Privacy Policy

Last Updated

September 24, 2025

1) Scope & Roles

  • Website & marketing: Granite Insights is a controller of personal information collected via our website, contact forms, downloads, email subscriptions, and events.

  • Client research projects: We typically act as a processor/service provider to our clients, handling personal information per a Services Agreement and Data Processing Addendum (DPA). If we act as a controller (e.g., when we recruit panelists ourselves), we’ll say so in the study invitation and consent form.

2) Information We Collect

A. Information you provide

  • Contact & business details: name, email, phone, job title, company, location, interests, and message content.

  • Account & preferences: newsletter subscriptions, saved settings, consent choices.

  • Research participation: screening responses, interview/focus-group responses, survey data, ratings, recordings (audio/video, with notice), transcripts, and any materials you choose to share.

  • Payment & tax details (for honoraria): payout email/wallet, mailing address, tax forms as required by law (processed via third-party payment providers).

B. Information we collect automatically

  • Usage & device data: IP address, identifiers, browser type, pages viewed, date/time, referring pages, and approximate geolocation.

  • Cookies & similar tech: to operate the site, remember preferences, measure performance, and (if enabled) for ads/retargeting.

C. Information from third parties

  • Business partners & clients, research panels, public/professional sources (e.g., LinkedIn), analytics and ad tech providers.

3) How We Use Information

  • Provide, operate, and improve our website, products, and services.

  • Respond to inquiries and provide customer support.

  • Recruit, screen, schedule, and manage research participants; deliver honoraria; obtain informed consent; generate transcripts/notes; and analyze, aggregate, and de-identify research results for client deliverables and thought leadership.

  • Personalize content and measure performance of campaigns.

  • Security, fraud prevention, and compliance.

  • Legal bases (EEA/UK): consent, contract performance, legitimate interests (e.g., B2B marketing, product improvement, security), and legal obligations.

4) When We Share Information

We may share personal information with:

  • Clients (for research findings and deliverables). Where feasible, we provide aggregated or de-identified data; identifiable data is shared only as described at consent.

  • Service providers / processors (e.g., hosting, analytics, survey tools, transcription/AI tools, scheduling, email, and honorarium payment processors).

  • Professional advisors (legal, accounting), and authorities where legally required.

  • Business transfers (e.g., merger, acquisition, financing, or sale).

We do not sell personal information in the traditional sense. Where US state laws define “sale” or “share” to include certain advertising or analytics disclosures, you may have the right to opt out (see Your Rights & Choices).

5) Cookies & Similar Technologies

We use:

  • Strictly necessary cookies (site operation, security).

  • Preference and performance cookies (language, analytics).

  • Advertising cookies (if enabled) for retargeting and measuring campaigns.

You can manage cookies via our cookie banner, your browser settings, and (where applicable) opt-out links provided in the banner. Note: blocking cookies may impact site functionality.

6) Research Participation Details

  • Informed consent: Each study includes a plain-language consent form describing data collected, recording, how we use/share it, your choices, and your withdrawal rights.

  • Recordings & transcripts: Used for analysis and quality assurance. We’ll never publicly post recordings without explicit permission.

  • Honoraria: Processed through vetted payment vendors. We use your payout details only to deliver incentives and comply with tax/law.

  • De-identification: We strive to aggregate or de-identify findings for clients. If a deliverable requires identifiable quotes or clips, we’ll seek consent and minimize what’s shared.

  • Financial incentives (CPRA): Honoraria may be considered a “financial incentive” for participation. The categories of personal information involved typically include identifiers, professional info, survey/interview responses, and recordings (if any). Incentive amounts reflect project budgets, time, scarcity of expertise, and market rates. You can opt out at any time by not participating or by withdrawing; we won’t discriminate for exercising your privacy rights.

7) Data Retention

We retain personal information only as long as needed for:

  • The purposes described above,

  • Contractual obligations to clients, and

  • Legal, tax, accounting, or audit requirements.
    We apply de-identification and minimization wherever feasible.

8) International Data Transfers

We are based in Canada and may process data in the United States, EU/UK, and other locations. When transferring personal information internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses or other lawful mechanisms). Details are available upon request.

9) Security

We employ administrative, technical, and physical safeguards appropriate to the sensitivity of the data (e.g., access controls, encryption in transit, vendor diligence). No system is 100% secure; please notify us immediately if you believe your data has been misused or compromised.

10) Your Rights & Choices

Global rights (vary by region)

  • Access / portability: request a copy of your personal information.

  • Correction: ask us to fix inaccuracies.

  • Deletion: request deletion, subject to legal/contractual limits.

  • Restriction / objection: to certain processing (e.g., direct marketing).

  • Withdraw consent: where processing relies on consent.

Canada (PIPEDA & provincial laws)

  • Right to access and correct your personal information.

  • Guidance on consent, purposes, and contact details below.

  • Email marketing complies with CASL; you can unsubscribe anytime.

EEA/UK (GDPR/UK GDPR)

  • You may have rights to object to processing based on legitimate interests and to lodge a complaint with your local Supervisory Authority. If we rely on consent, you can withdraw it at any time.

United States (state laws, incl. CA/CO/CT/UT/VA)

  • Depending on your state, you may have rights to know, access, correct, delete, opt out of targeted advertising, opt out of “sale/share,” and appeal a rights decision.

  • To opt out of targeted advertising or sale/share, contact us or adjust cookie settings in the banner.

How to exercise rights: Email privacy@graniteinsights.com with “Privacy Request” and your region. We may need to verify your identity. You may authorize an agent as permitted by law. We will respond within the timeframe required by applicable law. To appeal a decision (where required), reply to our response with “Appeal.”

11) Do Not Track (DNT)

Browsers may send DNT signals; we do not currently respond to these signals. Use our cookie controls and applicable opt-outs instead.

12) Children’s Privacy

Our site and services target professionals. We do not knowingly collect personal information from children under the age of 16 (or as defined by local law). If you believe a child has provided information, contact us to delete it.

13) AI, Transcription & Automation

To improve research quality and efficiency, we may use AI-assisted transcription, summarization, or analytics tools under contractual confidentiality. We do not permit vendors to use your identifiable research content to train their public models unless expressly disclosed and consented to in the study materials.

14) Third-Party Links

Our site may link to third-party websites or services we don’t control. Their privacy practices govern those properties.

15) Changes to This Policy

We may update this Policy from time to time. The “Effective date” above reflects the latest version. Material changes will be highlighted on this page or via reasonable notice.

16) Contact Us

Granite Insights Inc.
Email: privacy@graniteinsights.com

17) Province/State-Specific Disclosures (If Applicable)

  • Quebec (Law 25): Contact details above for privacy inquiries and to exercise rights, including consent management and de-indexation (where applicable).

  • California (CPRA): We provide the categories of personal information collected, sources, purposes, and disclosures upon request; you may opt out of sale/share and targeted advertising via cookie settings or by emailing us. We do not discriminate against you for exercising your rights.

18) Processor Addendum

When Granite Insights processes personal information on behalf of a client, the client’s privacy notice applies. Parties should execute a DPA that sets out processing instructions, security, and cross-border transfer mechanisms.