Privacy Policy

We collect information in the following categories.

1.1 Information you provide

• Account and profile. Name, email address, password or single sign-on identifier, profile details, and related account information.
• Course, form, roster, and participant data. Form titles, instructions, class associations, participant roles, target or team rosters, reviewer affiliation choices, access requests, and release configuration.
• Submissions and feedback content. Ratings, yes/no answers, selected options, written feedback, edits, progress state, release-gated results, and related metadata that you create or submit.
• Support and communications. Messages you send to us, bug reports, survey responses, and other communications.

1.2 Information we collect automatically

• Usage and device data. Log files, IP address, device and browser type, language, accessed pages, referring and exit pages, timestamps, and interactions with the Services.
• Cookies and similar technologies. We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure performance, and analyze usage. See Section 7 for controls.

1.3 Information from third parties

• Single sign-on providers. If you sign in with Google, Duke, or another provider, we receive identifiers and basic profile information from that provider. See Section 2 for Google-specific disclosures.
• Duke directory and course sources. Where available and authorized, Plause may use Duke identity, directory, and curriculum information to help users find people, associate forms with course context, and manage access.
• Service providers. Providers that help us operate the Services may provide operational information such as authentication status, delivery status, analytics events, or error reports.

This section explains what Google user data we access, how we use it, how we store it, and with whom we share it. These disclosures apply in addition to the rest of this Privacy Policy.

2.1 Google OAuth scopes requested

For Google sign-in we request the minimum necessary scopes:

• openid
• email
• profile

We do not request access to Gmail content, Google Drive files, Calendar data, Classroom data, or other sensitive Google data. If we add new Google integrations in the future, we will request only the minimum scopes required, update this Privacy Policy and our in-product notices before the change takes effect, and obtain any additional consent that is required.

2.2 How we use Google user data

• Authenticate you, create or link your Plause account, and keep you signed in.
• Pre-fill or update your Plause profile with your Google account details.
• Prevent abuse and secure your account.

We do not use Google user data for advertising. We do not sell Google user data.

2.3 What we store from Google

We store your Google user ID, email address, display name, and avatar URL if Google provides them. We do not store your Google password or OAuth access tokens unless technically necessary for the session. If tokens are stored, we protect them with industry-standard security controls and retain them only as long as necessary to provide the Services.

2.4 Sharing of Google user data

We do not share Google user data with third parties except:

• With service providers acting on our behalf under contracts that require them to protect the data and use it only to provide services to us.
• As required by law or to protect rights, safety, or the integrity of the Services.
• With your direction or explicit consent, for example when you initiate a data export or connect another service.

2.5 Compliance with Google API Services User Data Policy

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.6 In-product privacy notifications

We provide privacy information at or before the point of data collection where required, including links to this Privacy Policy from public pages and the sign-in flow.

We use personal information to:

• Provide, operate, maintain, and improve the Services.
• Enable form creation, participant management, reviewer workflows, response validation, release controls, analytics, and AI-assisted summaries.
• Personalize the experience, including remembering preferences and settings.
• Communicate with you about the Services, including service announcements, security alerts, and administrative messages.
• Provide customer support and process your requests.
• Monitor usage, perform analytics, and maintain the security and integrity of the Services.
• Comply with legal obligations and enforce our Terms of Service.

Where required by law, we rely on lawful bases such as performance of a contract, legitimate interests, consent, and compliance with legal obligations.

We share information as follows:

• Service providers. Hosting, cloud infrastructure, database and storage, authentication, analytics, error reporting, email delivery, customer support tools, and AI service providers. These providers may access personal information only to perform services for us and must protect it.
• Course and form participants. Feedback, analytics, and results may be shared with instructors, TAs, reviewers, teams, target members, or other authorized participants according to form settings, access roles, and release status.
• Business transfers. If the Services are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy.
• Legal. To comply with laws, regulations, legal processes, or governmental requests, and to protect the rights, property, or safety of Plause, our users, or others.

We do not sell personal information.

Plause may use AI service providers to generate summaries, themes, or insights from released feedback and related form context. AI outputs can be inaccurate or incomplete. We use technical and process safeguards designed to limit unnecessary data exposure, but instructors and authorized users remain responsible for reviewing AI-assisted outputs before relying on them.

We retain personal information for as long as needed to provide the Services and for other legitimate purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. The criteria used include account status, the nature of the data, course or form lifecycle state, and legal requirements. We will delete or de-identify data when it is no longer needed.

We use administrative, technical, and physical safeguards designed to protect personal information. Examples include encryption in transit, access controls, least-privilege access, and monitoring. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

We use the following categories of cookies and similar technologies:

• Strictly necessary cookies. Required to operate the Services and to keep you signed in.
• Functional and preference cookies. Remember settings and improve your experience.
• Performance and analytics cookies. Help us understand usage and improve performance.

You can control cookies through browser settings and, where available, in-product controls. Disabling cookies may limit certain features.

We may process and store information in the United States and other countries where we or our service providers operate. These locations may have data protection laws that differ from those in your jurisdiction. Where required, we use approved transfer mechanisms and protections.

Depending on your location, you may have rights to access, correct, update, export, or delete your personal information, and to object to or restrict certain processing.

• Account controls. You can request updates or deletion by contacting us.
• Email preferences. You can opt out of non-essential emails by using unsubscribe links where available. We may continue to send transactional or service messages.
• California residents. You have rights under the California Consumer Privacy Act as amended by the CPRA, including the right to know, delete, correct, and opt out of sales or sharing for cross-context behavioral advertising. We do not sell personal information or share it for cross-context behavioral advertising as defined by the CPRA.

We will verify requests as required by law and may deny requests in limited cases where allowed by law.

The Services are designed for educational workflows and may be used by students when enabled by instructors or institutions. Plause is not directed to children under 13. We do not knowingly collect personal information from children under 13 without appropriate authorization. If you believe a child has provided personal information to us without required consent, contact us and we will take appropriate action.

The Services may link to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for the privacy practices of third parties.

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date and, when required, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

If you have questions or requests related to privacy, contact Ryan Bolick at ryanjbolick@gmail.com.