Panelope — Privacy Policy

Panelope ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the EU Artificial Intelligence Act, and other applicable U.S. state privacy and election laws.

1. Information We Collect

We collect the following categories of personal data:

Identity Data: Name, email address, phone number (optional), organizational affiliation, and other information you voluntarily provide during registration.
Survey and Response Data: Your answers to polls, surveys, and questionnaires, including multiple-choice selections, rankings, Likert-scale responses, and open-ended text responses.
Interview Data: Responses to AI-guided adaptive interview follow-ups, including the full text of your conversational engagement with our interview system.
Stability and Engagement Data: Conviction, salience, and certainty metrics derived from your response patterns; engagement frequency; interaction timing.
AI-Derived Analytical Data: Cluster memberships, theme classifications, opinion durability assessments, and other insights generated by our AI analysis of your responses. These are derived from your input and are treated as personal data. Note: The collection and AI-based processing of your political opinions constitutes special-category data processing under GDPR Article 9. This processing is based on your explicit consent, which you may withdraw at any time.
Demographic Data: Age, gender, geographic region (including ZIP/postal code), education level, income bracket, employment status, ethnicity, religion, urban/rural classification, political ideology, party affiliation, voting frequency, primary media consumption, and other demographic information you provide.
Political Data (where applicable): Political opinions, party affiliation, voting history (where legally permissible), political sentiment, and issue preferences. This is special-category data under GDPR Article 9 and is processed only with your explicit consent.
Device and Technical Data: IP address, browser type, device identifiers, and session information.
Communications Data: Emails, messages, and other direct communications with us.

2. How We Use AI to Process Your Data

Panelope uses artificial intelligence technologies at multiple stages of our service. We believe in full transparency about how AI interacts with your data:

Poll Design Assistance

AI helps poll creators craft effective, unbiased questions. Your data is not used at this stage.

Adaptive Interview Agent

After you submit survey responses, an AI agent may conduct follow-up questions to explore your views in greater depth. The agent is programmed for strict neutrality and will not attempt to persuade, lead, or influence your opinions. Follow-up questions are generated based on your specific responses and are limited to a maximum of three follow-up rounds in total per engagement.

Response Coding and Clustering

An AI system analyzes open-ended responses using natural language processing to identify themes, patterns, and emerging topics. This process groups similar responses and detects novel issues that may not have been anticipated by the poll creator.

Report Generation

AI generates analytical reports and enables interactive querying of poll results. Reports present aggregated and anonymized findings.

Important: AI processing is performed on secure infrastructure. No AI model is trained on your individual responses. Your data is used for analysis within the context of the specific poll or engagement you participated in, and for aggregated analytical outputs as described in Section 4.

3. Infrastructure and Data Processing

Panelope's technology operates on secure third-party infrastructure. Your data passes through this infrastructure for processing, storage, and delivery of our Services. It is important to understand:

Security, not surveillance: Our infrastructure provider processes data on our behalf under strict contractual obligations. Your data is not accessed, intercepted, analyzed, sold, or used for any purpose by the infrastructure provider. The infrastructure provides security services (threat detection, access control, audit logging) that protect your data — it does not exploit it.

Data Processing Agreement: Our relationship with our infrastructure provider is governed by a formal Data Processing Agreement compliant with GDPR Article 28. The provider acts exclusively as a data processor under our instructions.

Hosting jurisdiction: Primary data processing occurs on servers located in Switzerland, a jurisdiction recognized by the European Commission as providing adequate data protection (GDPR Article 45). Identity verification records are processed in Iceland, another jurisdiction with robust data protection standards.

4. How We Use Your Information

We use your information for the following purposes:

To provide, operate, and improve our Services
To collect and analyze opinions, sentiments, and community perspectives
To generate anonymized or aggregated analytical insights and reports
To detect and prevent fraud, manipulation, and coordinated inauthentic behavior
To share or license anonymized and aggregated analytical insights with authorized clients, which may include political campaigns and committees, nonprofit organizations, research institutions, businesses, and government agencies
To comply with legal obligations, including election laws and regulatory requirements
To communicate with you about your account, our Services, and material changes

Geographic data including ZIP/postal code is used as a key segmentation benchmark for community-level analysis.

Important: We do not sell individually identifiable personal information unless you have given explicit, informed consent. Our default practice is to share only anonymized and aggregated analytical outputs. When clients receive insights derived from your responses, those insights do not identify you individually unless you have specifically consented to identifiable data sharing. As our database and participant community grow, we may offer identifiable data products to authorized clients, but only with your explicit, granular consent obtained through a separate opt-in mechanism — never through a blanket consent.

5. Legal Basis for Processing (GDPR)

Where applicable, our legal bases for processing include:

Consent (Art. 6(1)(a), Art. 9(2)(a)): For processing special-category data (political opinions, religious beliefs, health-related responses) and for any data sharing beyond what is necessary for service delivery. You may withdraw consent at any time.
Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Services you have requested.
Legitimate Interests (Art. 6(1)(f)): For service improvement, security, and fraud prevention, provided such interests are not overridden by your rights and freedoms.
Legal Obligations (Art. 6(1)(c)): Compliance with election laws and other regulatory requirements.

6. Sale and Sharing of Personal Information (CCPA/CPRA)

Under the CCPA/CPRA, "sale" and "sharing" include disclosing personal information to third parties for valuable consideration or for targeted advertising.

We may share anonymized and aggregated analytical outputs with clients. Where we share identifiable personal information with third parties, we do so only with your explicit opt-in consent. Categories that may be shared with consent include:

Political opinions and sentiment (aggregated or, with consent, identifiable)
Demographic data (aggregated)
AI-derived analytical insights (aggregated)

You have the right to opt out of any sale or sharing of your personal information. See Section 9 below.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Factors affecting retention include legal obligations under election laws, contractual commitments, and the ongoing utility of data for the research purpose for which it was collected. When data is no longer needed, it is securely deleted or anonymized.

8. Your Rights

GDPR Rights (EU/EEA Residents): Right to Access, Rectification, Erasure, Restrict Processing, Data Portability, Object, Withdraw Consent, and Lodge a Complaint with a Supervisory Authority.

CCPA/CPRA Rights (California Residents): Right to Know, Correct, Delete, Opt-Out of Sale or Sharing, Limit Use of Sensitive Personal Information, and Non-Discrimination.

Other U.S. States: We honor additional rights under Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other applicable state privacy laws.

To exercise any right, contact us at hello@panelope.com. We will respond within the timeframes required by applicable law.

9. Your Choices and Opt-Outs

Opt-Out of Sale/Sharing: Submit an opt-out request at panelope.com/opt-out or email hello@panelope.com.
Withdraw Consent: You may withdraw consent for special-category data processing at any time by contacting us. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
Marketing Communications: Opt out by following unsubscribe instructions in emails or contacting us.

10. Security

We implement appropriate technical and organizational security measures to protect your data, including encryption in transit and at rest, access controls, behavioral threat detection, comprehensive audit logging, and regular security assessments. Our infrastructure provides additional security services including automated threat detection, single-vote enforcement, and anti-manipulation protections. No system is 100% secure; we encourage you to protect your own information as well.

11. International Data Transfers

Your information may be transferred to and processed in Switzerland (primary processing), Iceland (identity verification), and the United States (business operations). Switzerland and Iceland are recognized by the European Commission as providing adequate data protection. For other transfers, we implement Standard Contractual Clauses and other appropriate safeguards.

12. Children's Privacy

We do not knowingly collect personal information from individuals under 16 years of age without verifiable parental consent. If we discover that such information has been collected inadvertently, we will delete it promptly.

13. Third-Party Services

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. Text opt-in consent data will not be sold or shared with third parties for promotional or marketing purposes.

14. Election Law Disclosures

In compliance with U.S. election laws regarding voter and political data: we ensure data usage complies with Federal Election Commission (FEC) and state election authority rules; we require downstream clients to agree to use data in accordance with applicable election laws; we maintain transaction records as required by law; and we do not use voter data for discriminatory purposes prohibited by law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with a new "Last Updated" date. Where required by law, we will notify you directly.

16. Contact

Panelope Ltd
hello@panelope.com | www.panelope.com

For GDPR inquiries, you may also contact our Data Protection representative at hello@panelope.com.