Schedule a Call
Login
727-219-2132info@studio98.com

Privacy Policy

Last updated: September 4, 2025

This Privacy Policy explains how Studio98 Inc. (“Studio98.ai”, “we”, “us”, “our”) collects, uses, shares, and protects your information when you use:

  • The Studio98.ai web-based SaaS platform (the “Platform”)

     

  • Our consulting and training services

     

  • Our website and any related pages, forms, or widgets

     

We primarily serve customers in the United States and Canada, but we comply with the EU/UK GDPR when we process personal data of individuals in the EEA/UK.

If you have questions, contact us at support@studio98.com.

1) Who we are (Data Controller)

For most activities described here, Studio98 Inc, 611 S Fort Harrison #309 Clearwater, FL 33756, is the data controller.
 For certain integrations where we process data strictly on your instructions (e.g., when your AI employees/agents interact with your connected Google/Microsoft/HubSpot/OpenAI accounts), we act as your data processor.

2) What data we collect

a) Information you provide

  • Account & profile: name, email, password (hashed), company, role, phone number.

     

  • Guest access: when guests view agent details, we collect name and email.

     

  • Billing: payment details (processed by our payment providers; we don’t store full card numbers).

     

  • Business details for recommendations: information about your business, use cases, departments, and preferences to suggest suitable AI employees/agents.

     

  • Support: messages, tickets, and communications with our team.

     

  • Uploads & content: files, prompts, and data you submit to or through the Platform.

     

b) Information we collect automatically

  • Device & usage: IP address, browser type, device identifiers, pages visited, time on page, links clicked.

     

  • Log data & diagnostics: performance events, error logs, and security logs.

     

c) Data from integrations you connect

At your direction, you may connect third-party accounts (e.g., Google, Microsoft, HubSpot, OpenAI/ChatGPT, and other MCP/API integrations).

  • We typically use OAuth or API keys you provide.

     

  • We do not store your third-party passwords.

     

  • We may store access tokens securely to perform actions you’ve requested.

     

  • Data retrieved via these integrations is processed only to deliver the specific agent functionality you enable.

     

  • You can disconnect integrations at any time (revoking tokens may require action in your third-party account).

     

3) Purposes & legal bases (GDPR)

Purpose

Examples

Legal basis

Account setup & authentication

Create/manage your account, let you log in

Contract (Art. 6(1)(b))

Provide the Platform & services

Run AI employees/agents; connect to MCP/API integrations at your request

Contract (Art. 6(1)(b))

Consulting & training

Deliver requested sessions and tailored advice

Contract (Art. 6(1)(b))

Payments & billing

Subscriptions, invoices, fraud prevention

Contract & Legal obligation (tax/records)

Customer support

Respond to tickets, troubleshoot

Contract & Legitimate interests

Product improvement & analytics

Measure usage, improve performance

Legitimate interests

Security & abuse prevention

Detect, investigate, prevent misuse

Legitimate interests & Legal obligation

Recommendations

Suggest agents based on your business inputs

Legitimate interests (you control inputs)

Marketing & product updates

In-app notices for users; emails to interested leads/guests

Consent where required (EEA/UK); Legitimate interests where permitted with easy opt-out

AI model training/refinement (optional/controlled)

Improve model quality/features

Consent (EEA/UK). You can opt out. We do not use your data for third-party advertising.

Note on AI training: We will only use your content or interaction logs for model training/refinement with your explicit consent where required by law (e.g., EEA/UK). You can withdraw consent at any time (see Section 10). Platform features will remain available without consenting to training (except features that inherently require shared learning).

4) Cookies & similar technologies

We use cookies and similar technologies to:

  • Keep you logged in and secure the Platform

     

  • Remember preferences

     

  • Measure usage and improve features (e.g., Google Analytics, PostHog, or Mixpanel)

     

In regions where required (EEA/UK), we will request cookie consent for non-essential cookies. You can change your preferences via our cookie banner or your browser settings.

5) How we share information

We disclose personal data to:

  • Payment processors: e.g., Stripe, PayPal (billing, fraud detection)

     

  • Analytics providers: e.g., Google Analytics, PostHog, Mixpanel

  • Customer support tools: e.g., Intercom, Zendesk

  • CRM & email platforms: e.g., HubSpot, Mailchimp

  • AI infrastructure & model providers: e.g., OpenAI, Anthropic, Google Cloud AI (to power agent capabilities you use)

     

  • MCP/API Integrations: connections you enable (similar to Zapier flows). We share or fetch only what’s needed to perform tasks you’ve requested.

     

  • Hosting & infrastructure: e.g., reputable cloud providers for secure storage and compute

     

  • Professional advisors & auditors (as needed)

     

  • Legal & compliance: if required by law, to protect rights, safety, or enforce agreements

     

  • Corporate transactions: in case of merger, acquisition, or asset sale (with safeguards)

     

We do not sell your personal data.

6) International transfers

We operate primarily in the US and Canada and may transfer personal data internationally. When we transfer personal data from the EEA/UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and implement additional safeguards where appropriate. Where vendors participate in recognized frameworks (e.g., the EU–US Data Privacy Framework), we may rely on that certification.

7) How we protect your data

We use administrative, technical, and physical safeguards, including:

  • Encryption in transit (TLS) and at rest

     

  • Role-based access controls and principle of least privilege

     

  • Secure authentication (e.g., 2FA/SSO options where available)

     

  • Network and application security measures

  • Vendor due diligence and contractual data protection terms

     

No security controls are perfect, but we work to keep your data safe and review our practices regularly.

8) Data retention

We keep personal data only as long as needed for the purposes described above, and to meet legal or regulatory requirements. As a general guide:

  • Account data (active users): retained while your account is active.

     

  • After account closure: we aim to delete or anonymize within ~3 months (90 days).

     

  • Billing/transaction records: retained for up to 7 years (tax/accounting laws).

     

  • Support tickets & logs: typically 12–24 months (security, audit, troubleshooting).

     

  • Guest leads (name/email): up to 12 months or until you opt out/request deletion.

     

  • AI training data (if consented): retained only as long as necessary for stated purpose; deleted or excluded upon withdrawal of consent where technically feasible.

     

You can request deletion at any time (see Section 10).

9) Children’s privacy

The Platform is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact support@studio98.com and we will delete it.

10) Your rights (EEA/UK & similar jurisdictions)

Subject to law, you may have the right to:

  • Access your data

     

  • Correct inaccurate data

     

  • Delete your data (“erasure”)

     

  • Object to or restrict certain processing

     

  • Data portability (receive your data in a usable format)

     

  • Withdraw consent at any time (where processing is based on consent, e.g., marketing or model training)

     

  • Lodge a complaint with your local data protection authority

     

How to exercise your rights:
Email support@studio98.com. We may ask for verification to protect your account.

For users outside the EEA/UK, similar rights may apply under local laws (e.g., certain U.S./Canadian laws). Contact us and we’ll help.

11) Automated decision-making & AI employees

Studio98.ai enables “AI employees/agents” to perform tasks on your behalf.

  • We do not make decisions with legal or similarly significant effects without human oversight.

     

  • You control whether and which agents operate in your workflows and what data they can access.

     

  • For transparency, we maintain interaction logs so you can review agent actions.

     

  • You can turn agents off, change permissions, and disconnect integrations at any time.

     

If you believe an automated output is incorrect or harmful, contact support@studio98.com so we can review and help.

12) Your controls for integrations (MCP/API)

  • You decide which integrations (e.g., Google/Microsoft/HubSpot/OpenAI) to connect.

     

  • We use the minimum scopes required to deliver the agent’s task.

     

  • Tokens are stored securely and can be revoked by you (via us or the provider’s dashboard).

     

  • Disconnecting an integration may limit or stop related agent features.

     

13) Marketing preferences

  • In-app messages: we provide product and service updates to signed-in users to operate and improve the Platform.

     

  • Email marketing: we email guest users/leads who provide contact details and customers about relevant products/services. In the EEA/UK, we’ll get consent where required; elsewhere, we rely on legitimate interests with an easy opt-out.

     

  • You can unsubscribe at any time via links in our emails or by contacting support@studio98.com.

     

14) Legal basis summary (quick view)

  • Contract: account, platform features, consulting/training, billing/support.

     

  • Legitimate interests: security, analytics, service improvement, and certain B2B marketing (where allowed).

     

  • Consent: non-essential cookies (EEA/UK), certain marketing communications (EEA/UK), any AI model training using your content.

     

15) Third-party links

Our Platform may link to third-party sites or services. Their privacy practices are governed by their own policies. Please review those policies when you leave our Platform.

16) Changes to this Policy

We may update this Policy to reflect changes to our practices or the law. We will notify you via in-app notice (and/or email where appropriate). The “Last updated” date shows when the latest changes took effect.

17) Contact us

Sstudio98 Inc.
 Email: support@studio98.com
 Address: 611 S Fort Harrison #309 Clearwater, FL 33756

If you’re in the EEA/UK and have concerns about our handling of your data, you can also contact your local Data Protection Authority.