Privacy Policy

1. Data Roles

SBOS is a multi-tenant B2B platform. Your business subscribes to the platform and uses it to manage your operations. Data roles are split accordingly:

Business operational data. For data your business creates and inputs into the platform — SOPs, KPI data, financial entries, assessment responses, org information — your business is the data controller. Stintwell processes this data on your behalf as a data processor, acting only to deliver the platform services.

Account and usage data. For data Stintwell collects about how the platform is accessed and used — account registration details, session data, usage analytics — Stintwell acts as the data controller.

If you require a formal Data Processing Agreement (DPA), contact us at help@stintwell.com.

2. Information We Collect

Information You Provide

• Account registration. Business name, your name, email address, job title, and billing details when you create an account.
• Invited users. Name and email address for users you invite to your business account.
• Assessment responses. Your answers to operational diagnostic questions, organizational information, headcount, and aggregated financial summaries (revenue ranges, margin ranges).
• Business operational data. Content you create within platform modules: SOPs, KPI targets and actuals, financial metrics, org charts, meeting records, projects, and tasks.
• AI interactions. Inputs and prompts you provide to AI-powered features.
• Support communications. Messages you send to help@stintwell.com.

Information Collected Automatically

• Usage data. Pages and features accessed, session duration, actions taken, and error logs.
• Device and browser data. Browser type, operating system, IP address, and referring URL.
• Session recordings. Mouse movements, clicks, and scrolling behavior, collected via Mouseflow to help us understand and improve the platform experience.
• Cookies. See the Cookies section below.

What We Do Not Collect

We do not collect Social Security numbers, government-issued ID numbers, detailed bank account information, payment card details (handled directly by Stripe), health information, or consumer personal data unrelated to your business relationship with us.

3. How We Use Information

• Deliver the platform. Provide access to SBOS modules and return results and recommendations based on your data.
• Power AI features. Send relevant context to either OpenAI's API or Anthropic's API — depending on your tier — to generate coaching responses and AI-assisted content. The free tier uses OpenAI; all paid tiers use Anthropic. See Section 4.
• Process payments. Pass billing details to Stripe to manage your subscription.
• Support you. Respond to support requests, diagnose issues, and communicate about your account.
• Improve the platform. Analyze aggregated, anonymized usage patterns to make the product better. We do not use identifiable business data for product improvement.
• Benchmarking. We may publish high-level, anonymized industry insights derived from aggregated assessment data. No individual business is identifiable in any published benchmark. Using your name or testimony publicly requires your explicit written consent.
• Legal compliance. Meet legal obligations, prevent fraud, and enforce our Terms of Service.
• Marketing. Send product updates and communications. You can opt out at any time.

4. AI Data Processing

The platform includes AI-powered features: diagnostic assessment analysis, an AI coaching assistant, and AI tools for drafting SOPs and operational content.

What gets sent to AI providers. When you use AI features, we send only the specific, limited information needed to perform that particular task — such as the content you're drafting or a single assessment response. We do not send information that identifies your business or your customers to any AI provider. For example, the text of an SOP is sent for AI-assisted editing, but it is not linked to your account, your business name, or any other identifying details. We do our best to anonymize information before it leaves the system. The free tier uses OpenAI's API; all paid tiers use Anthropic's API (Claude). Neither provider trains their models on data submitted via the API.

What AI providers receive. The AI provider processes your inputs only to generate the requested response. They do not use your data for any other purpose.

What not to submit. Do not enter sensitive personal data — employee Social Security numbers, private medical information, or detailed financial account numbers — into AI features. AI tools are designed for business operational context.

AI output limitations. AI-generated content is a starting point, not a final work product. It may be incomplete, imprecise, or wrong in context-specific ways. Review all AI-generated content before using it — especially in regulated or sensitive domains.

5. Sub-Processors and Third-Party Services

We use the following third-party services to deliver the platform:

We do not sell your data. We do not share your data with advertisers.

We may share data with third parties when legally required (for example, in response to a valid court order), in connection with a merger or acquisition (with reasonable notice to you), or with your explicit consent.

6. Multi-Tenant Data Isolation

SBOS is a multi-tenant platform. Your business data is logically isolated from every other business on the platform using row-level security controls enforced at the database layer. Other businesses cannot access your data, and you cannot access theirs.

Cross-business access — for example, an advisor accessing a client's account — only happens when the account holder explicitly grants it through the platform's access controls.

7. Data Retention

Active accounts. We retain your data for as long as your account is active.

After account termination. Your data is available to export for 90 days after your account ends. After that window closes, your business data is permanently deleted. We don't hold onto data after you leave.

Exceptions. We may retain certain records longer when required by law — for example, financial records for tax compliance.

Marketing data. Retained until you opt out or request deletion.

Analytics data. Anonymized usage data is retained for up to 36 months.

8. Data Security

SBOS is built on best-in-class infrastructure. We protect your data with:

• Row-level security at the database layer, enforcing strict business-scoped access
• Encryption at rest and in transit (TLS)
• Access controls limiting who at Stintwell can access your data

No system is completely immune to breach. If you become aware of a security issue, contact us immediately at help@stintwell.com.

9. Your Rights and Choices

All users:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request that we correct inaccurate data.
• Deletion. Request deletion of your personal data, subject to legal retention requirements.
• Export. Export your business data at any time through the platform's export tools — available during your entire subscription, no restrictions.
• Marketing opt-out. Use the unsubscribe link in any marketing email, or contact help@stintwell.com.

California residents (CCPA/CPRA). You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of your personal information. Stintwell does not sell personal information.

EU/EEA residents (GDPR). You have the right to access, correct, delete, restrict, and port your personal data. You have the right to object to processing and to lodge a complaint with your local data protection authority. For data we process as a data processor on behalf of your business, direct requests to your business's account administrator. For data we control directly, contact us at help@stintwell.com.

Canadian residents. You have the right to access your personal data and withdraw consent for certain processing. Your data may be processed in the United States. By using the platform, you consent to this transfer.

To exercise your rights, contact help@stintwell.com. We will respond within 30 days.

10. Cookies and Session Recording

Cookies. We use cookies to keep you logged in, enable platform functionality, and collect analytics. You can manage cookies through your browser settings, though disabling certain cookies may affect how the platform works.

Session recording. We use Mouseflow to record sessions — mouse movements, clicks, and scrolling — to understand how the platform is being used and improve the experience. Where local law requires consent for session recording, we will obtain it.

11. Children's Privacy

The platform is not directed at individuals under 18. We do not knowingly collect data from anyone under 18. If you believe we have, contact us at help@stintwell.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email and post a notice on the platform. The "Last Updated" date at the top reflects the most recent revision. Continued use after the effective date constitutes acceptance.

13. Contact

Stintwell LLC
Email: help@stintwell.com
Website: stintwell.com