How it WorksFeaturesFAQ

Staffed Privacy Policy

Effective Date: December 26, 2025

Last Updated: December 26, 2025

This Privacy Policy ("Policy") explains how Tran Institute of Technology ("Staffed," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Staffed website, mobile application, and related services (collectively, the "Service").

Contact: info@staffed.me

Quick Summary

  • Staffed helps you generate draft replies from content you choose to provide. Staffed does not automatically send messages.
  • Your business Knowledge Base (documents and approved facts you add) is siloed to your account/workspace.
  • We do not use your Inputs or Knowledge Base content to train general/public AI models.
  • We use Firebase Analytics for product analytics and reliability; we do not use it for targeted advertising.

1. Scope

This Policy applies to information processed by Staffed in connection with the Service, including:

  • information you provide directly (account details, support requests);
  • information you submit for processing (copied text, screenshots, documents); and
  • information collected automatically (device, analytics, and diagnostics data).

This Policy does not cover third-party services you use alongside Staffed (e.g., messaging platforms, app stores). Those providers have their own privacy policies.

2. Information We Collect

2.1 Account and Authentication Information

We may collect:

  • Account information: name (if provided) and email address.
  • Authentication identifiers/tokens: identifiers and tokens associated with federated authentication providers (e.g., Sign in with Apple / Google sign-in).

Note: When you use federated authentication, your password is handled by the provider; Staffed does not store your raw password.

2.2 Customer Content: Inputs and Knowledge Base

The Service processes content you choose to provide. This content may include personal data about your customers or contacts.

(a) Inputs

"Inputs" may include:

  • copied/pasted text (e.g., a customer inquiry you copied);
  • screenshots and images (e.g., screenshots of conversations); and
  • documents you upload or import (PDFs, text files).

(b) Knowledge Base (Stored Business Data)

The Service may store business context you provide so the Service can draft better replies for your business. This may include:

  • uploaded documents (e.g., pricing PDFs, policies, FAQs);
  • structured business facts you enter or approve (e.g., hours, location, rules); and
  • approved corrections/edits saved to improve future drafts for your account/workspace.

Business-user responsibility (processor framing): If you use Staffed for business purposes, you control what Customer Content is submitted to the Service and are responsible for ensuring you have the necessary rights and consents (including any customer permissions required by law) to provide Customer Content for processing.

2.3 Photos and "Recent Screenshots" (If You Enable Permission)

If you enable photo library permissions, Staffed may access recent screenshots to support the screenshot-based workflow. This is designed to reduce manual steps when you choose to draft a reply from a screenshot.

  • We do not access your photos without your permission.
  • You can limit or revoke photo access in your device settings at any time (including using iOS "Limited Photos" controls, where available).

2.4 Support Communications

We may collect support emails/messages and related troubleshooting information you provide.

2.5 Billing and Subscription Information

If you purchase via Apple, Staffed does not receive your full payment card details. Apple provides us information such as subscription status and renewal events as needed to operate the Service.

2.6 Information Collected Automatically (Analytics, Device, Usage, Diagnostics)

We may collect:

  • Device information: device model, OS version, app version, language, time zone.
  • Usage/interaction data: feature usage, timestamps, interaction events (e.g., which features were used, in-app navigation/events).
  • Diagnostics: crash logs and performance metrics.
  • IP address: we may process IP address for security, fraud prevention, abuse detection, and rate-limiting.
  • Firebase Analytics: We use Firebase Analytics to collect usage and device/app information to understand how the Service is used and to improve performance and reliability. We do not use Firebase Analytics for targeted advertising.

2.7 Cookies and Similar Technologies (Website)

Our website may use cookies and similar technologies for essential functionality, analytics, and security. You can control cookies via browser settings.

3. What We Collect vs. What We Do Not Collect (Clarity for Messaging Apps)

To avoid confusion about messaging access:

  • We do not read your iMessage/WhatsApp/Instagram messages directly from those apps. The Service relies on what you choose to paste, upload, or submit (including screenshots you choose to process and/or recent screenshots you permit the Service to access).
  • We do not require contacts access for core functionality.

4. How We Use Information

We use information to:

  • provide and operate the Service (generate draft replies based on Customer Content you submit);
  • authenticate users and secure accounts;
  • prevent fraud, abuse, and misuse;
  • monitor reliability and performance (including analytics and crash reporting);
  • improve the Service (product analytics, debugging, feature development), using aggregated and/or de-identified data where feasible;
  • provide customer support;
  • communicate with you (service updates, policy changes, administrative messages); and
  • comply with legal obligations and enforce our terms.

5. How AI Processing Works

5.1 Human-in-the-Loop

Staffed generates draft replies. You remain responsible for reviewing, editing, approving, and sending any message.

5.2 Data Isolation and Model Training

  • Account/workspace isolation: Your Knowledge Base and saved business facts are logically siloed to your account/workspace.
  • No general/public model training on Customer Content: We do not use your Inputs, Knowledge Base content, or customer conversation content to train general-purpose or public AI models.
  • Business-specific learning (within your account): We may store facts you approve and edits you make so the Service works better for your business over time.

If we ever offer an optional program that uses additional content for broader model improvement, we will provide a clear opt-in mechanism and describe it at the time of choice.

6. How We Share Information

6.1 Service Providers (Processors)

We use vendors to help operate the Service (e.g., hosting, authentication, analytics, diagnostics, and AI inference). These providers process information on our behalf under contractual obligations to protect it and use it only to provide services to us.

Primary sub-processors (current as of the "Last Updated" date):

  • Google (Gemini / Google Cloud): AI inference to generate drafts from Customer Content you submit.
  • Google Firebase (including Firebase Authentication and Firebase Analytics): authentication and analytics infrastructure (and, if enabled in our configuration, diagnostics such as crash reporting).

We may update this list over time. Please check this page for changes.

6.2 Legal and Safety

We may disclose information if necessary to comply with law or lawful requests, enforce our terms/policies, or protect rights, safety, and security of Staffed, our users, or the public.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

6.4 With Your Direction

We may share information when you request or authorize it (for example, when you connect a third-party integration).

7. Targeted Advertising, Tracking, and Do Not Track

  • We do not sell your personal information.
  • We do not use Customer Content (Inputs or Knowledge Base data) for targeted advertising.
  • We do not "track" you for targeted advertising as that term is commonly used to mean linking your data with third-party data across apps/websites for advertising purposes. If we ever introduce tracking that requires consent under applicable platform rules (e.g., Apple ATT), we will request permission where required and update our disclosures.
  • Some browsers offer "Do Not Track" signals; there is no universal standard for responding, so we do not currently respond to DNT signals in a standardized way.

8. Legal Bases for Processing (EEA/UK and Similar Regions)

Where applicable laws require a legal basis, we process personal information based on:

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure, maintain, and improve the Service (such as preventing abuse and monitoring performance), where not overridden by your rights.
  • Consent: where required (for example, certain optional features or communications).
  • Legal obligation: to comply with applicable laws and lawful requests.

9. Data Retention

We retain information only as long as necessary for the purposes described in this Policy, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements.

In general:

  • Customer Content / Knowledge Base is retained while your account is active, and is deleted or de-identified within a reasonable period after you delete it or delete your account, subject to legal requirements.
  • Backups: residual copies may persist in backups for a limited period before being overwritten or deleted, consistent with our backup and security practices.
  • Diagnostics and security logs may be retained for a limited period for security and reliability purposes.

10. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. Measures may include encryption in transit, access controls, and monitoring for abuse and reliability issues. However, no system is 100% secure.

11. Your Choices and Rights

11.1 Access, Correction, and Portability

You may be able to access and update certain account information within the app. You may also request access to certain personal information we hold.

11.2 Deletion (Including In-App Account Deletion)

If the Service supports account creation, you can initiate account deletion within the app (for example, through in-app Settings/Account controls). Deleting your account removes the account from our records and deletes associated personal data that we are not legally required to retain.

You may also contact info@staffed.me for assistance with deletion requests.

11.3 Device Permissions (Including Photos)

If the Service uses device permissions (e.g., Photos), you can manage permissions in device settings. If you disable permissions, some features may not work (for example, recent-screenshot workflows).

11.4 Marketing Communications

If we send marketing emails, you can opt out via the unsubscribe link. Service/administrative messages may still be sent.

11.5 U.S. and California Privacy Rights

Depending on your jurisdiction, you may have rights such as access, correction, deletion, and opting out of certain data sharing where applicable. We do not sell personal information in the traditional sense. If any activity is considered "sharing" under applicable California law for cross-context behavioral advertising, we will provide an appropriate opt-out mechanism.

To exercise rights, contact info@staffed.me. We may need to verify your identity before fulfilling requests.

12. Sensitive Data

Please do not submit sensitive information (e.g., government IDs, health data, or financial account numbers) unless it is necessary for your intended use and you have a lawful basis to provide it.

13. Children's Privacy

The Service is not directed to children under 13 (or under 16 where applicable law sets a higher threshold). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact info@staffed.me and we will take appropriate steps.

14. International Transfers

If you access the Service from outside the United States, your information may be processed and stored in the United States or other jurisdictions where we or our service providers operate. These jurisdictions may have different data protection laws.

15. Third-Party Links and Services

The Service may link to third-party websites or services. We are not responsible for their privacy practices. Review their privacy policies before providing information.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., in-app or via email). The "Last Updated" date reflects the effective date of the latest version.

17. Contact Us

If you have questions or requests about this Policy, contact:

Tran Institute of Technology

Email: info@staffed.me