Stetos Logo
stetos.co

Privacy Policy

Last updated: 2026-02-14

Version: PRIV-2026-02-14

1. Overview

This Privacy Policy explains how Stetos.co collects, uses, discloses, and protects personal data when you use our website, product, widgets, and related services.

2. Roles and Scope

For account, billing, and product operations, Stetos.co acts as a data controller. For interview content that customers collect from respondents, Stetos.co generally acts as a processor on behalf of the customer.

3. Categories of Data We Process

  • Account Data: name, email, workspace profile fields, and authentication records.
  • Billing Data: plan and billing status metadata, with payment card handling by Stripe.
  • Session Data: chat messages, audio content, transcripts, summaries, and derived insights.
  • Technical Data: IP address, browser and device signals, logs, and anti abuse signals.
  • Integration Metadata: optional identifiers passed by customers through widget metadata.

4. How We Use Data

  • Provide and operate the Service.
  • Authenticate users and secure sessions.
  • Generate transcripts, insights, and analytics outputs.
  • Process payments and subscription management flows.
  • Improve reliability, performance, and abuse prevention.
  • Communicate product, support, and account information.

5. Subprocessors and Service Providers

We use third party providers to deliver the Service. Core providers currently include:

  • Supabase: database, storage, and authentication.
  • OpenAI: language model processing for text workflows.
  • Vapi: voice orchestration and telephony workflows.
  • Stripe: payments and billing operations.
  • PostHog: product analytics and event telemetry.
  • Cloudflare Turnstile: anti bot and abuse prevention checks.

6. Data Sharing and Disclosure

We do not sell personal data. We share data with subprocessors strictly for service delivery, security, and compliance obligations. We may disclose data where required by law or to protect rights, safety, or service integrity.

7. International Processing

Data may be processed in countries other than your own, including the United States and other regions where our providers operate. We use contractual and operational safeguards appropriate to applicable law.

8. Retention

We retain data only for as long as needed for product operation, legal obligations, and security purposes. Retention windows may vary by data type, account status, and active plan configuration.

  • Account and billing records are retained for tax, legal, and audit purposes.
  • Session and transcript data follow configured retention policies where applicable.
  • Security and abuse prevention logs may be retained for platform protection.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correction, deletion, restriction, portability, or objection. For users in Mexico, this includes ARCO rights. Requests can be sent to privacy@stetos.co.

10. Security

We apply administrative, technical, and organizational controls designed to protect data. No system can be guaranteed fully secure, but we continuously improve safeguards and incident response practices.

11. Children

The Service is not intended for children under the age required by applicable law. If you believe personal data from a child was processed without authorization, contact us to request review and deletion.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The version and date above reflect the current effective text. Material updates will be communicated through appropriate product or site notices.

13. Contact

Questions or privacy requests can be sent to privacy@stetos.co.