Privacy Policy

Privacy Policy for STUDD AI, LLC

Effective Date: 06/01/2026

This Privacy Policy (“Privacy Policy”) describes how STUDD AI, LLC and its subsidiaries and affiliates (“STUDD AI" “us,” “we,” or “our”) may collect, use, and share your personal information in connection with our website at: studd.ai and any other websites we own and operate that link to this Privacy Policy (collectively, the “Site”) together with our web based application, products, services, social media pages, events, emails, and other electronic communications (collectively, the “Services”), and the choices you have with respect to your personal information.

This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Services. By using STUDD AI, you agree to the practices described in this Privacy Policy.

1. INFORMATION WE COLLECT

We collect the following categories of information:

Account registration: name, email address, company name, trade/specialty, state of operation.

Business data: invoices, bills, vendor information, GC profiles, job details, compliance documents, financial records — any data you enter into the platform to manage your business.

Support communications: emails, chat messages, or other correspondence with our team.

Payment and Subscription Information

Billing details and transaction history

Subscription status and plan details

Payment processing is handled by Stripe. STUDD AI does not store credit card numbers, bank account numbers, or other payment credentials on our servers.

Bank account data (when you use the Plaid bank account linking feature): account numbers, routing numbers, account balances, and transaction history, collected through Plaid’s secure authentication flow with your explicit consent.

Accounting data (when you connect QuickBooks): invoices, bills, vendor records, payment transactions, and job cost data synced from your QuickBooks Online account with your authorization.

Device and Usage Information

Usage data: pages viewed, features used, time spent, actions taken within the platform. Used to improve the Service and identify technical issues.

Device and browser information: browser type, operating system, device type, screen resolution. Used for compatibility and troubleshooting.

IP address: used for security, fraud prevention, and approximate geographic location (not precise tracking).

Personal Information from Third Parties. We may obtain personal information about you from third parties, such as social media platforms and other public sources, third parties that help us advertise our services and find new customers, joint marketing partners, event co-sponsors, and other third parties.

Personal Information Collected Automatically. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your activity over time on our Services and other sites and online services, such as:

Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state, or geographic area.

Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

Like many online services, we may use the following technologies to facilitate some of our automatic data collection:

Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.

Local storage, which is used to save data on a visitor’s device. We may use data from local storage to, for example, turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our Service, and remember your preferences.

2. HOW WE USE INFORMATION

We use the collected information for the following purposes:

A. Provide and Operate the Service

Deliver an AI-powered financial operations platform for the construction industry

Process and store outputs

Maintain user accounts and system functionality

B. AI Response Generation

Studd AI uses Anthropic’s API to draft outbound emails when a subcontractor sends an invoice or payment reminder to their client. It also answers questions about the user’s own business data, such as payment trends and cash flow.

C. Subscription Management

Process payments and manage billing

Administer subscriptions and renewals

D. Improve and Maintain the Service

Monitor system performance and reliability

Train and refine internal models and workflows (using de-identified or aggregated data where feasible)

E. Security and Fraud Prevention

Detect unauthorized access or misuse

Prevent fraud and abuse of the platform

F. Customer Support

Respond to inquiries and technical issues

Provide onboarding and user assistance

G. Legal and Compliance

Comply with applicable laws and regulations

Enforce terms of service and contractual obligations

H. Third-Party Financial Integrations

Enable bank account linking and ACH payment processing through Plaid

Sync invoice, payment, and accounting data with QuickBooks Online

Provide cash flow analysis and financial reporting features that draw on connected financial account data

3. THIRD-PARTY SERVICE PROVIDERS AND DATA PROCESSORS

We engage third-party vendors to support our operations. These providers process data on our behalf under contractual obligations that include confidentiality and data protection requirements.

Categories include:

AI processing providers

Cloud hosting and infrastructure providers

Payment processors

Financial data connectivity providers (Plaid Inc.) for bank account linking and ACH payment setup

Accounting software integration providers (Intuit/QuickBooks) for accounting data synchronization

Analytics and monitoring tools

4. AI MODEL PROCESSING

STUDD AI uses third-party AI models, including Anthropic’s Claude API, to power the Cortex AI Feature and process inputs to generate outputs within the Services.

The Services transmit inputs to Anthropic’s API for AI Feature processing. Inputs sent to Anthropic may include: company and client names, email addresses, invoice amounts and due dates, payment history and aging data, job and project details, GC relationship information, and message or task context used to generate AI outputs. No Social Security numbers, EINs, bank account numbers, full payment card numbers, or other sensitive financial credentials are transmitted to Anthropic.

STUDD AI processes data through AI models solely to generate responses and outputs within the Services. We do not use Customer Content to train, fine-tune, or improve any AI model without Customer’s prior written consent.

We implement safeguards to minimize unnecessary data exposure, including transmitting only the data fields necessary to generate the requested output and avoiding transmission of sensitive personal or financial credentials to third-party AI APIs.

AI Output Limitations

AI-generated content may contain inaccuracies, omissions, or errors relating to invoice data, payment calculations, GC relationship details, or other construction financial information.

Outputs are intended to assist, not replace, human judgment. AI-generated invoice drafts, payment trend analyses, and cash flow projections are informational only and do not constitute financial, legal, or tax advice.

Users are responsible for reviewing and independently verifying all AI-generated content before relying on it for any business, financial, or legal decision, including payment demands or contract actions.

AI Response Generation

STUDD AI uses Anthropic’s Claude API to power the Cortex AI Feature, which provides construction-industry-specific intelligence, pattern recognition, and financial operations guidance within the Services. AI generation is used in contexts such as: drafting outbound payment reminder emails or invoice follow-ups on behalf of a subcontractor; answering questions about a user’s own business data, such as payment trends, aging receivables, and cash flow patterns; generating structured outputs to assist users with tasks such as creating a new invoice from a plain-language description or summarizing GC relationship history; and providing assistive generation features such as “suggest a response” for payment dispute messages or task communications. All AI-generated outputs are assistive in nature — users remain responsible for reviewing and confirming any AI-generated content before it is sent, filed, or acted upon.

Anthropic API Data Handling

STUDD AI’s processing of your data through Anthropic’s API is governed by Anthropic’s API Data Usage Policy and Privacy Policy (anthropic.com/privacy). Anthropic represents that it does not use API inputs and outputs to train its models by default; however, you acknowledge that such policies may change and should review current Anthropic terms at anthropic.com. STUDD AI processes data through Anthropic solely to generate responses within the Services and does not authorize Anthropic to use your data for any purpose beyond providing the API response.

5. CLOUD INFRASTRUCTURE AND HOSTING

We use cloud service providers, including Cloudflare, to store and process data.

Data is stored in secure cloud environments

Infrastructure providers may process data as part of hosting and system operations

We implement access controls and encryption safeguards

6. SUBSCRIPTION MANAGEMENT AND BILLING

Payments are processed through Stripe.

Stripe independently collects and processes payment data for the web-based version of our software.

STUDD AI receives limited billing information (e.g., subscription status, last four digits of card).

Stripe’s privacy practices are governed by its own policies.

6.1. PLAID FINANCIAL DATA INTEGRATION (BANK ACCOUNT LINKING)

STUDD AI integrates with Plaid Inc. ("Plaid") to enable bank account linking, ACH payment setup, and financial account verification. Plaid is an independent financial technology company. STUDD AI is NOT a bank, financial institution, or financial advisor.

How Plaid Works

When you choose to link a bank account, you will be redirected to Plaid’s secure interface ("Plaid Link") to authenticate directly with your financial institution. STUDD AI does not receive or store your banking credentials (username or password).

Through Plaid, STUDD AI may receive: bank account numbers and routing numbers (for ACH setup), account balances, transaction history, account owner name, and financial institution name.

This data is used to enable ACH payment collection, reconcile invoices against bank activity, and support cash flow analysis within the platform.

End-User Consent Required

The Plaid integration requires your affirmative, informed consent before any financial account is accessed. You must complete the Plaid Link authentication flow to authorize access. You may revoke this authorization at any time through your account settings or by contacting us at [email protected].

STUDD AI will not access any individual’s financial account data through Plaid without that individual’s prior, informed consent.

Legal Compliance

To the extent you use bank account data obtained through Plaid for any purpose regulated by the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), or applicable state financial privacy laws, you are solely responsible for compliance, including providing required notices and obtaining appropriate consents.

Plaid’s Independent Practices

Plaid’s collection and processing of your financial data is governed by Plaid’s Privacy Policy, available at plaid.com/legal. STUDD AI is not responsible for Plaid’s independent data practices. By using the Plaid integration, you agree to be bound by Plaid’s terms of service and privacy policy.

6.2. QUICKBOOKS ACCOUNTING INTEGRATION (ACCOUNTING DATA SYNC)

STUDD AI integrates with QuickBooks Online, a product of Intuit Inc. ("Intuit" or "QuickBooks"), to enable two-way accounting data synchronization. This integration allows STUDD AI to connect with your QuickBooks account to sync invoices, bills, vendor payments, and job cost data between the two platforms.

Data We Access Through QuickBooks

When you authorize the QuickBooks integration, STUDD AI may access and sync: invoices and invoice status, bills and vendor payments, customer and vendor records, job cost and project data, chart of accounts information, and payment transaction records.

This data is used to eliminate manual double-entry, keep your accounting records synchronized with platform activity, and generate accurate financial reports and cash flow insights within STUDD AI.

Authorization and Consent

The QuickBooks integration requires your explicit authorization through Intuit’s OAuth 2.0 authentication flow. You must actively connect your QuickBooks account to STUDD AI. You may disconnect this integration at any time through your account settings or directly through your QuickBooks account.

STUDD AI will only access QuickBooks data for the purposes you have authorized and as necessary to deliver the accounting sync features of the Service.

Data Written Back to QuickBooks

With your authorization, STUDD AI may write data back to QuickBooks, including: creating or updating invoices, recording payments, and syncing vendor bill information. All write-back actions are performed on your behalf and at your direction.

Intuit’s Independent Practices

Intuit’s collection and processing of your QuickBooks data is governed by Intuit’s Global Privacy Statement, available at intuit.com/privacy. STUDD AI is not responsible for Intuit’s independent data practices. By using the QuickBooks integration, you also agree to Intuit’s applicable terms of service and developer platform terms.

7. INDEPENDENT PLATFORM POLICIES

Third-party services integrated into STUDD AI operate under their own privacy policies. We are not responsible for their independent practices.

8. SUBPROCESSOR UPDATES

We may update our list of subprocessors from time to time. Continued use of the Service constitutes acceptance of such updates.

9. INTERNATIONAL TRANSFERS

The Services are only available in the United States.

We implement safeguards for cross-border transfers where required

By using the Service, you consent to such transfers

10. HOW WE SHARE INFORMATION

We may share information in the following circumstances:

A. Service Providers

With vendors who assist in operating the Services.

B. AI and Infrastructure Providers

With Cloudflare for processing and hosting

C. Financial Integration Providers

With Plaid Inc. to facilitate bank account linking, ACH setup, and financial account verification, solely at your direction and with your explicit consent.

With Intuit Inc. (QuickBooks) to synchronize accounting data between STUDD AI and your QuickBooks Online account, solely at your direction and with your authorization.

D. Analytics and Performance Providers

To monitor and improve system functionality.

E. Legal Requirements

When required by law, subpoena, or regulatory request.

F. Business Transfers

In connection with mergers, acquisitions, or asset sales.

G. Protection of Rights

To protect the rights, safety, and integrity of STUDD AI, users, or others.

11. AI AND AUTOMATED PROCESSING DISCLOSURE

STUDD AI uses automated systems to process and generate invoicing documentation, financial data aggregation and transaction analysis.

Decisions are not made solely by AI without human review

Outputs are assistive tools

Users retain full responsibility for final documentation

12. DATA RETENTION

We retain Personal Data as follows:

Data Category Retention Period Basis
Account & Profile Data Subscription Term + 3 years Contract / Legal Obligation
Business Data & AI Outputs (invoices, AR/AP, GC records) Subscription Term + 3 years Contract
Financial Integration Data (Plaid bank data, QuickBooks accounting data) Duration of authorization + 1 year Consent / Legitimate Interest
Payment Transaction Records 7 years from transaction Legal Obligation (tax / audit)
Usage & Analytics Logs 2 years, with consent-evidencing entries maintained for 4 years Legitimate Interest
Support Communications 3 years from close of inquiry Legitimate Interest
AI Model Inputs & Outputs (Anthropic API) Not retained beyond session; governed by Anthropic API terms Third-Party Processor Policy

After expiry of the applicable retention periods, your personal information will be deleted or anonymized. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data. In some cases, we may retain certain information (e.g., insights about Services use) in a depersonalized or aggregated form.

13. ACCOUNT DELETION AND DATA DELETION REQUESTS

Users may request:

Account deletion

Deletion of stored recordings and data

Requests can be submitted via the contact information below.

Exceptions (Required Retention)

We may retain certain data where necessary to:

Comply with legal obligations

Resolve disputes

Enforce agreements

14. DATA SECURITY

We implement reasonable administrative, technical, and physical safeguards, including:

Encryption in transit (TLS)

Encryption at rest

Access controls and authentication measures

Monitoring for unauthorized access

No system is completely secure, and we cannot guarantee absolute security.

15. YOUR PRIVACY RIGHTS

Depending on your location, you may have rights to:

Access personal information

Correct inaccurate data

Request deletion

Restrict or object to processing

Data portability

Requests can be submitted using the contact information below.

16. CHILDREN’S PRIVACY

STUDD AI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

17. INTERNATIONAL USERS

If you access the Service from outside the United States, you acknowledge that your information may be transferred to and processed in the U.S.

18. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices.

19. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

20. CALIFORNIA PRIVACY DISCLOSURES (CCPA/CPRA)

California residents have the right to:

Know what personal information is collected and how it is used

Request deletion of personal information

Correct inaccurate information

Opt out of certain data sharing practices

We do not sell personal information as defined under California law.

21. CALIFORNIA PRIVACY NOTICE (CCPA/CPRA)

Categories of Information Collected:

Identifiers (name, email)

Commercial information (subscriptions)

Financial account data (when Plaid bank account linking is used): account numbers, balances, and transaction history, collected with explicit consent

Accounting records (when QuickBooks integration is enabled): invoices, bills, vendor payments, and job cost data, synced with your authorization

Internet activity (usage data)

Professional information

Purposes:

Service delivery

Analytics

Security

Legal compliance

If you wish to have STUDD AI not sell your personal information to a third party, please email us at: [email protected].

22. DO NOT TRACK SIGNALS

STUDD AI does not currently respond to browser “Do Not Track” signals.

23. AI DISCLOSURES AND DISCLAIMERS

The Services use artificial intelligence technologies to generate responses and insights.

AI systems:

• may produce inaccurate outputs
• may rely on probabilistic models
• should not be relied upon as professional advice

Users remain responsible for decisions made based on AI-generated content.

ARTIFICIAL INTELLIGENCE GOVERNANCE AND STATE LAW COMPLIANCE

We design and operate our artificial intelligence systems with consideration for emerging state and federal laws governing artificial intelligence systems, automated decision-making, and consumer protection.

These laws may include, among others:

• the Colorado Artificial Intelligence Act (SB 205)
• the California Generative AI Training Data Transparency Law (AB 2013)
• the California Transparency in Frontier Artificial Intelligence Act (SB 53)
• the California AI Transparency Act and related amendments

Our compliance approach is designed to support transparency, responsible AI use, and protection of consumer rights.

Colorado Artificial Intelligence Act Compliance

The Colorado Artificial Intelligence Act establishes requirements for developers and deployers of certain “high-risk” artificial intelligence systems used in consequential decision-making, such as lending, employment, housing, healthcare, or education.

Where applicable, we implement reasonable governance practices designed to align with the principles of this law, including:

Responsible AI Development

We take reasonable measures to identify and mitigate potential risks associated with AI systems, including potential algorithmic bias or discriminatory outcomes.

Risk Management and Documentation

Where appropriate, we may maintain internal documentation addressing:

• intended uses of our AI systems
• potential risks associated with AI outputs
• safeguards designed to reduce harmful or discriminatory outcomes
• internal governance practices relating to AI development

Consumer Transparency

If an AI system is used to generate outputs or automated insights, we provide disclosures informing users that:

• The system uses artificial intelligence
• outputs are generated probabilistically
• outputs may contain inaccuracies
• users should independently verify important decisions

Human Oversight

Users remain responsible for interpreting AI-generated outputs and making final decisions based on their own judgment.

The Services do not replace human oversight and judgment.

California Artificial Intelligence Transparency Compliance

California has enacted multiple laws intended to increase transparency around artificial intelligence systems.

These laws may require developers to provide disclosures regarding AI-generated content, training data, and safety practices.

AI System Transparency

Where required by applicable law, we provide disclosures informing users that:

• The Services uses artificial intelligence technologies
• users may interact with AI-generated content
• AI outputs may not always be accurate or complete

Certain California laws require AI systems interacting with users to disclose that the interaction involves artificial intelligence rather than a human. We provide such disclosures where applicable.

AI Training Data Transparency

California law may require developers of generative AI systems to provide public documentation describing the types of data used to train such systems.

Where applicable, the developers of the underlying AI models we use (such as third-party model providers) may publish documentation describing:

• categories of training datasets
• sources or ownership of training data
• types of information used to train models
• whether training data includes copyrighted or publicly available information

Because we use third-party AI model providers, training data disclosures are typically provided by those model developers.

AI Safety and Governance

California law may also require certain AI developers to publish information about safety testing, risk mitigation practices, and incident reporting related to advanced AI systems.

We monitor applicable regulatory developments and may implement additional safeguards, disclosures, or documentation as required by applicable law.

New York Artificial Intelligence and Automated Decision-Making Compliance

New York has introduced and is actively developing laws and regulations governing artificial intelligence systems, particularly in the context of employment, consumer protection, and automated decision-making.

NYC Automated Employment Decision Tool (AEDT) Law Compliance (Local Law 144)

New York City requires specific safeguards for AI tools used in hiring and employment decisions.

Where applicable, we align our practices with these requirements, including:

Bias Audits

If AI systems are used in employment-related decision-making, such systems may be subject to independent bias audits evaluating potential disparate impact on protected classes.

Candidate and User Notice

We provide disclosures where required informing users that:

AI tools may be used in decision-making processes

such tools may influence outputs or recommendations

users may request additional information about the system

Transparency Requirements

Where applicable, we may disclose:

The types of data used by AI systems

the general logic and purpose of the AI system

how outputs are generated at a high level

New York State Emerging AI Regulation

New York State is actively considering broader AI legislation addressing automated decision-making, consumer protection, and algorithmic accountability.

These frameworks may include requirements such as:

Risk Assessments: Evaluating potential harms, including bias, discrimination, or unfair outcomes

Impact Assessments: Documenting how AI systems affect consumers or businesses

Disclosure Obligations: Informing users when they are interacting with AI systems

Accountability Measures: Implementing governance practices for AI deployment and oversight

We monitor ongoing legislative and regulatory developments in New York and may update our practices to align with new requirements as they become effective.

Commitment to Responsible AI Use in New York

Consistent with emerging New York standards, we aim to:

promote transparency in AI-generated outputs

reduce the risk of biased or discriminatory outcomes

implement reasonable governance and oversight practices

support user awareness and informed decision-making

AI-Generated Content Identification

Certain jurisdictions may require AI-generated content to include disclosures or provenance signals indicating that content was generated using artificial intelligence.

Where applicable and technically feasible, we may implement mechanisms designed to identify or disclose AI-generated outputs.

Algorithmic Fairness and Non-Discrimination

We seek to design AI systems consistent with widely recognized responsible AI principles, including:

• fairness and non-discrimination
• transparency
• reliability
• security
• human oversight

Our systems are intended to assist users by providing informational analysis and educational insights, not automated decision-making affecting legal rights.

Regulatory Updates

Artificial intelligence regulation continues to evolve rapidly across U.S. states and internationally.

We may update our AI governance practices, disclosures, and policies as new laws or regulations take effect.

AI Governance Framework

Our internal AI governance practices may include:

• evaluation of third-party AI providers
• monitoring for misuse of AI systems
• testing and monitoring of AI outputs
• responsible AI development practices
• internal policies governing AI deployment

These practices are intended to support the responsible development and operation of AI-enabled services.

24. CONTACT US

If you have questions or requests regarding this Privacy Policy, contact us at:

STUDD AI
Email: [email protected]

Address: 102 Hartman Dr, Ste G, #123

Lebanon, TN 37087