How we handle your data.

This privacy policy applies to the public SoftSight marketing website at softsight.ai and softsight.net, including the blog, product pages, demo, beta application, careers, ROI calculator, and newsletter signup. It does not cover personal data processed inside the SoftSight platform itself (AIPM and SurveyGuard) — that processing is governed by the separate Data Processing Agreement signed with each customer.

SoftSight Private Limited (a company incorporated in India and operated from New Delhi) is the data controller for personal data described in this policy. For general inquiries, write to info@softsight.io. For privacy questions specifically, reach us at privacy@softsight.io.

We only hold personal data you give us, plus minimal usage signals from your visit. We do not buy contact lists, scrape third-party profiles, or enrich your record with data from brokers.

Information you give us directly

• Demo and contact forms: name, work email, company, role, team size, and anything you write into a free-text field.
• AIPM Beta application: name, work email, role, agency name, country, concurrent study volume, current operations stack, why you’re applying, earliest start date, and your bi-weekly feedback commitment.
• Beta fit survey (optional): the 27 questionnaire answers covering supply economics, capacity, quality risk, build-vs-buy posture, and commercial posture.
• Careers application and assessments: name, email, role applied for, CV/portfolio link if shared, and answers to our process-knowledge and head-of-supply assessments.
• ROI calculator: the figures you enter (agency size, sample spend, quality event cost, etc.) and the email address you provide if you ask us to send a report.
• Newsletter: the email address you submit, plus a source tag indicating where you subscribed from (e.g. footer).

Information collected automatically

• Vercel Analytics: aggregated pageview counts, referrer, country, device class, and browser family. Cookieless and unable to identify individual visitors.
• Vercel Speed Insights: anonymous Core Web Vitals (LCP, INP, CLS, FCP, TTFB) per route. Cookieless.
• Server logs: Vercel records standard request metadata (timestamp, route, status code, user-agent, IP) for operational and security purposes. IPs are not used to build profiles.

We do not use cross-site advertising trackers, fingerprinting SDKs, session replay, or social media pixels (no Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Hotjar, or similar).

• Reply to your enquiry. Demo requests, beta applications, and contact form messages are read by the founding team and replied to within 5 business days.
• Evaluate cohort fit. Beta application details and fit-survey answers help us decide whether Cohort 01 is the right pilot for your agency. Decisions are made by humans, not by automated profiling.
• Process job applications. Careers data is used only for the role you applied for, plus role-similar openings if you opt in.
• Send our newsletter. One short email a month. Every send includes a one-click unsubscribe.
• Generate ROI reports. If you ask us to email you a copy of your ROI calculation, we use your address for that single send.
• Improve the site. Aggregated analytics tell us which pages help visitors and where load performance is slow. We never associate analytics with named visitors.
• Comply with law and protect rights. Where strictly necessary to comply with legal obligations, defend claims, or prevent abuse of the site.

If you’re in the United Kingdom, the European Economic Area, or Switzerland, we rely on the following GDPR / UK GDPR legal bases:

• Consent for the newsletter and for any optional form fields. You can withdraw consent at any time.
• Legitimate interests for responding to demo and beta enquiries, evaluating job applications, running aggregated analytics, and securing the site. Our interest is running and improving our business; we’ve balanced this against your rights.
• Contract / steps prior to contract where you ask us to provide a service (such as emailing your ROI report or scheduling a scoping call).
• Legal obligation where retention or disclosure is required by applicable law.

These are the third parties who process personal data on our behalf. We’ve chosen each one because their security and privacy posture is mature, and we keep this list current.

We do not sell or rent personal data, and we do not share it with advertising networks. Where a sub-processor changes materially, we update this list and the effective date at the top of this policy.

The marketing site sets no advertising or cross-site tracking cookies. Specifically:

• Analytics: Vercel Analytics and Speed Insights do not use cookies. They report aggregated, anonymous metrics.
• Forms: When you start the beta application and tick the optional fit-survey checkbox, your name, email and role are stored briefly in your browser’s sessionStorage so the next page can pre-fill them. This is cleared when you close the tab.
• Operational cookies: Vercel may set a short-lived first-party cookie purely to keep the site functioning (for example, load-balancing or anti-abuse). These expire on browser close and contain no personal data we can read.

Because we don’t use marketing or analytics cookies, there is no consent banner. If we ever change this, we’ll implement a proper consent mechanism before the change goes live.

• Newsletter subscribers: until you unsubscribe. One-click unsubscribe is in every email and your address is removed from the list immediately.
• Demo, beta, and contact form submissions: up to 24 months from the date of submission, unless we’re in active conversation about a pilot or contract.
• Careers applications and assessments: up to 12 months after a hiring decision, then deleted. We keep anonymous aggregate hiring stats indefinitely.
• ROI calculator submissions: up to 6 months, then deleted unless you become a customer.
• Analytics: aggregated and retained according to Vercel’s standard analytics retention.
• Server logs: rotated by Vercel within their standard log retention window.

You can ask us to delete your data earlier than the periods above — see “Your rights” below.

Our hosting, form, and email providers are based in the United States with edge presence in the European Union. If you’re accessing the site from the UK, EEA, or Switzerland, your data may be transferred to and processed in the United States or other countries.

Where required, transfers rely on the European Commission’s Standard Contractual Clauses, the UK’s International Data Transfer Addendum, or other approved transfer mechanisms agreed with each sub-processor.

All traffic to and from the site is encrypted in transit using TLS. Form submissions, newsletter signups, and assessment responses are transmitted directly to our sub-processors over HTTPS. API keys for third-party services are stored as encrypted environment variables on Vercel and are never exposed to the browser.

Inside our team, access to submission data is limited to the members who need it to do their jobs. We use multi-factor authentication on every account that touches personal data and we keep an internal sub-processor inventory.

No system is perfectly secure. If we ever experience a personal data breach that affects your information and is likely to result in a risk to your rights, we will notify you and any competent supervisory authority as required by law.

Wherever you live, you can ask us to:

• Access the personal data we hold about you;
• Correct any data that is inaccurate or incomplete;
• Delete your data, subject to limited exceptions (e.g. records we’re legally required to keep);
• Restrict or object to certain processing, including any processing based on legitimate interests;
• Receive a portable copy of the data you provided to us in a structured, machine-readable format;
• Withdraw consent at any time where processing is based on consent.

UK / EEA / Swiss residents additionally have the right to lodge a complaint with their local data protection authority. California residents have the specific rights described in the CCPA / CPRA, including the right to know, delete, and limit sensitive personal information — even though we do not sell or share personal data as those terms are defined under California law.

To exercise any of these rights, email privacy@softsight.io. We may need to verify your identity before responding, and we aim to reply within 30 days (or sooner where required by law). You will not be discriminated against for exercising any right.

SoftSight is built for market research professionals and is not directed at children. We do not knowingly collect personal information from anyone under 16 (or under the equivalent age in your jurisdiction). If you believe a child has provided us with personal data, contact us and we’ll delete it.

We may update this policy from time to time — for example, when we add a new sub-processor or change how a form works. The effective date at the top of the page always reflects the most recent revision. If we make a material change that affects how we use existing personal data, we’ll notify you by email where we have your address.

For any privacy question, data request, or complaint, email privacy@softsight.io. If we can’t resolve your concern, you have the right to raise it with the data protection authority in your country of residence.