Legal
Privacy Policy
Effective Date: May 1, 2026 · Last Updated: May 5, 2026
This Privacy Policy explains how Staffinity, LLC(“Staffinity,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our AI-powered workforce automation platform, visit our website, or interact with our services.
1. Who We Are
Staffinity, LLC is a technology company headquartered in Palm Beach, FL. We provide AI-agent automation integrated with enterprise communication platforms including Microsoft Teams and Slack.
2. What Data We Collect
Conversation Content
Teams and Slack messages processed by Staffinity AI agents, including message text and context required to generate agent responses.
User Identifiers
Microsoft Azure AD object ID, display name, and email address. These identifiers are used solely to associate agent sessions with the correct user.
Usage Metadata
Timestamps, session IDs, message counts, and platform event logs used for service delivery, debugging, and analytics.
Contact Form Submissions
Name, email address, and company name submitted through our website contact forms.
Payment Information
Payment card details are handled exclusively by Stripe, our PCI-DSS-certified payment processor. Staffinity does not store, transmit, or process raw payment card data.
3. How We Use Your Data
- 1Delivering AI agent responses and automating workflows within your communication platform
- 2Maintaining conversation history and agent memory to provide contextually aware responses
- 3Platform analytics and service improvement
- 4Billing, account management, and customer support
- 5Security monitoring, fraud detection, and compliance obligations
4. Legal Basis for Processing (GDPR)
Legitimate Interest
Service delivery, security, and fraud prevention where our interests do not override your rights.
Contract Performance
Processing necessary to deliver the service you have contracted with us to provide.
Consent
Where required by applicable law, we obtain your explicit consent before processing.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Conversation history | 7 years from creation |
| User profiles | Deleted within 30 days of account termination |
| Audit logs | 7 years for compliance purposes |
| Contact form submissions | 2 years unless converted to a customer account |
6. Data Sharing & Sub-Processors
✓ Staffinity does not sell personal data to any third party.
AI providers do not use Staffinity client data to train shared or public models.
We share data only with the following approved sub-processors as strictly necessary to provide the service:
Anthropic
Claude AI — generates agent responses
No model training on client data
Amazon Web Services
Cloud infrastructure and storage
SOC 2 Type II certified
Microsoft
Teams integration and Azure AD identity
ISO 27001 certified, Enterprise Agreement
Perplexity AI
Web search capability for agents
DPA in place (perplexity.ai/hub/legal/dpa); no training on client data
Stripe
Payment processing
PCI-DSS Level 1 certified
7. Your Rights
GDPR Rights (EU/EEA Residents)
- ›Access your personal data
- ›Request deletion (‘right to be forgotten’)
- ›Data portability
- ›Correct inaccurate data
- ›Restrict or object to processing
- ›Lodge a complaint with your supervisory authority
Response time: 30 days
CCPA Rights (California Residents)
- ›Know what personal information we collect
- ›Delete personal information
- ›Correct inaccurate information
- ›Opt-out of sale (N/A — we do not sell data)
- ›Non-discrimination for exercising rights
Response time: 45 days
To Exercise Your Rights
Email privacy@staffinity.io with your request, full name, and email address associated with your account. We will verify your identity before processing any request.
8. International Data Transfers
Staffinity is based in the United States. If you are located in the European Union or European Economic Area, your personal data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to lawfully transfer personal data from the EU to the US.
9. Cookies
Staffinity uses strictly necessary session cookies to maintain authenticated sessions and minimal analytics cookies to understand aggregate usage patterns. We do not use tracking cookies, advertising cookies, or cross-site tracking. See our Cookie Policy for full details.
10. Contact & Data Protection Officer
For any privacy questions, requests, or concerns, please contact our Data Protection Officer:
This policy was last updated on May 5, 2026. We may update this policy periodically. Continued use of our services constitutes acceptance of the updated policy.