Privacy Policy
Last updated: February 18, 2026
Stand 8 ("Stand8," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit stand8.ai and its subdomains (the "Site"), operated by Stand 8 AI, a division of Stand 8, or use our services.
1. Information We Collect
1.1 Information You Provide
We collect information you voluntarily provide when using our Site:
- Contact information — name, work email address, phone number, company name, and job title (via contact forms, consultation requests, and event registration)
- Assessment data — industry selections, question responses, and organizational maturity indicators (via the AI Readiness Assessment)
- Event registration data — name, email, company, job title, AI readiness level, and business challenges (via event registration forms)
- Chat messages — messages you send to our AI Concierge ("ERIC"), if you consent to conversation saving
1.2 Information Collected Automatically
- Device and usage data — page views, performance metrics, and general usage patterns collected via Vercel Analytics
- IP address — collected during event registration for fraud prevention
- Referral data — referrer URL, UTM parameters (source, medium, campaign) to understand how you found us
1.3 Cookies and Local Storage
We use essential cookies for authentication and site functionality, and analytics cookies for performance monitoring. See our Cookie Policy for a complete inventory.
2. How We Use Your Information
- To provide and operate our services, including the AI Readiness Assessment and AI Concierge
- To generate personalized assessment results, scores, and recommendations
- To respond to your inquiries and consultation requests
- To send transactional emails (assessment results, consultation confirmations)
- To improve our Site and services through aggregated analytics
- To detect and prevent fraud or abuse
3. AI Processing and Third-Party AI Services
This is important. Our Site uses artificial intelligence to provide certain features. When you use AI-powered features, your data may be sent to third-party AI service providers for real-time processing:
| Feature | AI Provider | Data Sent |
|---|---|---|
| AI Concierge ("ERIC") | Anthropic (Claude) | Chat messages you type during the conversation |
| Industry suggestion | Anthropic (Claude) | Company name and email domain |
| Assessment recommendations | Anthropic (Claude)* | Assessment scores, industry, and anonymized response patterns |
Key protections regarding AI processing:
- All AI providers are used under API terms of service that prohibit training on your data. Your inputs and outputs are not used to improve or train any AI model.
- Data is sent for real-time generation only and is not stored by the AI provider beyond their standard API processing retention (typically deleted within 30 days per provider policy).
- The AI Concierge clearly identifies itself as an AI assistant, not a human. AI-generated content is informational only and should not be the sole basis for business decisions.
4. Automated Decision-Making
Our AI Readiness Assessment uses automated scoring algorithms to calculate maturity scores and generate recommendations. These scores are based on your responses and industry benchmarks. These results are informational only — they do not constitute professional advice and are not used to make binding decisions about you or your organization.
If you believe an automated result is inaccurate, you may contact us to request a human review.
5. Data Sharing and Disclosure
We do not sell your personal information to third parties. We share data only with:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting and authentication | All stored data (encrypted at rest) |
| Vercel | Website hosting and analytics | Page views, performance metrics |
| Anthropic (Claude) | AI processing (see Section 3) | Data sent per feature as described above |
| Resend | Transactional email delivery | Email address, email content |
| Microsoft (Entra ID) | Employee authentication only | Employee directory data (not consumer data) |
We may also disclose information if required by law, legal process, or to protect the rights and safety of Stand8 or others.
6. Data Retention
- Assessment data — retained for 2 years from creation, then automatically purged
- AI Concierge conversations — retained for 90 days if you consented to saving, then automatically purged. If you selected "Chat Only," no conversation data is stored.
- Contact form submissions — retained for 1 year
- Event registration data — retained for 1 year after the event
- Analytics data — aggregated and anonymized; raw data retained per Vercel's standard retention policy
7. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
7.1 All Users
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate information
- Deletion — request deletion of your personal data
- Opt-out of AI conversation saving — select "Chat Only" in the AI Concierge to prevent conversation storage
7.2 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, as amended, you have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Opt out of the "sale" or "sharing" of personal information — we do not sell or share your personal information
- Non-discrimination for exercising your privacy rights
7.3 European Residents (GDPR)
Under the General Data Protection Regulation, you have additional rights including:
- Right to data portability
- Right to restrict processing
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
Our lawful bases for processing are: consent (for AI Concierge conversation saving and analytics cookies), legitimate interest (for providing services you requested), and contractual necessity (for assessment and consultation services).
7.4 Colorado Residents
Under the Colorado Privacy Act, you have similar rights to access, correct, delete, and opt out of targeted advertising and profiling. We do not engage in targeted advertising or profiling for consequential decisions.
8. How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@stand8.io
- Subject line: "Privacy Request — [Your Request Type]"
We will respond to verified requests within 30 days (45 days for complex requests, with notice).
9. Data Security
Stand8 maintains ISO 27001 certification and SOC 2 Type II attestation. We implement appropriate technical and organizational measures to protect your information, including:
- Encryption at rest and in transit (TLS 1.2+)
- Role-based access controls with least-privilege principles
- Row-level security (RLS) policies on database tables
- Regular security reviews and vulnerability assessments
- Service role keys restricted to server-side operations only
- Infrastructure hosted on SOC 2-compliant providers (Vercel, Supabase)
For detailed information about our security practices and to request compliance documentation, visit our Trust Center at security.stand8.io.
No method of electronic transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us at privacy@stand8.io.
10. Children's Privacy
Our Site and services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it.
11. International Data Transfers
Your information may be transferred to and processed in the United States where our servers and service providers are located. If you are located outside the United States, your information will be transferred to the U.S. for processing, subject to the protections described in this policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Site after changes constitutes acceptance of the revised policy.
13. Contact Us
For questions about this Privacy Policy or our data practices:
- Stand 8
- Email: privacy@stand8.io
- Website: stand8.ai