← Back to Sign Up
Privacy Policy
Last Updated: November 24, 2025
This Privacy Policy describes how Standing Applause, Inc. ("Company", "we", "us", or "our") collects, uses, and discloses your personal information when you use our service ("Service").
By using Standing Applause, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
We collect information you directly provide to us:
- Account Information: Name, email address, company name, phone number (optional)
- Lead Data: Names, email addresses, phone numbers, and custom fields for leads you upload
- Custom Content: Custom prompts, knowledge base documents, conversation settings
- Integration Credentials: API keys for third-party services (e.g., Calendly)
1.2 Automatically Collected Information
We automatically collect certain information when you use the Service:
- Conversation Data: Transcripts of conversations, BANT qualification scores, session metadata
- Usage Analytics: Feature usage, session duration, click patterns, page views
- Technical Data: IP address, browser type, device information, operating system
- Cookies: Authentication tokens, session identifiers, preference settings
1.3 Payment Information
- Payment information is processed and stored by Stripe, Inc. (our payment processor)
- We do not store your credit card information on our servers
- We receive transaction confirmation and subscription status from Stripe
2. How We Use Your Information
2.1 Service Delivery
- Authenticate your account and provide access to the Service
- Qualify leads using BANT methodology
- Generate conversation transcripts and analytics
- Enable integrations with third-party services (Calendly, etc.)
2.2 AI Training & Improvement
Important: We use your data to train and improve our AI models. Specifically, we use:
- Custom prompts you submit
- Conversation transcripts (anonymized)
- BANT qualification results
- Knowledge base content
- Usage patterns and feature adoption data
All data used for training is anonymized and de-identified. PII is scrubbed before training use.
2.3 Communications
- Send account-related notifications (password resets, billing alerts)
- Provide customer support
- Send product updates and feature announcements (you can opt-out)
2.4 Business Operations
- Process payments and manage subscriptions
- Prevent fraud and abuse
- Comply with legal obligations
- Enforce our Terms of Service
2.5 Analytics & Product Development
- Understand usage patterns and feature adoption
- Identify bugs and performance issues
- Prioritize product roadmap
3. How We Share Your Information
We share your information only in the following circumstances:
3.1 Service Providers
We use third-party service providers to operate the Service:
| Service Provider |
Purpose |
| OpenAI |
GPT-4 API for AI conversation engine |
| Stripe |
Payment processing and subscription management |
| Render |
Cloud hosting and infrastructure |
| Neon |
PostgreSQL database hosting |
| Upstash |
Redis caching and rate limiting |
| Resend |
Transactional email delivery |
These providers access your data only to perform services on our behalf and are obligated to protect it.
3.2 Legal Compliance
We may disclose your information if required by:
- Court order, subpoena, or legal process
- Law enforcement or government requests
- Protection of our rights, property, or safety
- Investigation of fraud, security issues, or Terms violations
3.3 Business Transfers
If Standing Applause is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
3.4 Aggregated/De-identified Data
We may share aggregated, anonymized data that does not identify you personally for research, marketing, or product development.
What We Do NOT Do
- ❌ Sell your personal information to third parties
- ❌ Share your data with advertisers or marketers (except as part of anonymized training data)
- ❌ Rent or lease customer databases
4. Data Retention
We retain your data for the following periods:
4.1 Active Accounts
- Account and usage data retained indefinitely while your subscription is active
- You can delete individual conversations, leads, or KB documents at any time
4.2 Canceled Accounts
- After cancellation, your data is retained for 30 days for export purposes
- After 30 days, your personal data is permanently deleted from production systems
- Backups may retain data for up to 90 days, then automatically purged
4.3 Training Data
- Anonymized data used for AI training is retained indefinitely
- This data cannot be traced back to your account or identity
4.4 Financial Records
- Payment and billing records retained for 7 years (IRS requirement)
4.5 Legal Holds
- Data may be retained longer if required by legal obligations or ongoing disputes
Data Deletion Requests: You can request deletion of your data at any time by contacting privacy@standingapplause.com. Note that deletion does not apply to anonymized training data or records we must retain by law.
5. Data Security
We implement industry-standard security measures to protect your data:
Technical Safeguards
- Encryption in Transit: TLS/SSL for all data transmission
- Encryption at Rest: AES-256 for database storage
- PII Scrubbing: Automated removal of sensitive fields (SSN, credit cards, API keys, passwords)
- Secure Infrastructure: SOC 2 compliant cloud providers (Render, Neon, Upstash)
Access Controls
- Role-based access control (RBAC) for internal systems
- Multi-factor authentication (MFA) for administrative access
- Audit logging of all data access
Operational Safeguards
- Regular security audits and vulnerability scanning
- Employee security training and background checks
- Incident response plan for data breaches
- Third-party security assessments
Your Responsibility
However, no system is 100% secure. You are responsible for:
- Keeping your password confidential
- Notifying us immediately of any unauthorized access
- Using strong, unique passwords
Breach Notification
In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.
6. Your Privacy Rights
Depending on your location, you may have the following privacy rights:
6.1 General Rights (All Users)
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information through your account settings
- Deletion: Request deletion of your account and personal data
- Export: Download your data in JSON or CSV format through your dashboard
- Opt-out: Unsubscribe from marketing emails (account-related emails cannot be disabled)
6.2 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know: What personal information we collect, use, disclose, and sell
- Delete: Your personal information (subject to legal exceptions)
- Opt-out: Of the sale of personal information (we do not sell personal information)
- Non-discrimination: For exercising your rights
6.3 European Residents (GDPR)
If you are located in the European Union, you have the right to:
- Access: Your personal data
- Rectification: Of inaccurate data
- Erasure: "Right to be forgotten"
- Restrict processing: Under certain circumstances
- Data portability: Receive your data in a machine-readable format
- Object: To processing of your data
- Withdraw consent: At any time
- Lodge a complaint: With your local data protection authority
Exercising Your Rights
To exercise these rights, contact us at:
We will respond within 30 days (or as required by applicable law).
7. Cookies & Tracking Technologies
We use cookies and similar tracking technologies for:
7.1 Essential Cookies (Required)
- Authentication: Keep you logged in (tq_session cookie)
- Security: CSRF protection, fraud prevention
- Session management: Maintain your active session
These cookies are necessary for the Service to function and cannot be disabled.
7.2 Analytics Cookies (Optional)
- Usage analytics: Track feature usage, page views, session duration
- Performance monitoring: Identify bugs and slow pages
- Product insights: Understand user behavior and feature adoption
You can opt-out of analytics cookies through your browser settings.
7.3 Third-Party Cookies
- Stripe: Payment processing and fraud detection
- OpenAI: API usage tracking
- Hosting providers: Performance and security monitoring
Cookie Lifespan
- Session cookies: Deleted when you close your browser
- Persistent cookies: Stored for up to 365 days (authentication) or 90 days (analytics)
Managing Cookies
You can control cookies through your browser settings:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Preferences > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
Note: Disabling essential cookies will prevent you from using the Service.
8. Children's Privacy (COPPA)
Our Service is not intended for children under 18 years of age.
We do not knowingly collect personal information from children under 18. If you are under 18, do not:
- Register for an account
- Use the Service
- Provide any personal information
If we learn that we have collected personal information from a child under 18, we will delete that information immediately. If you believe we have inadvertently collected information from a child, contact us at privacy@standingapplause.com.
9. International Data Transfers
Our Service is operated from the United States. If you access the Service from outside the U.S., your data will be transferred to, stored in, and processed in the United States.
United States Privacy Laws
The United States may not provide the same level of data protection as your home country. By using the Service, you consent to the transfer of your data to the United States.
European Users (GDPR)
For data transfers from the EU to the U.S., we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Your explicit consent for data transfer
If you are located in the EU and have concerns about data transfers, contact us at privacy@standingapplause.com.
10. Changes to Privacy Policy
We may update this Privacy Policy from time to time. Changes will be effective:
- Immediately for non-material changes (e.g., formatting, contact information)
- 30 days after notice for material changes (e.g., new data uses, third-party sharing)
Notice of Changes
We will notify you of material changes by:
- Posting the updated Privacy Policy on our website with a "Last Updated" date
- Sending an email to your registered email address
- Displaying a prominent notice in your dashboard
Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
11. Contact Us
For questions or concerns about this Privacy Policy or our data practices, contact us:
For EU residents, you have the right to lodge a complaint with your local supervisory authority if you believe we have violated GDPR.