Thuja Data & Privacy Policy

Introduction

Welcome to Thuja's Data and Privacy Policy. At Thuja ("we," "our," or "us"), we understand that your privacy and the security of your data are of paramount importance. As an insight automation platform committed to transforming how businesses collect and analyze data, we believe in complete transparency regarding how we handle your information. This comprehensive policy outlines our practices for collecting, using, protecting, and eventually democratizing your data through our platform.

Definitions

For clarity in this policy, we define several key terms. The "Platform" refers to Thuja's insight automation platform, including all its features and services. "Personal Data" encompasses any information relating to an identified or identifiable natural person. "Form Data" includes all content and responses collected through our interactive forms. A "User" is defined as any individual or entity that uses our platform. "AI Analysis" refers to our proprietary artificial intelligence systems that process and analyze data.

Data Collection and Purpose

Information You Provide

When you use our platform, we collect several types of information to provide and improve our services. During account creation, we gather your name, email address, and business information, along with any additional details you choose to provide during registration. As you use our platform, we collect all content submitted through our interactive forms, including text inputs, audio recordings, and video submissions. We also maintain records of your interactions with our platform, including your usage patterns and technical information about your device and internet connection. Additionally, we preserve any information you share with us through customer support channels, feedback forms, or other communication methods

Automated Data Collection

Our platform employs automatic collection of technical information essential for optimal performance. This includes log data such as your IP address, browser type, and operating system details necessary for platform operation. We gather information about platform performance and error reports to maintain and improve our services. Essential cookies and similar technologies are employed to maintain platform functionality and security, as these are fundamental to the platform's effective operation.

Data Usage and Processing

We utilize your data exclusively for specific, defined purposes. The primary function is to operate our platform, which includes facilitating form creation, collecting responses, and generating insights. Our artificial intelligence systems analyze form responses to provide automated insights, identify patterns, and generate actionable recommendations. To continuously improve our platform, we analyze usage patterns and performance metrics while maintaining user privacy. Security is paramount, and we use data to detect and prevent potential threats, fraud, and other harmful activities.

Data Storage and Security

Our commitment to data security is reflected in our comprehensive infrastructure and practices. We employ enterprise-grade encryption for all data, both in transit and at rest, using industry-standard protocols. Our server infrastructure is housed in secure, SOC 2 compliant facilities, with regular security audits conducted to identify and address potential vulnerabilities. Access to our systems is strictly controlled through robust authentication mechanisms and continuous monitoring.

Data Ownership and Control

Thuja is pioneering a revolutionary approach to data ownership in the insight automation industry. We firmly believe that you retain complete ownership of all data you generate or collect through our platform. Our role is solely as a processor of your data, and we never assume ownership rights. Your data remains your property and is never sold, rented, or shared with third parties for marketing or monetary purposes. We do not monetize your data through advertising or any other means, and you maintain full control over how your data is used and shared.

Data Retention and Deletion

Our data retention policies are designed to balance user needs with privacy considerations. For active accounts, we maintain data for the duration of the subscription to ensure continuous service delivery. When an account is deleted, we initiate a comprehensive removal process that permanently eliminates all associated data within 30 days. Our backup systems retain data for a maximum of 90 days to ensure disaster recovery capabilities while maintaining user privacy. System logs are maintained for 12 months solely for security and troubleshooting purposes, after which they are permanently deleted.

Third-Party Interactions

We maintain strict controls over third-party access to your data. Any service providers we work with must meet rigorous security standards and are granted access only for specific, necessary functions. These providers are bound by strict contractual obligations to protect your data and maintain confidentiality. We maintain detailed records of all third-party data access to ensure transparency and accountability. It is fundamental to our mission that we never share your data with third parties for marketing purposes, never allow third parties to access your data for their own purposes, and never enable third-party tracking or advertising.

Compliance Framework

Our commitment to privacy extends to maintaining full compliance with major privacy regulations worldwide. We adhere to the requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable state and federal privacy laws. For international data transfers, we implement appropriate safeguards and maintain detailed documentation of our transfer mechanisms. Our compliance framework is regularly updated to reflect changes in privacy laws and regulations.

Children's Privacy Protection

Thuja's services are designed for adult users and businesses, and we do not knowingly collect or maintain information from individuals under 13 years of age. Should we discover that we have inadvertently collected information from a child under 13, we will promptly delete that information. Parents or guardians who believe we may have collected information from a child under 13 can contact us immediately, and we will take appropriate action to remove the information from our systems.

Policy Updates and Communications

As our platform evolves and privacy regulations change, we may need to update this policy. When we make material changes, we are committed to providing clear communication to all users well in advance of implementation. We use multiple channels to ensure users are informed of changes, including email notifications, platform announcements, and website updates. Users will have the opportunity to review changes and raise any concerns before they take effect. We maintain a detailed change history that users can access at any time.

Contact Information and Support

We encourage users to reach out with any questions or concerns about this policy or their data. Our privacy team can be reached at privacy@jointhuja.com, and we maintain dedicated support channels for privacy-related inquiries. We strive to respond to general inquiries within two business days, while urgent privacy concerns are addressed within 24 hours. For data access requests, we ensure completion within 30 days as required by applicable privacy regulations.

Contact Information and Support

We encourage users to reach out with any questions or concerns about this policy or their data. Our privacy team can be reached at privacy@jointhuja.com, and we maintain dedicated support channels for privacy-related inquiries. We strive to respond to general inquiries within two business days, while urgent privacy concerns are addressed within 24 hours. For data access requests, we ensure completion within 30 days as required by applicable privacy regulations.

Emergency Procedures

We maintain comprehensive procedures for handling data-related emergencies. In the event of a data breach, we will notify affected users within 72 hours, providing detailed information about the incident and steps taken to address it. During any service interruptions, we prioritize data protection and maintain transparent communication about the situation's impact and resolution process. Our emergency response team is available 24/7 to address critical privacy and security incidents

Closing Statement

This privacy policy reflects our unwavering commitment to protecting your data while providing innovative insight automation services. We continuously review and update our practices to maintain the highest standards of data protection and user privacy. By using Thuja's platform, you can be confident that your data is handled with the utmost care and respect for your privacy rights