1. Scope
This Privacy Policy explains how Stafsus processes personal data in connection with our AI-driven knowledge transfer and employee onboarding platform. Stafsus is provided as a business-to-business (B2B) SaaS service used by organizations to onboard new hires and deliver internal knowledge at scale.
The data controller for an organization's use of Stafsus is typically that organization (our customer). Stafsus acts as a processor, handling data only as instructed by the organization.
2. Data We Process
We process the following categories of data to operate and improve the service:
- Account and organization data: names, email addresses, roles, and tenant identifiers needed to set up and manage workspaces.
- Knowledge base content: documents, SOPs, FAQs, and other materials uploaded by the organization to power the onboarding assistant.
- Interaction data: questions asked by employees and answers generated by the AI assistant, used to operate the service and maintain conversation context.
- Technical and security data: IP addresses, browser types, timestamps, logs, and audit trails used for security, debugging, and compliance.
3. AI and Vendor Models
Stafsus uses large language models (LLMs) to generate answers from the knowledge base content that an organization explicitly uploads and permits for processing. The organization remains responsible for the accuracy, legality, and appropriateness of the content it uploads.
We do not use customer data to train third-party foundation models without explicit consent. Sub-processors are bound by data processing terms that align with this policy.
4. Purpose of Processing
We process data for the following purposes:
- Providing the core onboarding and knowledge transfer service.
- Authenticating users and enforcing role-based access within an organization.
- Maintaining security, detecting abuse, and generating audit trails.
- Supporting customers and troubleshooting technical issues.
5. Data Retention
Account and organization data are retained for as long as the subscription is active, plus a reasonable post-termination period to fulfill legal obligations or resolve disputes. Knowledge base content and interaction logs are retained according to the organization's settings and applicable data processing agreement.
6. Security
We implement industry-standard measures including encryption in transit and at rest, access controls, and regular security reviews. Detailed security practices are available upon request or as specified in the organization's data processing agreement.
7. Your Rights
As an end user (employee) of an organization using Stafsus, please contact your organization's administrator to exercise data subject rights (access, correction, deletion, portability, or restriction). As an organization administrator, you may contact us directly for data-related requests.
8. Contact
For privacy-related questions or to reach our data protection contact, please use the contact details available on the Stafsus website or your organization's account manager.