Stakeholder Studio

Privacy Policy

Last updated: May 23, 2026

Stakeholder Studio (“Stakeholder Studio,” “we,” “us,” or “our”) is operated by Sorenson Advertising, LLC DBA Brand Revolt, a Utah limited liability company. This Privacy Policy explains how we collect, use, share, and protect information when you use the Stakeholder Studio platform (the “Service”).

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, password, organization details
  • Profile Information: Job title, department, contact preferences
  • Content: Videos, scripts, stakeholder lists, project data, communications
  • Payment Information: Billing address and payment method details (processed directly by Stripe; we do not store full card numbers)
  • Communications: Messages, support requests, feedback

Information We Collect Automatically

  • Usage Data: Features used, time spent, interaction patterns
  • Device Information: Browser type, operating system, IP address
  • Log Data: Access times, pages viewed, errors encountered

Third-Party Integrations

When you connect third-party services (such as Google Calendar), we collect only the data necessary to provide that integration, subject to the scopes you authorize and to those services' own privacy policies. See Section 6 for details on our Google API integration.

2. How We Use Your Information

  • Service Delivery: Provide, maintain, and improve Stakeholder Studio features
  • AI Processing: Generate content, insights, and recommendations (see Section 5)
  • Communication: Send updates, notifications, and support responses
  • Analytics: Understand usage patterns and improve user experience
  • Security: Detect fraud, abuse, and maintain platform security
  • Legal Compliance: Meet regulatory requirements and enforce our terms
  • Marketing: Send promotional content (with your consent, where required)

3. Information Sharing and Disclosure

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

When We Share Information

  • Service Providers: Trusted partners who help us operate the Service (see list below)
  • Team Members: Within your organization as configured by your account settings
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • With Your Consent: When you explicitly authorize sharing

Service Providers We Use

We rely on the following sub-processors to operate Stakeholder Studio. Each is contractually required to safeguard your data:

  • Vercel — application hosting and edge delivery
  • Supabase — database, authentication, and file storage
  • OpenAI — AI content generation and transcription (data is not used to train OpenAI's models)
  • Stripe — payment processing
  • Resend — transactional and notification email delivery
  • Google — calendar event scheduling for users who connect Google Calendar (see Section 6)

4. Data Security and Protection

  • Encryption: Data is encrypted in transit (TLS) and at rest by our sub-processors
  • Access Controls: Role-based access controls limit who in our organization can see your data
  • Infrastructure: Hosted on Vercel and Supabase, both of which maintain SOC 2 Type II certifications
  • OAuth Tokens: Google Calendar access and refresh tokens are stored encrypted and accessible only to our server-side API
  • Monitoring: Production environments are continuously monitored for security events

While we implement industry-standard security measures, no system is 100% secure. We will notify affected users of any significant security incidents in accordance with applicable law.

5. AI Processing and Content Generation

AI Features

Stakeholder Studio uses OpenAI's API to provide content generation, transcription, and insights features. This section explains how that processing works with your data.

How AI Processes Your Data

  • Content Analysis: AI analyzes your uploaded videos and text to generate transcripts, summaries, and insights
  • Script Generation: AI creates communication scripts based on your input and preferences
  • Email Drafting: AI helps draft stakeholder emails from your recorded content
  • Content Optimization: AI suggests improvements for communication effectiveness

AI Data Handling

  • AI processing occurs over encrypted connections to OpenAI's API
  • Per OpenAI's API data policy, your content is not used to train OpenAI's models
  • OpenAI retains API inputs for up to 30 days for abuse monitoring, then deletes them
  • AI-generated content is provided as suggestions and should be reviewed before use
  • You retain full ownership and control over any AI-generated content

AI Content Disclaimers

  • AI-generated content may contain errors and should be reviewed before publication
  • You are responsible for verifying all AI-generated content before distributing it
  • AI recommendations do not constitute professional, legal, or financial advice
  • You retain full responsibility for any content you publish or distribute

6. Google API Services User Data

Stakeholder Studio offers optional integration with Google Calendar. This section discloses, as required by Google's API Services User Data Policy, exactly what Google account data we access and how we use it.

Google API Scopes We Request

  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete the single recurring “weekly recording” event we add to your calendar
  • https://www.googleapis.com/auth/userinfo.email — to identify which Google account you connected, displayed back to you on the integration settings page

How We Use Google Data

  • We create one recurring weekly calendar event in your primary Google Calendar to remind you to record your stakeholder update
  • When you change your weekly schedule in Stakeholder Studio, we update that same event so the series stays in sync
  • If you disconnect the integration, we delete the event from your calendar and remove your OAuth tokens from our system
  • We do not read, list, copy, or analyze any other events on your calendar
  • We do not share your Google data with third parties

Compliance with Google's Limited Use Policy

Stakeholder Studio's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve user-facing features visible in our app
  • We do not transfer Google user data to others except to provide or improve user-facing features, comply with law, or as part of a merger/acquisition with continued protections
  • We do not use Google user data to serve advertisements
  • We do not allow humans to read Google user data unless we have your affirmative consent, it is required for security, to comply with law, or as aggregated/anonymized data for internal operations

Revoking Access

You can revoke Stakeholder Studio's access to your Google account at any time by visiting your Google Account permissions page or by clicking “Disconnect” on the Calendar Integration section of your Stakeholder Studio settings.

7. Your Rights and Choices

Data Rights

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Export your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including:

  • The right to know what personal information we collect, use, disclose, and (if applicable) sell or share
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information — we do not sell or share your personal information
  • The right to non-discrimination for exercising any of these rights

To exercise any of these rights, email support@stakeholderstudio.com.

EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (and equivalent UK/Swiss law) gives you additional rights, including the rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your local data protection authority.

Our legal bases for processing are: (a) performance of our contract with you, (b) compliance with our legal obligations, (c) your consent (where requested), and (d) our legitimate interests in operating and improving the Service.

Communication Preferences

You can opt out of marketing communications at any time through your account settings or by using unsubscribe links in our emails. Essential service communications (security alerts, billing, account notices) cannot be disabled while your account is active.

Account Deletion

You can delete your account at any time. We retain your data for 30 days for recovery purposes, then permanently delete it, unless we are required by law to retain it longer or it is needed for legitimate business records (such as financial transactions).

8. Data Retention and International Transfers

Data Retention

  • Account Data: Retained while your account is active
  • Content: Retained until you delete it or close your account
  • Usage Data: Retained for analytics; anonymized after 2 years
  • Billing Records: Retained for the period required by applicable tax and accounting law (typically 7 years)
  • Google OAuth Tokens: Retained while the integration is connected; deleted when you disconnect

International Transfers

Stakeholder Studio is operated from the United States, and your data may be processed in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms to protect data leaving the EEA, UK, or Switzerland.

9. Cookies and Similar Technologies

We use only the cookies and similar technologies that are strictly necessary to operate the Service. These include:

  • Authentication cookies set by Supabase to keep you signed in
  • Session cookies used to maintain state during your visit
  • Security cookies used to detect abuse and protect your account

We do not currently set advertising or third-party tracking cookies. If we add analytics or marketing cookies in the future, we will update this policy and, where required by law, request your consent.

10. Children's Privacy

Stakeholder Studio is a business product and is not intended for individuals under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or in-app notification and update the “Last updated” date above. Your continued use of the Service after the updated policy takes effect indicates acceptance.

12. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us:

  • Email: support@stakeholderstudio.com
  • Operator: Sorenson Advertising, LLC DBA Brand Revolt
  • Response Time: We respond to privacy requests within 30 days