Privacy Policy

Last updated: July 12, 2025

Introduction:
The Circular Leader Company ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data our mobile application (the "App" or "Service") collects, how we use and store that data, and the choices you have regarding your information. We adhere to applicable privacy laws and App Store guidelines in handling your data. By using the App, you agree to the practices described in this Policy.

Information We Collect

1. Account Information: When you create an account, we collect personal identifiers such as your name, email address, and a password. This information is provided directly by you and is necessary to register and use the App. We do not collect any data from your device without your knowledge, and we only ask for information essential to provide our services (in line with Apple’s data minimization principles).

  • Name and Email Address: Used to personalize your account and to communicate with you (e.g. sending verification codes and service emails).
  • Password: Used for authentication. (Note: Passwords are stored in an encrypted form and cannot be viewed in plain text by us.)

2. Team and Organization Information: If you choose to create a team within the App, we collect the team name, organization name, and organization domain (typically inferred from your email domain). This information is stored securely and used to support the App’s team features, such as generating reports and enabling optional comparisons within an organization.

  • Team Name & Organization Name: Help organize data and label reports that are shown in the App or printed at your request.
  • Organization Domain: Used to group users from the same organization and enable certain comparison features (described below). We pre-fill this from your email domain for convenience, and you can edit it if needed.

3. Survey Information (Provided by Users): When you initiate a survey through the App, we collect details about the survey itself, such as the survey completion date and time you select. We store this information in our secure database and use it to schedule the survey and label the results in reports that you can view or print.

  • Survey Invitation Links: When you create a survey, the App generates a unique URL for the survey. You may share this link with others (e.g. team members or employees) via third-party communication tools of your choice (such as WhatsApp, SMS, or email). Important: We do not collect or store the contact information of your invitees. The App does not see or record the phone numbers, email addresses, or any other contact data of the people you invite via the survey link – that sharing happens outside our App.

4. Survey Response Data (Provided by Participants): If someone clicks your survey link and becomes a survey participant, they will be presented with a web-based survey form. We collect the responses they choose to submit. This Response Data may include the following categories:

  • Environmental Opinions: 25 numeric ratings between 0 and 100, each corresponding to a question about the participant’s work environment (e.g., office conditions, tools, etc.).
  • Productivity Opinions: 6 numeric ratings (0–100) about various aspects of the work team’s productivity.
  • Demographic Information (Optional): Up to 4 responses about the participant’s gender, age range, years of work experience, and management role (whether they have direct reports). These questions are clearly marked "Optional." Participants can choose from predefined options (for example, age ranges like "16–20 years") or skip them. Providing demographic data is not required to complete the survey.
  • Feedback Information (Optional Free-Text): An open-ended comment field where participants may provide additional feedback or remarks. This question is also marked "Optional," and participants may leave it blank.

We do not collect any directly identifying personal information (such as name or email) from survey participants through the survey form. Survey participants remain anonymous to us except for the data points they provide in the survey responses.

5. Device and Usage Data: Like many apps, we may automatically collect certain technical information to improve the Service’s reliability and user experience. This may include:

  • Device Information: e.g. device type, operating system version, and unique device identifiers.
  • App Usage Data: e.g. features you use, pages or screens viewed, and the dates/times of usage.
  • Log Information: e.g. IP address and error logs when the app crashes or encounters issues.

This data helps us troubleshoot issues, perform analytics, and enhance the App. For example, we might use a trusted third-party analytics tool to understand aggregate usage patterns or crash reporting (with providers like Google Analytics for Firebase or similar services). Any such third-party tools are configured not to collect personally identifiable information beyond what is necessary for their function, and they are obligated to protect your data (see “Data Sharing” below). You can disable certain analytics by adjusting your device settings or opting out if the App provides such an option.

Cookies: The App itself does not use tracking cookies. However, if you visit our website or the web survey page, we may use minimal cookies or similar technologies to ensure the survey functions properly and to remember your progress. These cookies, if used, are typically session cookies that expire after a short time and are not used for advertising or profiling.

How We Use Your Information

We use the collected information solely to provide and improve the Service and not for any unrelated purposes. Specifically:

  • Account Authentication & Security: We use your email and password to create and secure your account, and to verify your identity at login. For example, we will compare the email and encrypted password you enter with our stored records to authenticate you. We may also send an email verification code to your address during sign-up or when you reset your password, to ensure the email belongs to you.
  • Providing the Service: All data you provide (account info, team info, survey info, and responses) is used to operate the App’s core features. This includes creating teams and organizations, scheduling surveys, collecting responses, and generating results. For instance, the survey date/time you set is used to trigger the survey, and the Response Data is used to calculate aggregate scores and insights for your team.
  • Generating Reports and Insights: We process Response Data to create aggregated reports. No individual’s answers are disclosed in isolation. The App is designed to only display survey results in an aggregated format. Specifically, we never show a single person’s response on its own – responses are combined with at least two other participants’ answers (for a minimum of three responses total) to compute averages or summary statistics. This ensures that individual participants remain anonymous in the reports. For example, if only two people have taken a survey, the App will not display any results until a third response is received, to preserve confidentiality. Any demographic information, if used in reporting, is also aggregated (e.g. percentage of respondents in each age range, but not tied to any identity).
  • Email Communications: We use your name and email to send you necessary communications about the Service. These include verification emails, password reset emails, and notifications you explicitly request (such as a summary report emailed to you). We might also send account-related alerts (for example, a notice of policy updates or security notifications). We do not send marketing or promotional emails unless you have opted in to receive such newsletters. If you opt-in, you can unsubscribe at any time via the unsubscribe link in those emails.
  • User Support: If you contact us for help, we will use the information you provided (such as your email and any details about an issue) to assist you. We may also review your relevant data in our system (e.g. your account or error logs) to troubleshoot.
  • Improvement and Research: We may use the information (particularly aggregated, non-identifiable data) to understand how our App is used and to improve our services. For example, technical data and usage patterns help us identify what features are popular or if any part of the app is confusing, so we can enhance it. We may also analyze Response Data in aggregate to identify trends in work environment opinions or productivity (e.g. average scores across all users). All such analysis is done on anonymized or aggregated datasets. We never use your personal information (like your name or email) in any published research or insights. Any publication or sharing of trends will be in an aggregated form that cannot be traced back to you or your organization.
  • Optional Comparative Features: If you choose, the App offers features to compare your team’s aggregated results with others:
    • Within Your Organization: If you opt-in to organizational sharing, your team’s aggregated scores may be anonymously compared with other teams in your organization (identified by having the same organization domain in their email). This can let users in the same organization see how their team is doing relative to others, but only if a minimum threshold is met (at least 3 teams or 3 users in that org domain, ensuring no single team’s data stands out in isolation). Even in these comparisons, teams are typically labeled generically or anonymously (e.g., “Team A vs Team B”), and individual responses are never exposed.
    • Industry Benchmarking: We may also offer an opt-in feature where your team’s aggregated data can be combined with data from a large pool of other teams (1,000 or more teams) to calculate percentile or decile rankings. For example, you might see that “Your team’s score is in the top 20th percentile compared to a benchmark of 1,000+ teams.” This feature is completely optional. If you enable it, your team’s data is included anonymously in the large benchmark dataset. The comparisons are statistical — no specific team names or personal details are revealed in the benchmark. You can disable this at any time if you no longer wish to participate.
  • Compliance with Law and Enforcement: Lastly, we may use or disclose information as necessary to comply with legal obligations, such as responding to lawful requests by public authorities or court orders, or to enforce our Terms of Service and investigate fraud or security issues. (See Data Sharing below for more on this.)

We will not use your data for any purpose that is not disclosed in this Privacy Policy without obtaining your consent first. We do not use your personal data for advertising or tracking across other apps/websites, and we do not sell your information.

How We Share Your Information

We value your privacy. We do not sell your personal information to third parties and we do not share it with third parties for their own marketing purposes. We only share your information in the following circumstances:

  • Service Providers (Processors): We use reputable third-party companies to help us deliver the Service. This includes: cloud hosting and data storage providers, database services, email delivery services (for sending verification codes or reports you request), analytics/crash reporting services, and similar support tools. These third-party providers act under our instruction to process your data on our behalf and for no other purpose. We ensure that any service providers we use are vetted for strong security and privacy practices. They are bound by contracts to safeguard your information and are not permitted to use your data for anything outside the scope of the services they are providing to us. For example, if we use a cloud database service to store data or an email service to send emails, those providers cannot access or use your data except as needed to perform those specific tasks.
  • Within Your Organization (Optional): As noted, if you opt-in to organization-wide comparisons, some of your team’s aggregated survey results may be visible to other users in your organization (users sharing the same verified email domain). No personal user data (like your name or email) is shared with other users, only the team-level survey results and only when anonymity thresholds are met. This internal sharing is fully under your control via settings.
  • Aggregated or Anonymized Data: We may share insights derived from collective data, as long as it is aggregated and anonymized. “Aggregated” means it is combined with data from many users/teams, and “anonymized” means all personal identifiers (like names, emails, team names) have been removed. For instance, we might publish a report that “On average, teams in the tech industry scored X on environmental factors,” or partner with academic researchers to analyze broader trends. In doing so, we never disclose any information that could identify you or your team. Any sharing with researchers (e.g., an accredited university study) or publications will use only Aggregated Anonymous Data, which cannot be traced back to any individual or organization. We contractually require any research partner to protect the data and use it only for the agreed research purpose. To be clear, we cannot and will not publicly identify you as the source of any such aggregated data.
  • Legal Compliance and Protection: We may disclose personal information if we in good faith believe such action is necessary to: comply with the law or legal process (e.g., responding to a subpoena or court order); protect and defend our rights or property; prevent fraud or abuse of our services; protect the safety of our users or the public. If we are required by law to disclose any of your data, we will attempt to notify you (unless legally prohibited or the request is an emergency).
  • Business Transfers: If our company is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, user information (which may include your personal data) could be transferred to a successor or affiliate as part of that deal. If such a transfer occurs, we will ensure the new entity honors the commitments we have made in this Privacy Policy regarding your personal information, or we will notify you and give you an opportunity to opt out or delete your data before the transfer.
  • With Your Consent: Aside from the cases above, if we ever need to share your information for any other purpose, we will ask for your consent. For example, if we wanted to use a testimonial you provided, or involve a new data sharing that isn’t covered by this policy, we would obtain your explicit permission.

Note about Survey Participants’ Data: Survey responses collected from invitees are treated with strict confidentiality. The survey creator (our App user) will only see aggregated results as described, never a breakdown that would expose individual participant’s answers. We do not provide any feature for our customers to deanonymize respondents. Participants’ anonymity is a core design of our Service.

Data Security

We take data security seriously and follow industry best practices to protect your information. We have implemented administrative, technical, and physical safeguards to guard against unauthorized access, alteration, disclosure, or destruction of data. Some of the key security measures we employ include:

  • Encryption in Transit: All communications between the App (or the survey web page) and our servers are encrypted using strong protocols (such as HTTPS over TLS). This means any data you send us (or we send to you) is encrypted using modern standards (e.g., AES-256 encryption with TLS) to prevent eavesdropping. In simple terms, if someone were to intercept the data being transmitted, it would be unreadable to them.
  • Encryption at Rest: Your personal data (including all survey responses and account information) is stored in an encrypted form in our database. We use AES-256 encryption for data “at rest” (i.e., in the database or storage), which is a robust encryption standard. This adds an extra layer of protection in the unlikely event of unauthorized access to the storage.
  • Access Controls: We limit access to personal data strictly to personnel and service providers who need it to operate or support the Service. For example, our staff can only access user data when necessary to support you or maintain the system, and even then, they are bound by confidentiality obligations. Administrative access to systems is protected with strong authentication and regularly reviewed.
  • Security Testing and Updates: We regularly update our application and backend systems with security patches and improvements. We also conduct periodic security assessments. Any vulnerabilities discovered are addressed promptly.
  • Organizational Practices: We train our team on data protection best practices and ensure that privacy is considered in every new feature (“privacy by design”). We also have an appointed team member responsible for overseeing compliance with privacy and security policies.

Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. However, we do take all reasonable and appropriate steps to secure your data. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect a security vulnerability or unauthorized access), please contact us immediately (see Contact Us below).

In the unlikely event of a data breach that affects your personal data, we will notify you and the appropriate authorities as required by law.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including providing you the Service, or as required by law.

  • Account Data: If you have an account with us, we will keep your account information (such as your name, email, team info) for as long as your account is active. If you decide to delete your account or if it’s inactive for an extended period, we will initiate deletion of your personal data (upon confirmation that you indeed want to delete).
  • Survey Data: Survey responses and related data are generally kept to provide ongoing reporting and historical analytics to you. This data is valuable to track progress over time. However, if you delete your account or specifically request deletion of survey data, we will handle it as described in Your Choices & Rights below. We may retain aggregated statistics that do not identify you after account deletion, as these are not considered personal data (for example, overall benchmarks or averages).
  • Backups: Please note that when we delete data from our live systems, it may still persist in secure backups for a limited time until those backups are rotated out. Our policy is to safely destroy or overwrite old backups containing personal data. During any interim retention in backups, your data remains protected by our security measures.
  • Legal Obligations: We might retain certain information if necessary for legal compliance or legitimate business interests such as resolving disputes or enforcing our agreements. In such cases, we ensure the data is only used for the required purpose and no other.

We continuously review our retention periods. When personal data is no longer needed, we delete it or anonymize it in a secure manner.

Your Rights and Choices

We believe it’s important that you have control over your personal data. Depending on your location and the applicable laws (for example, the GDPR in Europe, or privacy laws in California), you may have certain rights. We extend these rights to all our users as a matter of good practice. These include:

  • Access and Portability: You have the right to request a copy of the personal information we hold about you. We can provide this in a structured, commonly used electronic format. For example, you can ask us for a summary of your account details and team/survey data. If you require, you may also request that we transmit this data to another service provider where technically feasible.
  • Correction (Rectification): If any personal data we have is incorrect or outdated (for example, you change your name or email address), you have the right to correct or update it. Much of your basic information can be updated directly through your account settings in the App. If you need assistance (for instance, to correct team organization details), you can contact us.
  • Deletion (Right to be Forgotten): You can request deletion of your personal data at any time. This can be done, for example, by contacting our support email (see Contact Us). Upon such a request and verification of your identity, we will delete or anonymize your personal information from our records. Anonymization means that instead of simply erasing data that might be part of aggregated insights, we remove any elements that identify you. For instance, if you asked for your data to be deleted, we would delete your account (name, email, etc.), remove your team association from any survey responses, and ensure that no Team Name or personal identifiers remain attached to your past responses. After this process, the remaining data cannot be linked back to you or your team. We may retain anonymized, aggregated data for statistical purposes (e.g., overall survey trends), but nothing that could identify you will remain. Keep in mind that if you request deletion, you will lose access to the Service and any personalized results, as your account will be removed. Some data may remain in backup storage for a short period as noted under Data Retention, but it will be purged in the normal backup cycle.
  • Withdrawal of Consent / Opt-Out: If we are processing your data based on your consent, you have the right to withdraw that consent. For example, if you previously opted in to receive our newsletter or to participate in benchmarking, you can opt out at any time. Each marketing email from us has an “unsubscribe” link. For benchmarking or organization sharing features, you can toggle those settings off in the App or contact support to do so. Withdrawing consent will not affect the lawfulness of any processing we already performed, but we will stop the specific activity going forward.
  • Objection to Processing: In certain cases, you might have the right to object to our processing of your data, especially if we process it under a legitimate interest (for example, for product improvement). If you object, we will review whether our reasons to use your data override your privacy rights, and we will comply with your request unless we have a strong legitimate ground to continue (in which case we will let you know).
  • Restriction of Processing: You can request that we limit the processing of your data in certain situations (for example, if you contest the accuracy of your data or if you want to preserve data for a legal claim). This means we would hold onto the data but not use it until the issue is resolved.
  • Non-Discrimination: If you exercise any of your rights, we will not treat you differently. For instance, if you opt out of benchmarking or ask to delete data, we will not deny you the basic services (except insofar as deletion naturally means we can no longer provide an account).

To exercise any of these rights, please contact us (see Contact Us below). For security, we may need to verify your identity (for example, by confirming you have access to the email associated with your account) before fulfilling your request. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

California Residents: We do not sell your data, and we have described above the categories of information we collect and their uses. California users can contact us for a list of any personal data disclosed to third parties in the prior year (though in our case, such disclosures are only to service providers as explained). We honor the California Consumer Privacy Act (CCPA/CPRA) rights, which largely overlap with the rights described above.

EEA/UK/Swiss Residents: If you are in the European Union, United Kingdom, or certain other jurisdictions, you have the above rights under the GDPR and similar laws. Additionally, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data rights. We encourage you to contact us first so we can address your concerns directly.

Opting Out of Survey Participation: If you receive a survey invite via our Service and prefer not to participate, simply do not fill out the survey. Since our survey links do not require any personally identifying login, not participating ensures no data is collected from you. If you have already submitted a survey response and wish to retract it, please contact us with details of the survey (such as the invite link and approximate submission time) and we will do our best to locate and remove your response, although it will be difficult to identify your specific data since responses are anonymous. We generally cannot link a survey response back to an individual once submitted, but if you have reason to believe your response included identifying information in the free-text feedback and want it removed, let us know.

International Data Transfers

Our Service is operated from Canada, and uses servers and third-party services that may be located in various countries. If you are located outside of the country where our servers are, your personal information will be transferred to and stored in that country. The data protection laws of those jurisdictions might differ from those in your home country. However, we take steps to ensure that your privacy remains protected.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, and we transfer your data internationally, we will rely on approved legal mechanisms to do so. For example, we may use Standard Contractual Clauses or rely on the European Commission’s adequacy decisions, as applicable, to ensure your data receives a level of protection equivalent to that in the EU. By using the App, you understand that your data may be transferred to our facilities and those third parties with whom we share it, as described in this Policy.

Children’s Privacy

Our App and services are not intended for children under the age of 16. We do not knowingly collect personal information from anyone under 16 years old (or the minimum age in your jurisdiction for providing consent to data processing). If you are under 16, please do not use the App or provide any information about yourself. If we learn that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided personal information to us without consent, please contact us so we can remove the data.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of the Policy. If changes are significant, we will provide a more prominent notice (such as a notification within the App or an email alert). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Your continued use of the App after any updates constitutes your acceptance of the revised policy. If you do not agree to the changes, you should stop using the App and you may request that we delete your data as described above.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

The Circular Leader Company
Attn: Privacy Team
Email: support@thecircularleader.app

We will be happy to answer your questions or address any issues you may have. Your privacy is important to us, and we welcome your feedback.

Thank you for trusting The Circular Leader Company with your data. We are committed to keeping that trust by respecting your privacy and keeping your information secure.