Privacy Policy

Introduction

Strategy9, Inc. ("Strategy9," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our suite of enterprise marketing and data solutions, including PlayerIQ, EmailIQ, SurveyIQ, WiFiIQ, RaffleIQ, EmployeeIQ, and TableIQ (collectively, our "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Services:

• Account Information: Name, email address, phone number, company name, job title, and business address
• Customer Data: Information about your customers that you upload to our Services, including names, email addresses, phone numbers, player/loyalty card numbers, preferences, and demographic information
• Payment Information: Billing address and payment method details (processed securely through our payment processors)
• Communications: Information in messages you send to us, including support requests, survey responses, and feedback
• Marketing Content: Email campaigns, survey questions, promotional materials, and other content you create using our Services

1.2 Information We Collect Automatically

When you access our Services, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
• Usage Information: Pages viewed, features accessed, time spent on pages, links clicked, and navigation paths
• Log Data: Server logs, error reports, and performance metrics
• Location Information: General geographic location based on IP address
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 1.3)

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to provide, maintain, and improve our Services. Cookies are small data files stored on your device that help us:

• Authenticate users and prevent fraudulent use
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Provide personalized content and features
• Measure the effectiveness of our marketing campaigns

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of our Services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Maintaining Our Services

• Process and fulfill your requests and transactions
• Provide customer support and respond to inquiries
• Send transactional emails and service-related communications
• Authenticate users and maintain account security
• Process payments and prevent fraud

2.2 Improving and Developing Our Services

• Analyze usage patterns and user behavior
• Develop new features and functionality
• Conduct research and testing
• Monitor and improve performance, security, and reliability

2.3 Marketing and Communications

• Send marketing communications about our Services (with your consent where required)
• Provide information about updates, new features, and special offers
• Conduct surveys and gather feedback
• Personalize your experience with our Services

2.4 Legal and Security Purposes

• Comply with legal obligations and respond to legal requests
• Enforce our Terms of Service and other agreements
• Protect against fraud, abuse, and security threats
• Resolve disputes and investigate complaints

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers (Microsoft Azure)
• Payment processors and financial institutions
• Email delivery services
• Customer support platforms
• Analytics and monitoring services
• Security and fraud prevention services

These service providers are contractually bound to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If Strategy9 is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, or search warrant)
• Government or law enforcement requests
• National security or public safety requirements
• Protection of our legal rights and interests
• Investigation of fraud, security issues, or violations of our Terms of Service

3.4 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for business purposes such as industry analysis, benchmarking, and research.

4. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• SOC2 Type 1 Certification: Our security practices have been independently audited and certified
• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Role-based access controls and multi-factor authentication
• Infrastructure Security: Hosted on Microsoft Azure with enterprise-grade security
• Regular Security Assessments: Vulnerability scanning, penetration testing, and security audits
• Employee Training: Security awareness training for all personnel
• Incident Response: Documented procedures for handling security incidents

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

• The nature of the information
• Our business relationship with you
• Legal and regulatory requirements
• Our legitimate business interests

When information is no longer needed, we securely delete or anonymize it. If deletion is not immediately possible (e.g., due to backup storage), we securely store the information and isolate it from further processing until deletion is possible.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request access to the personal information we hold about you and, where applicable, receive a copy in a portable format.

6.2 Correction and Update

You can update your account information at any time through your account settings. You may also contact us to request corrections to your personal information.

6.3 Deletion

You may request deletion of your personal information, subject to certain exceptions where we must retain information for legal or business purposes.

6.4 Opt-Out of Marketing

You can opt out of receiving marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us directly. Note that you may still receive transactional and service-related communications.

6.5 Cookie Preferences

You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

6.6 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. Our Services currently do not respond to DNT signals, as there is no industry standard for how to respond to such signals.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt out of the "sale" of your personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us at privacy@strategy9.com or call 1-855-838-3999. We will verify your identity before processing your request.

California Shine the Light Law: California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As stated above, we do not share personal information with third parties for their direct marketing purposes.

8. International Users and GDPR

Our Services are primarily intended for users in the United States and Canada. If you are accessing our Services from outside North America, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and central database are located.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). If you are in these regions, you have additional rights:

• Legal Basis: We process personal data based on contract necessity, consent, legitimate interests, or legal obligations
• Data Protection Officer: Contact our privacy team at privacy@strategy9.com
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict: Request restriction of processing in certain circumstances
• Right to Lodge Complaint: File a complaint with your local data protection authority

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@strategy9.com.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

This Privacy Policy applies only to information collected by Strategy9 through our Services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the updated Privacy Policy on our website
• Notify you via email or through our Services if the changes are material

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: