3. Automated Decision-Making and AI Processing

Caddie uses AI to provide personalized coaching services. This involves:

• Automated analysis of your voice recordings and conversations

• Generation of personalized coaching recommendations based on your interactions

• Pattern recognition to identify areas for professional development

Under applicable laws such as the GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. While our AI coaching involves automated processing, our Services are designed to assist rather than replace human judgment, and the coaching suggestions should be considered recommendations rather than definitive assessments.

You have the right to:

• Request human intervention in the coaching process

• Express your point of view regarding the AI-generated insights

• Contest any automated recommendations you believe are inaccurate

4. Data Sharing and Disclosure

Your Personal Data may be shared with:

• Service Providers:

Third-party vendors providing hosting (Microsoft Azure), customer support, analytics, and payment processing (Stripe). We have data processing agreements in place with these providers to ensure they maintain adequate data protection measures. Some of these providers may be located outside of the United States; we ensure that data transfers to these providers are protected by Standard Contractual Clauses or other appropriate safeguards.

• Affiliates and Partners:

Current or future affiliates or partners for business support, technology improvement, or marketing purposes. This may include assistance with customer service, improving our AI models, or conducting marketing campaigns.

• Legal Authorities:

Law enforcement or regulatory authorities as required by law or legal processes.

• Corporate Transactions:

Parties involved in mergers, acquisitions, or asset transfers, ensuring confidentiality and compliance with this Policy.

5. International Data Transfers

Our primary data storage and processing occur within Microsoft Azure infrastructure, primarily located in the United States. If you access our Services outside the United States, your Personal Data will be transferred internationally. We implement contractual safeguards, including Standard Contractual Clauses (SCCs), to protect your data. These SCCs ensure that your data receives a comparable level of protection as required by your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on approved data transfer mechanisms including:

• Standard Contractual Clauses approved by the European Commission

• Where applicable, binding corporate rules or similar approved mechanisms

• Transfers to countries deemed to provide adequate protection by relevant authorities

6. Data Retention

We retain your Personal Data as long as necessary for providing Services, complying with legal obligations, or for legitimate business purposes. Your audio recordings and associated data are retained no longer than 3 years from your last interaction (defined as your last login or active use of the coaching service), unless legally required otherwise.

Upon account termination or data deletion request, your data is permanently deleted within 14 days. This deletion process includes removing your data from our active databases and ensuring it is also purged from our backup systems within 90 days of the deletion request.

7. Cookies and Similar Technologies

Caddie uses cookies and similar technologies to:

• Authenticate users and maintain sessions (strictly necessary)

• Analyze user behavior to improve services (performance and analytics)

• Provide targeted marketing (with user consent)

You may manage cookie preferences through browser settings or applicable opt-out tools. For more detailed information, please see our Cookie Policy

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

• Access and Export your Personal Data via account settings.

• Correct inaccuracies directly within your account settings.

• Delete your Personal Data by submitting a written request to data@askcaddie.com.

• Object to or Restrict processing under certain circumstances.

• Withdraw consent for processing based on consent.

• Opt-out of direct marketing communications using provided unsubscribe options.

• Receive your personal data in a portable format.

Rights Under Specific Regulations:

For European Economic Area (GDPR):

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

• Rights related to automated decision making and profiling

For California Residents (CCPA/CPRA):

• Right to know

• Right to delete

• Right to opt-out of sale or sharing of personal information

• Right to limit use and disclosure of sensitive personal information

• Right to non-discrimination

To exercise these rights, contact us at data@askcaddie.com. We may require you to verify your identity before processing your request by providing information to confirm your account ownership. We will respond to your request within 30 calendar days. In certain circumstances, we may extend this period by an additional 60 days if necessary, in which case we will inform you of the extension.

You also have the right to lodge a complaint with a supervisory data protection authority in your country of residence, place of work, or where an alleged infringement of applicable data protection law occurs.

9. Security

Caddie employs robust technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit and at rest using industry-standard encryption protocols

• Regular security audits conducted by external cybersecurity experts

• Restricted access protocols to limit data access to authorized personnel only

• Data loss prevention measures to prevent sensitive data from leaving our systems

In the event of a data breach that compromises your Personal Data, we will notify affected users without undue delay, typically within 72 hours of becoming aware of the breach, as required by applicable law. This notification will include information about the nature of the breach and recommendations for mitigating potential adverse effects.

10. Third-Party Links

Our Services may link to third-party websites or services whose privacy practices differ. We are not responsible for third-party content or practices, including their data collection practices. Review their respective privacy policies before interacting.

11. Children's Privacy

Caddie's Services are intended solely for professionals aged 18 and above. We do not knowingly process data from minors under 18. If we become aware of accidental data collection from a minor, we will promptly delete such information and take steps to prevent future occurrences.

If you believe we may have collected information from a minor, please contact us immediately at data@askcaddie.com

12. Updates to This Privacy Policy

We may periodically update this Policy. Significant changes will be communicated via our platform or directly through email notifications at least 30 days before they take effect. We will also maintain a version history of the privacy policy to track changes over time at www.askcaddie.com/privacy-policy/history.

13. Contact Information

For questions, exercising privacy rights, or other inquiries related to this Policy, please contact:

Data Protection Officer

Crew Analytics Inc. (dba Caddie) 

Email: data@askcaddie.com

Our Data Protection Officer can be reached directly at dpo@askcaddie.com for privacy-specific concerns.