SurveyStraight LLC, doing business as Verslee ("Verslee," "we," "us," or "our"), operates an audience intelligence platform that enables leaders to ask questions to any group and receive AI-synthesized perspectives from the responses. Responses are collected in three ways: (1) audience members receive questions via email and reply directly in their email client, with each reply triggering the next question in sequence; (2) audience members participate through a private web link shared by the leader; or (3) a leader uploads a CSV of responses previously collected through a third-party survey tool (e.g., Qualtrics, Google Forms, SurveyMonkey). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our platform and website (collectively, the "Services").
Verslee acts as a Data Controller with respect to information collected directly from leaders and account holders. Where Verslee processes personal information on behalf of an organization — including when a leader uploads a CSV of survey responses collected from their own respondents — Verslee acts as a Data Processor and that organization acts as the Data Controller. Organizations using Verslee to process their employees' or customers' data should execute a Data Processing Agreement with us prior to use — contact cookc.steve@gmail.com.
We collect the following categories of personal information, using the classifications defined under the California Consumer Privacy Act (CCPA):
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, account ID, IP address; email addresses of audience members provided by leaders for email-based delivery | Yes |
| Commercial information | Subscription status, plan type, billing history | Yes |
| Internet / electronic activity | Usage logs, feature interactions, session data, platform analytics | Yes |
| Professional information | Job title, organization name, role (provided voluntarily) | Yes |
| Content and communications | Questions submitted by leaders; responses provided by audience members via web link or CSV upload; messages sent through the platform | Yes |
| Inferences | Aggregated audience sentiment, synthesized perspectives derived from responses | Yes |
| Sensitive personal information | Information that may appear within free-text responses (see Section 10) | Incidentally |
| Biometric data | Not collected | No |
| Geolocation data | Not collected beyond IP-derived country | Limited |
We collect this information when you create an account, use the Services, communicate with us, when audience members submit responses directly through the platform, or when a leader uploads a CSV of third-party survey responses. CSV-imported responses are assigned anonymous identifiers immediately upon upload — no participant name, email, or other identifier from the original survey file is stored.
We process your personal information for the following purposes. Where the GDPR applies, we identify the lawful basis for each purpose.
| Purpose | Lawful Basis (GDPR) |
|---|---|
| Providing and operating the Services, including processing questions and synthesizing responses | Performance of contract |
| Delivering questions to email audience members and routing their replies through the conversation thread on behalf of the leader | Performance of contract / Legitimate interests |
| Account management and authentication | Performance of contract |
| Communicating with you about your account, updates, and support | Performance of contract / Legitimate interests |
| Improving platform functionality, training and fine-tuning AI models, creating vectorized datasets, and research and development | Legitimate interests (we have conducted a balancing assessment and can provide a summary upon request) |
| Generating aggregate and anonymized insights | Legitimate interests |
| Security, fraud prevention, and abuse detection | Legitimate interests / Legal obligation |
| Compliance with applicable law | Legal obligation |
| Responding to legal process and enforcing our agreements | Legal obligation / Legitimate interests |
Responses submitted by audience members are processed to remove personally identifiable information before analysis and storage ("Anonymous Data"). From Anonymous Data, Verslee generates derived assets including vectorized embeddings, cluster labels, sentiment scores, topic models, and AI model weights ("Derived Assets"). Anonymous Data and Derived Assets are proprietary assets of Verslee. We employ technical and organizational measures designed to prevent re-identification, including aggregation thresholds, identifier removal, and access controls.
Verslee retains Anonymous Data and Derived Assets in perpetuity and may use them for all legitimate business purposes including improving platform functionality, training and fine-tuning AI models, generating aggregate insights, research and development, and future commercialization. Verslee does not currently sell or license Anonymous Data or Derived Assets to third parties. If that changes, this policy will be updated and users will receive at least 30 days' advance notice before any such practice begins.
We do not sell your Personal Information. We may share your personal information with the following categories of third parties:
We do not share your Personal Information with third parties for their independent direct marketing purposes without your explicit consent.
We do not sell, rent, or lease your Personal Information to third parties.
We do not currently sell or license Anonymous Data or Derived Assets to third parties. We retain Anonymous Data and Derived Assets as proprietary platform assets as described in Section 4. Verslee reserves the right to commercialize Anonymous Data and Derived Assets — including through data licensing agreements — in the future. If this practice begins, we will update this policy and notify users with at least 30 days' advance notice before any such practice commences.
In the past 12 months, we have not sold any personal information, anonymous data, or derived assets as defined under CCPA. We have shared personal information with service providers as described in Section 5 for operational purposes.
Verslee is based in the United States. Our infrastructure providers (Supabase on AWS, Railway) process data in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal information will be transferred to and processed in the United States.
Where required, we rely on appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission. To obtain a copy of the relevant transfer mechanism, contact cookc.steve@gmail.com.
We retain your personal information for as long as your account is active and for a reasonable period thereafter to fulfill the purposes described in this Policy. Specifically:
Your right to full deletion: Upon a verified deletion request, Verslee will permanently delete all personal information we hold about you — including account data, conversation history, response text, and any identifiable fields — within 45 days. The only data that persists after deletion is anonymized, differentially-private embeddings that have been mathematically transformed to prevent re-identification. These embeddings contain no text and cannot be linked back to you.
Regardless of location, you may contact us at cookc.steve@gmail.com to access, correct, or delete your personal information. We will respond within 45 days. For complex requests we may extend this by an additional 45 days with notice.
If you are a California resident, you have the following rights:
To exercise California rights, contact cookc.steve@gmail.com with subject line "California Privacy Request" or see Section 14 for opt-out.
If you are located in the EEA or UK, you have the following rights under the GDPR:
To exercise GDPR rights, contact cookc.steve@gmail.com with subject line "GDPR Data Request." We will respond within one month, with a possible two-month extension for complex requests.
Our platform collects free-text responses from audience members. These responses may incidentally contain sensitive personal information as defined under CPRA — including information about health conditions, racial or ethnic origin, religious beliefs, political opinions, financial situation, or other sensitive categories — when participants choose to share such information.
We do not intentionally collect sensitive personal information and we do not use it for purposes beyond operating the platform. Audience members retain the right to limit our use of sensitive personal information to what is necessary to perform the Services. To exercise this right, contact cookc.steve@gmail.com.
During our beta program, we provide access to the Verslee platform at no cost in exchange for participation and feedback. This constitutes a financial incentive tied to the collection and use of personal information under CCPA.
The value of this incentive reflects the reasonable value of the beta access provided, which would otherwise be offered at a subscription price to be determined at commercial launch. Participation in the beta is voluntary and you may withdraw at any time by deleting your account, without penalty to any future paid access.
We implement technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest (AES-256), access controls, row-level database security, and regular security reviews. However, no system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law — within 72 hours to EU supervisory authorities under GDPR, and without undue delay to affected individuals.
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a minor, contact cookc.steve@gmail.com and we will delete it promptly.
Under CCPA, California residents have the right to opt out of the sale or sharing of their personal information. As noted in Section 6, we do not currently sell Personal Information or Anonymous Data. If that changes in the future, this section will be updated and users notified in advance.
To submit a Do Not Sell or Share request for any current or future data practices:
We will process your request within 15 business days and confirm by email. Your opt-out will apply prospectively. We will not discriminate against you for submitting this request.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by updating the "Last Updated" date at the top of this page. We will provide at least 30 days' notice before material changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
For any questions, requests, or concerns regarding this Privacy Policy or our data practices, contact SurveyStraight LLC d/b/a Verslee:
We aim to respond to all requests within 45 days. For GDPR requests, within one month.