Legal

Privacy Policy

Last updated: June 10, 2026

Your company trusts us with its business information to get better recommendations. This policy explains, plainly, how we protect that trust.

1. Who we are

Systematiq is an AI-powered innovation management platform operated by Systematiq in Laredo, Texas. This policy explains what data we collect when you use systematiq.app, why we collect it, who processes it, and what rights you have over it.

The short version: we collect what we need to run the service, we don't sell your data, and we don't share it with advertisers.

2. Data we collect

  • Account information: your name, work email, company name, and a hashed password (we never see the password itself).
  • Company profile: the industry, size, goals, and context you share during onboarding.
  • Assessment responses: your answers to innovation readiness assessments.
  • Project data: the projects, sprint plans, milestones, and notes you create in the platform.
  • Usage data: pages visited, features used, browser and device type, and IP address, used for security and to improve the product.
  • Payment data: Stripe processes your payments. We never see your full card number; we only receive your subscription status and the last 4 digits of your card.

3. How we use your data

We use your data to:

  • Run the service: assessments, recommendations, sprint plans, and progress tracking.
  • Generate AI recommendations specific to your company (see section 5).
  • Bill your subscription and send receipts.
  • Send transactional emails such as account confirmations, milestone reminders, and proactive nudges from your AI CIO.
  • Provide support when you contact us.
  • Keep the service secure and improve how it works.

We don't sell personal data. We don't share it with advertisers or data brokers.

4. Who processes your data

We rely on a small set of service providers, each handling a specific job:

  • Supabase: hosts our database and handles authentication. Your account, profile, assessment, and project data live here.
  • Stripe: processes payments and stores your payment method.
  • Anthropic: provides the AI models that process your business data to generate recommendations.
  • Resend: delivers our transactional emails.
  • Vercel: hosts the application.

Each provider receives only the data it needs to do its job, under its own data processing terms.

5. How AI processing works

When you run an assessment, generate a sprint plan, or ask your AI CIO for guidance, we send the relevant business data (your company profile, assessment responses, and project context) to Anthropic's API to generate the response.

Anthropic doesn't use data sent through its API to train its models. We don't use your data to train models either. Your business data produces recommendations for you, and nothing more.

6. Data retention

We keep your data while your account is active. If you delete your account, we delete your personal data within 30 days. Encrypted backups purge within 90 days.

We keep billing records longer where tax and accounting law requires it.

7. Your rights

You can ask us at any time to:

  • Access the personal data we hold about you.
  • Correct data that's inaccurate.
  • Delete your data and your account.
  • Export your data in a machine-readable format.

Email hello@systematiq.app and we'll respond within 30 days.

If you're in the European Economic Area or the UK (GDPR): we process your data to perform our contract with you, to pursue our legitimate interest in securing and improving the service, or with your consent. You also have the right to object to processing, to restrict it, and to lodge a complaint with your local supervisory authority.

If you're a California resident (CCPA): you have the right to know what personal information we collect, to request its deletion, and to not be discriminated against for exercising those rights. We don't sell or share personal information as the CCPA defines those terms.

8. Cookies

We use two cookies, both essential:

  • An authentication session cookie that keeps you signed in.
  • A language preference cookie that remembers whether you chose English or Spanish.

That's it. No advertising cookies, no third-party tracking cookies.

9. Security

We encrypt data in transit with TLS and at rest in our database. Row-level security policies ensure each company can only access its own data. Access to production systems is restricted and logged.

No system is perfectly secure. If a breach affects your personal data, we'll notify you without undue delay.

10. Children

Systematiq is a business tool and isn't directed at children. We don't knowingly collect data from anyone under 16. If we learn we've collected data from a child under 16, we'll delete it.

11. Changes to this policy

We may update this policy as the service evolves. We'll post updates on this page and, for material changes, notify you by email or in the app before they take effect. The date at the top always shows the latest revision.

12. Contact

For any privacy question, or to exercise your rights, email us at hello@systematiq.app. We respond within one business day.