Privacy Policy
This comprehensive privacy policy explains how OrgAcuity collects, uses, and protects your personal data in compliance with GDPR, CCPA, and other applicable privacy laws.
Table of Contents
1. About OrgAcuity
OrgAcuity, LLC ("OrgAcuity," "we," "our," or "us") is a United States‑based B2B software company that provides employee‑listening and people‑analytics solutions. Our Services include our public website (www.orgacuity.com), web and mobile applications, APIs, and related support offerings (collectively, the "Services").
2. Roles and Definitions
"Personal data"
means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual.
"Controller"
determines the purposes and means of processing personal data. For survey data, the customer organization acts as the Controller.
"Processor"
processes personal data on behalf of the Controller. OrgAcuity acts as a Processor when our customers store or analyze employee data in the platform.
"Sub‑processor"
is a third party engaged by OrgAcuity that processes personal data to help deliver the Services.
3. Personal Data We Collect
a. Data You Provide
- • Account details – name, corporate email address, phone number, job title, and company name when you create or manage an account.
- • Customer content – survey questions, responses, comments, and demographic metadata loaded by Controllers.
- • Billing data – invoicing address, purchase‑order numbers, and payment‑method details (handled by our PCI‑DSS‑compliant payment processor).
- • Communications – emails, chat transcripts, or support tickets you exchange with our teams.
b. Data We Collect Automatically
- • Log and usage data – IP address, browser type, referring/exit pages, and timestamps.
- • Device data – device type, operating system, unique device identifiers, and crash diagnostics.
- • Cookies & similar technologies – to authenticate users, remember preferences, and analyze site traffic. For details, see our Cookie Policy.
c. Data from Third Parties
We may receive information from authorized integration partners (e.g., HRIS vendors), professional networking sites, and publicly available sources, always in accordance with applicable contracts and laws.
4. How We Use Personal Data
We process personal data to:
- • Provide, maintain, and secure the Services.
- • Deliver dashboards, reports, and analytics on employee feedback.
- • Improve and develop new features.
- • Respond to your inquiries and provide support.
- • Enforce our contracts and comply with legal obligations.
- • Protect the rights, property, or safety of OrgAcuity, our customers, and others.
5. Legal Bases for Processing (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
- • Your consent (Art. 6 (1)(a)).
- • Performance of a contract (Art. 6 (1)(b)).
- • Legitimate interests, such as product improvement and fraud prevention (Art. 6 (1)(f)).
- • Compliance with a legal obligation (Art. 6 (1)(c)).
6. How We Share Personal Data
We do not sell personal data. We disclose it only:
- • Within your organization – to the users you authorize.
- • To vetted sub‑processors – cloud hosting, email delivery, analytics, and customer‑support providers who enter into Data Processing Agreements with us. Our live list is available at orgacuity.com/subprocessors.
- • To professional advisors – legal, tax, or auditors under confidentiality duties.
- • In corporate transactions – e.g., merger or asset sale, with 30 days' advance notice.
- • When required by law – after assessing the request and, where permitted, informing you.
7. International Data Transfers
OrgAcuity is headquartered in the United States and may process data in other countries. We protect international transfers through:
- • Self‑certification under the EU–U.S. Data Privacy Framework and the UK Extension.
- • Standard Contractual Clauses (SCCs) where the DPF does not apply.
- • Additional technical and organizational safeguards as needed.
8. Data Retention
We keep personal data only as long as needed for the purposes described:
Survey response data
Duration of the customer contract plus 12 months (unless the Controller deletes it sooner).
Support tickets & logs
3 years.
Billing records
7 years to satisfy accounting laws.
After these periods we securely delete or anonymize data.
9. Security Measures
We use industry‑standard safeguards, including encryption in transit and at rest, least‑privilege access controls, regular penetration testing, and third‑party SOC 2 Type II audits.
10. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data; to object to certain processing; to receive data portability; and to lodge a complaint with a supervisory authority. To make a request, email privacy@orgacuity.com.
a. California Privacy Notice
Pursuant to the California Consumer Privacy Act (CCPA/CPRA), we provide this Notice at Collection. We do not "sell" or "share" (for cross‑context behavioral advertising) your personal data. We honor Global Privacy Control signals and provide a "Do Not Sell/Share My Personal Information" link in the website footer.
11. Third‑Party Services & Links
Our Services may link to third‑party sites or allow integrations. Their privacy practices govern any information you provide to them, not this policy.
12. Changes to This Policy
We will post any updates on this page and, if changes are material, provide at least 30 days' prior notice via email or in‑app message. Continued use of the Services after the effective date constitutes acceptance of the changes.
13. Contact Us
Company Address
OrgAcuity, LLC
6 Cardinal Way, Suite 900
St. Louis, MO 63102 USA
Contact Information
EU Representative (Art. 27 GDPR): TBD – see orgacuity.com/gdpr‑rep when appointed.
14. Version History
Version 1.1
June 27, 2025Added controller/processor roles, sub‑processor list reference, California Notice at Collection, DPF certification, retention periods, and children's data statement.
Version 1.0
June 26, 2025Initial policy.
Questions About Your Privacy?
Our privacy team is here to help you understand your rights and how we protect your data. Contact us for any privacy-related questions or concerns.