Greenfield Labs

Privacy Policy

Review our latest Privacy Policy here.

Last Updated|November 7th, 2025

1. OVERVIEW AND SCOPE

1.1. Overview

This policy and applicable supporting procedures are designed to provide Greenfield Labs LLC ("the Company" or "Company" or "Greenfield Labs") with a documented and formalized process for protecting individuals' privacy. Respect for the privacy of personal and other information is fundamental to us. This privacy policy describes our collection of personal information from users of our Web site ("Website" or "Site"), our Platform, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Policy is displayed (collectively, together with the Website, our "Service"). This Policy also describes our use and disclosure of such information. By using our Service, you consent to the collection and use of personal information in accordance with this policy.

1.2. Scope

This policy and supporting procedures cover the privacy of all data collected by Greenfield Labs in its interaction with individuals in its business operations.

2. ROLES AND RESPONSIBILITIES

The following roles and responsibilities are to be developed and subsequently assigned to authorized personnel within the Company regarding privacy practices:

  • Chief Privacy Officer: Responsibilities include providing overall direction, guidance, leadership, and support on methods and tools for the implementation of a security and privacy-related program. The Chief Privacy Officer will conduct resource and investment planning to implement the management, operational, technical, and privacy requirements of the program.
  • Privacy Committee: Responsibilities include approving and monitoring adherence to this policy, analyzing the organization's environment, and the legal requirements with which it must comply. Additional responsibilities include:
    • Execute the privacy operations of the firm, including monitoring the system used to solicit, evaluate, and respond to individual privacy complaints and problems.
    • Evaluate implemented privacy controls;
    • Assessing existing policies and procedures that address privacy areas;
    • Working with appropriate departments to ensure compliance with privacy policies and procedures;
    • Recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the organization's privacy objectives;
    • Report to the Chief Privacy Officer on the effectiveness of the privacy controls/program in meeting applicable regulatory requirements and standards.

3. PERSONAL INFORMATION

"Personal Information," as used in this policy, is information that specifically identifies an individual, such as an individual's name, social security number, telephone number, or e-mail address. Personal information also includes information about an individual's activities, such as information about his or her activity on the Site or credit history, and demographic information, such as date of birth, gender, address, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual.

Personal information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes.

4. COLLECTION OF INFORMATION

4.1. Passive Information Collection

When you use the Service, some information may be automatically collected, such as your IP address, browser type, system type, the content and pages that you access on the Site, "referring URL" (i.e., the page from which you navigated to the Site), the pages you navigate to on the Site, and from which you leave the Site, as well as the time you spend on the Site.

We collect this information passively using technologies such as standard server logs, cookies, and clear GIFs (also known as "Web beacons"). We use passively-collected information to administer, operate, and improve the Site and our other services and systems, and to provide services and content that are tailored to you.

If we link or associate any information gathered through passive means with personal information, we treat the combined information as personal information under this policy. Otherwise, we use information collected by passive means in a non-personally identifiable form only.

Also, please be aware that third parties may set cookies on your hard drive or use other means of passively collecting information about your use of their services or content. We do not have access to, or control over, these third-party means of passive data collection.

4.2. Collection of Voluntarily Provided Information

We may collect personal information that our users provide to us in a variety of ways through our Service. For instance, when you request information about our services or otherwise communicate with us, we collect the personal information that is provided to us. We may collect personal information such as name, e-mail address, city, state, country, other demographic information, and your interests and preferences in these manners.

4.3. Information from Other Sources

We may receive information about you, including personal information, from third parties, and may combine this information with other personal information we maintain about you. If we do so, this policy governs any combined information that we keep in a personally-identifiable format.

5. USE OF PERSONAL INFORMATION

We use personal information to provide services and information that you request; to enhance, improve, operate, and maintain the Site and Service, our programs, services, website, and other systems; to prevent fraudulent use of our Site and Service; to tailor your user experience; to maintain a record of our dealings with you, and for other administrative purposes.

We may also use the personal information you provide to contact you regarding our products and services. We allow you to opt-out from receiving marketing communications from us as described in the "Choice" section below.

6. DISCLOSURE OF PERSONAL INFORMATION

We will not disclose your personal information to third parties without your consent, other than as described in this policy. We may disclose personal information to third-party service providers (e.g., data storage and processing facilities) that assist us in our work. We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions.

We may also disclose personal information if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others.

In addition, information about our users, including personal information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information could be transferred to third parties as one of our business assets.

7. CHOICE

If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us by sending us an email or by writing to us at the address given at the end of this policy.

8. LINKS

For your convenience, the Site may contain links to other Web sites, products, or services that we do not own or operate. If you choose to visit or use any third-party products or services, please be aware that this policy will not apply to your activities or any information you disclose while using third-party products or services or otherwise interacting with third parties.

9. CHILDREN

Children's safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. We do not knowingly collect personal information from children under the age of 13 without obtaining parental consent.

10. INTERNATIONAL VISITORS

Our Site and Service is hosted in the United States and is generally intended for United States visitors. If you visit from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please be aware that you are transferring personal information to the United States. The United States does not have the same data protection laws as the European Union and some other regions. By providing personal information to us, you consent to the transfer of it to the United States and the use of it in accordance with this policy.

11. SECURITY

Greenfield Labs protects the Personal Information it collects with reasonable and appropriate physical, electronic, and procedural safeguards. We use reasonable security measures that are designed to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please note, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any personal information or other information. You transmit information to us at your own risk.

12. UPDATES TO THIS POLICY

We may occasionally update this Policy. When we do, we will also revise the "last updated" date at the beginning of the policy. Your continued use of this Service after such changes will be subject to the then-current policy. We encourage you to periodically review this policy to stay informed about how we collect, use, and disclose personal information.

13. CONTACTING US

If you have any questions, comments, or concerns about this privacy policy or your personal information, please contact us at the Privacy email. If you have a complaint that we have breached these privacy principles and attempted in good faith to resolve the complaint through our customer service process, but the complaint was not resolved by us within a reasonable amount of time, then you may enforce these privacy principles against us.

14. POLICY ADMINISTRATION

14.1. Ownership and Review

The Policy Owner owns this Policy and is responsible for reviewing the Policy for updates annually, or following major changes to Greenfield Labs' compliance environment. The Policy Approver retains approving authority over this Policy.

14.2. Monitoring and Enforcement

Greenfield Labs periodically monitors adherence to this Policy to help ensure compliance with applicable laws, requirements, and contractual agreements that apply to Client & Consumer Data. Greenfield Labs may also establish enforcement mechanisms, including disciplinary actions, to help ensure compliance with this Policy.

14.3. Related Documents

  • Information Security Policy
  • Data Protection and Handling Policy

These additional policies are available upon request. Reach out to us on our contact page for more information.

15. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information under applicable privacy laws, including GDPR, CCPA, CPRA, and state-specific privacy regulations.

15.1. Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out: You may opt-out of the sale or sharing of your personal information. We do not sell personal information in the traditional sense, but we may share it with service providers.
  • Right to Limit Use of Sensitive Personal Information: You may limit our use and disclosure of sensitive personal information.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

15.2. Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

  • Right of Access: You have the right to request access to your personal data.
  • Right to Rectification: You have the right to request correction of inaccurate personal data.
  • Right to Erasure: You have the right to request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to our processing of your personal data.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

15.3. Exercising Your Rights

To exercise any of these rights, please contact us at hello@greenfieldlabsai.com with the subject line "Privacy Rights Request." We will respond to your request within the timeframes required by applicable law (typically 45 days for CCPA requests and 30 days for GDPR requests). We may need to verify your identity before processing your request.

16. AI AND AUTOMATED DECISION-MAKING

As an AI-focused technology company, Greenfield Labs utilizes artificial intelligence and machine learning technologies in various aspects of our services and operations.

16.1. Use of AI Technologies

We may use AI and automated systems to:

  • Improve and optimize our software development services
  • Analyze system performance and identify potential issues
  • Enhance user experience through personalization
  • Provide automated technical support and recommendations
  • Detect and prevent security threats and fraudulent activities

16.2. Data Used for AI Training

When we use personal data to train or improve our AI models, we:

  • Minimize the use of personal information where possible
  • Anonymize or pseudonymize data whenever feasible
  • Implement appropriate safeguards to protect privacy
  • Provide transparency about how AI systems process your data
  • Obtain necessary consents as required by applicable law

16.3. Automated Decision-Making

We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing, including profiling, without human intervention. If we plan to engage in such automated decision-making in the future, we will provide you with meaningful information about the logic involved and seek your explicit consent where required by law.

16.4. Your Rights Regarding AI

You have the right to:

  • Be informed when AI systems process your personal data
  • Understand the logic behind automated decisions that affect you
  • Request human review of automated decisions
  • Object to automated processing of your personal data
  • Opt-out of having your data used for AI training purposes where technically feasible

17. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

17.1. Retention Periods

Our standard retention periods are as follows:

  • Account Information: Retained for the duration of your account plus 30 days after account closure, unless longer retention is required by law or for legitimate business purposes.
  • Transaction Records: Retained for 7 years to comply with financial record-keeping requirements.
  • Customer Communications: Retained for 3 years after the last interaction for customer service and quality assurance purposes.
  • Server Logs and Technical Data: Retained for 90 days for security monitoring and system optimization.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely as it does not identify individuals.
  • Marketing Data: Retained until you opt-out of marketing communications or request deletion.

17.2. Deletion and Anonymization

At the end of the retention period, we will either delete your personal information or anonymize it so that it can no longer be associated with you. In some cases, we may retain information in a restricted format for longer periods if required by law or for legitimate business purposes, such as fraud prevention or legal defense.

17.3. Early Deletion Requests

You may request early deletion of your personal information at any time by contacting us at hello@greenfieldlabsai.com. We will honor your request unless we have a legal obligation or legitimate business interest to retain the information.

18. DATA BREACH NOTIFICATION

Greenfield Labs takes data security seriously and has implemented comprehensive measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

18.1. Breach Response Procedures

In the event of a data breach that affects your personal information, we will:

  • Investigate the breach to determine its scope and impact within 24 hours of discovery
  • Take immediate action to contain and remediate the breach
  • Notify relevant supervisory authorities within 72 hours when required by law (GDPR)
  • Notify affected individuals without undue delay if the breach poses a risk to their rights and freedoms
  • Provide information about the nature of the breach, the data affected, and steps being taken to address it
  • Offer guidance on protective measures individuals can take to mitigate potential harm

18.2. Notification Timing

We are committed to timely breach notification in accordance with applicable laws:

  • GDPR Compliance: Notification to supervisory authorities within 72 hours; notification to affected individuals without undue delay
  • CCPA Compliance: Notification in the most expedient time possible and without unreasonable delay
  • State Law Compliance: Notification in accordance with specific state breach notification requirements

18.3. Breach Notification Contents

Our breach notifications will include:

  • Description of the nature and timing of the breach
  • Categories and approximate number of individuals affected
  • Types of personal information involved
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for further inquiries
  • Recommendations for affected individuals to protect themselves

19. GLOBAL PRIVACY CONTROL

Greenfield Labs respects and honors Global Privacy Control (GPC) signals as a valid consumer request to opt-out of the sale or sharing of personal information under applicable privacy laws, including the CCPA and CPRA.

19.1. What is GPC?

Global Privacy Control is a proposed specification that allows users to signal their privacy preferences to websites and online services. When you enable GPC in your browser or through a browser extension, it sends a signal to websites requesting that they not sell or share your personal information.

19.2. How We Honor GPC

When we detect a GPC signal from your browser:

  • We will treat it as a valid request to opt-out of the sale or sharing of your personal information
  • We will apply the opt-out across all browsers and devices where we can link your GPC signal to your account
  • The opt-out will remain in effect until you disable the GPC signal or withdraw your request
  • We will not penalize or discriminate against you for enabling GPC

19.3. Enabling GPC

To enable GPC, you can use a browser that supports the GPC signal or install a browser extension that adds GPC functionality. For more information about GPC and how to enable it, visit globalprivacycontrol.org.

20. STATE-SPECIFIC PRIVACY RIGHTS

In addition to the rights described elsewhere in this policy, residents of certain U.S. states have additional privacy rights under their state's privacy laws.

20.1. Applicable State Laws

The following state privacy laws may grant you additional rights:

  • California: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia: Virginia Consumer Data Protection Act (VCDPA)
  • Colorado: Colorado Privacy Act (CPA)
  • Connecticut: Connecticut Data Privacy Act (CTDPA)
  • Utah: Utah Consumer Privacy Act (UCPA)
  • Delaware: Delaware Personal Data Privacy Act (DPDPA)
  • Iowa: Iowa Consumer Data Protection Act
  • Montana: Montana Consumer Data Privacy Act
  • Oregon: Oregon Consumer Privacy Act
  • Texas: Texas Data Privacy and Security Act
  • Tennessee: Tennessee Information Protection Act (TIPA)
  • New Jersey, New Hampshire, Nebraska, Maryland, Minnesota: Various state privacy laws effective in 2025

20.2. Common State Privacy Rights

While specific rights vary by state, most comprehensive state privacy laws grant consumers the following rights:

  • Right to confirm whether we process your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to obtain a copy of your personal data in a portable format
  • Right to opt-out of the processing of personal data for targeted advertising
  • Right to opt-out of the sale of personal data
  • Right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

20.3. Sensitive Data

Certain state laws provide enhanced protections for "sensitive" personal data, which may include:

  • Precise geolocation data
  • Racial or ethnic origin
  • Religious beliefs
  • Genetic or biometric data
  • Health information
  • Sexual orientation
  • Citizenship or immigration status
  • Personal data of children

We do not knowingly collect sensitive data as defined by state laws without appropriate safeguards and, where required, your explicit consent.

20.4. Appeals Process

If we deny your request to exercise your privacy rights under applicable state law, you have the right to appeal our decision. To submit an appeal, please contact us at hello@greenfieldlabsai.com with "Privacy Rights Appeal" in the subject line. We will respond to your appeal within the timeframe required by applicable state law (typically 45-60 days).

20.5. Authorized Agents

You may designate an authorized agent to submit requests on your behalf. To do so, you must provide the authorized agent with written permission, and we may require you to verify your identity directly with us before processing the request.