StressSense Privacy Policy

Last updated: December 16, 2025

This policy describes what data StressSense processes, why we do it, who we may share it with, and what rights users have. We follow data minimization principles: we collect only what is necessary to provide the Service.

1. Who we are

StressSense is a service for assessing and monitoring workplace stress in companies.

Privacy contact:

  • Email: QuadrantStress@proton.me
  • Telegram channel: @QuadrantStress
  • Telegram manager: @QuadrantManager

2. What data we process

We may process the following categories of data:

2.1. Account and organization data

  • name (or display name), work email;
  • role in the organization (employee/manager/admin);
  • company/team/department affiliation;
  • profile settings (interface language, etc.).

2.2. Service usage data

  • product events (e.g., sign-in, navigation, button clicks);
  • technical session parameters (e.g., session identifiers);
  • survey-related settings (periods, selected filters), if applicable.

2.3. Technical and security data

  • IP address and request timestamps (for security and incident investigation);
  • browser/device data (browser type, OS, approximate device characteristics).

2.4. Survey data and stress metrics

  • survey responses and related metrics;
  • aggregated results and reports (e.g., by team/period).

Important: individual employee responses are not disclosed to other users as "who answered what." Managers/admins see aggregated results and trends (unless organization settings provide otherwise).

3. How we use data

  • providing and supporting StressSense features (surveys, reports, metrics, dashboards);
  • ensuring security, preventing abuse, and investigating incidents;
  • improving the product using anonymized analytics (e.g., which features are used more often);
  • supporting users and handling requests.

4. Legal bases for processing

If applicable, we process data on the following bases:

  • performance of a contract (providing the Service to the user/organization);
  • legitimate interests (security, service improvement, abuse prevention);
  • consent (for analytics/marketing cookies, if used);
  • legal obligations (when the law requires storage or disclosure).

5. Data sharing and recipients

We may share data with providers who help us operate the Service (e.g., hosting, data storage, analytics, notifications) under contract and only to the extent necessary to deliver the Service.

We may also disclose data:

  • in response to lawful requests by public authorities;
  • to protect the rights and safety of users and the Service, when necessary and lawful.

(Optional) A list of key providers/subprocessors may be published separately in a “Subprocessors” section.

6. Use of AI

StressSense may use AI tools to generate insights and recommendations. We aim to send the minimum necessary information to AI, preferably aggregated and anonymized data, and do not send data that is not required for the task (e.g., passwords). If the organization enables AI features, results may be used to generate reports and in-product suggestions.

7. Data retention

  • while the account/organization is active and necessary to provide the Service;
  • security logs for a reasonable period to investigate incidents;
  • after account/organization deletion, data is deleted or anonymized within a reasonable time unless law requires otherwise;
  • aggregated statistical data may be retained longer if it cannot be linked to a specific user.

8. Cookies

We use cookies and similar technologies:

  • essential — for session operation and core functionality;
  • analytics/marketing — only if enabled and with consent where required.

Cookie settings may depend on region and organization configuration.

9. International transfers

Data may be processed in countries where our providers are located. We require appropriate safeguards and, where applicable, use contractual mechanisms for international data transfers.

10. User rights

Depending on applicable law, you may have the right to:

  • access your data and obtain a copy;
  • correct inaccuracies;
  • delete data;
  • restrict processing or object to it;
  • receive data in a portable format (if applicable);
  • withdraw consent (where processing is based on consent).

To exercise your rights, contact support with your account email, organization (if applicable), and the request details. We will respond within a reasonable timeframe.

11. Policy changes

We may update this policy. The update date is shown above. Material changes will be communicated to users/organizations when required by law or reasonably expected.