [Your Data Processor, e.g., “our cloud service provider”] is also considered a data processor;
Third-party - a natural person, legal entity, or public institution, except for the data subject, the personal data protection service, the data controller, the data processor, the special representative, and the person authorized to process data by the direct assignment of the data controller or the data processor;
Direct marketing - the direct and immediate delivery of information to the data subject by phone, mail, email, or other electronic means to form, maintain, realize, or support interest in a natural person and/or legal entity, goods, ideas, services, work, and/or initiative, as well as image and social topics.
Using the StaffyAI website is considered as the User’s consent to the Privacy Policy. Accordingly, the User grants StaffyAI the right to process, store, and use the personal information provided by the User.
This information will be used by StaffyAI to provide services in accordance with applicable laws. Otherwise, StaffyAI is unable to provide any kind of service to the User or enter into a contractual relationship.
The legal basis for the processing of a User’s data by StaffyAI and an authorized person is as follows:
Data processing is necessary to fulfill an obligation under a contract with the data subject and/or to enter into a contract at the request of the data subject;
Based on the User’s consent;
To fulfill obligations imposed by a contractual relationship;
Data processing is necessary to provide services to the User.
StaffyAI processes personal data for the following purposes:
To provide and improve our core service of transforming unstructured data into structured data for enterprise clients, including indexing and organizing their data;
To manage user accounts, process registrations, and authenticate users;
To communicate with users regarding services, updates, and support;
To analyze usage patterns to enhance platform performance and user experience;
For billing and payment processing in relation to enterprise subscriptions;
To comply with legal obligations, such as data retention requirements;
For direct marketing purposes, with user consent, to inform about new features, partnerships, or relevant industry insights;
To prevent fraud, ensure security, and protect against unauthorized access to enterprise data.
We only process data necessary for these purposes and in accordance with our commitments to data minimization and purpose limitation.
StaffyAI collects personal data in the following ways:
Directly from Users: When you register an account, subscribe to services, upload unstructured data for processing, or contact support, we collect information such as name, email address, company details, billing information, and any data you provide in communications.
Automatically: Through cookies, logs, and analytics tools, we collect usage data like IP address, browser type, device information, pages visited, and interaction timestamps to improve our services.
From Enterprise Clients: When working with enterprise companies, we process data they provide for indexing, which may include employee or customer data, subject to their authorization and our data processing agreements.
From Third Parties: With consent, we may receive data from integrated services or partners to facilitate seamless data transformation workflows.
Personal data is used solely for the purposes outlined above. For enterprise data indexing, we apply strict access controls and pseudonymization where possible to protect sensitive information. We do not sell or rent personal data to third parties.
StaffyAI may share personal data with:
Service Providers: Trusted third-party processors (e.g., cloud storage like AWS, payment gateways like Stripe) who assist in data processing, hosting, and analytics, bound by data protection agreements.
Enterprise Clients: Structured data outputs are returned only to the authorized client who provided the input, without retaining unnecessary copies.
Legal Authorities: If required by law, such as in response to subpoenas or to protect rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred with notice to users.
All sharing complies with GDPR and applicable laws, ensuring adequate safeguards like standard contractual clauses for international transfers.
Personal data is retained only as long as necessary for the purposes described:
Account and service data: For the duration of the user relationship plus 7 years for legal compliance.
Enterprise indexed data: As per client agreements, typically deleted upon request or project completion.
Analytics data: Anonymized and aggregated for ongoing improvement, with raw logs retained for 90 days.
Users may request deletion at any time, subject to legal retention requirements.
Under GDPR and applicable laws, users have the right to:
Access their personal data;
Rectify inaccurate data;
Erase data (“right to be forgotten”);
Restrict processing;
Data portability;
Object to processing, including for marketing;
Withdraw consent at any time.
To exercise these rights, contact us at privacy@staffyai.com. We respond within one month.
StaffyAI implements robust security to protect data, including encryption (AES-256 for data at rest, TLS 1.3 for transit), access controls, regular audits, and employee training. For enterprise data, we use role-based access and compliance with standards like SOC 2.
Our site uses cookies for functionality, analytics, and preferences. You can manage them via browser settings. For details, see our Cookie Policy.
StaffyAI does not knowingly collect data from children under 16. If we discover such data, it will be deleted.
Data may be processed in [Your Data Centers, e.g., USA/EU]. We ensure appropriate protections for transfers outside the EEA.
We may update this Policy and will notify users via email or site notice for material changes.
For questions, contact:StaffyAI Privacy OfficerEmail: privacy@staffyai.comAddress: [Your Address]
Last Updated: September 24, 2025