Privacy Policy

Effective Date: March 24, 2026 | Last Updated: March 24, 2026

1. Introduction and Scope

This Privacy Policy describes how Successionly, Inc. ("Successionly," "we," "us," or "our") collects, uses, discloses, and protects information obtained through the Successionly cloud-based software platform, including any associated websites, applications, and services (collectively, the "Platform").

By accessing or using the Platform, you ("you" or "User") acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should discontinue use of the Platform immediately.

This Privacy Policy applies to all Users of the Platform, including account holders, authorized users within an organization, and visitors to our website. It does not apply to third-party websites or services that may be linked from the Platform, which are governed by their own privacy policies.

2. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set forth below:

  • Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identifiable individual.
  • Sensitive Business Information means financial data, ownership structures, succession planning details, asset valuations, and other confidential business information submitted to the Platform by Users.
  • Processing means any operation performed on Personal Information or Sensitive Business Information, whether by automated means or otherwise, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
  • Third-Party AI Service Provider means a third-party vendor that provides artificial intelligence or machine learning capabilities used by the Platform to deliver AI-powered features, including but not limited to OpenAI.
  • AI-Powered Features means the features and functionalities of the Platform that utilize artificial intelligence or machine learning technologies, including through Third-Party AI Service Providers, to generate content, recommendations, analyses, or other outputs.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you create an account, use the Platform, or communicate with us. This includes:

  • Account Information. When you register for an account, we collect your name, email address, telephone number, job title, and login credentials.
  • Business Information. To facilitate succession and transition planning, we collect company details, financial data, ownership structures, organizational charts, and related business records that you submit to the Platform.
  • Succession Planning Data. This includes timelines, successor candidate information, asset details, valuation data, transition milestones, and strategic planning inputs.
  • Document Uploads and Generated Content. We collect documents you upload to the Platform and retain content generated through the Platform's tools, including AI-generated recommendations and reports.
  • Payment Information. We collect billing details necessary to process subscription payments. Payment card information is processed by our third-party payment processor and is not stored directly on our servers.
  • Communication Records. We retain records of your communications with our support team, feedback submissions, and other correspondence.

3.2 Information Collected Automatically

When you access the Platform, we automatically collect certain technical and usage information, including:

  • Device and Browser Information. This includes your IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Usage Data. We collect information about how you interact with the Platform, such as pages visited, features used, session duration, clickstream data, and referring URLs.
  • Log Data. Our servers automatically record information from your use of the Platform, including access times, error logs, and system activity.

3.3 Information from Third Parties

We may receive information about you from third parties, including identity verification services, analytics providers, and business partners, in connection with your use of the Platform.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Platform Operations and Service Delivery. We use your information to provide, maintain, and improve the succession planning tools and services offered through the Platform, including generating AI-powered recommendations and documents.
  • Account Management. We use your information to create and manage your account, authenticate your identity, and administer your subscription.
  • Payment Processing. We use billing information to process payments, manage subscriptions, and comply with applicable financial recordkeeping requirements.
  • Customer Support. We use your information to respond to inquiries, troubleshoot technical issues, and provide customer support.
  • Platform Improvement. We use aggregated and de-identified usage data to analyze trends, improve Platform functionality, and develop new features. We do not use identifiable Sensitive Business Information for this purpose without your consent.
  • Communications. We use your contact information to send transactional communications related to the Platform, including service updates, security alerts, and administrative notices. With your consent, we may also send marketing communications, from which you may opt out at any time.
  • Legal Compliance and Security. We use your information to comply with applicable laws and regulations, enforce our Terms of Service, detect and prevent fraud, and protect the security of the Platform and its Users.
  • AI-Powered Features. We use certain categories of your information, as described in Section 8 below, to deliver AI-Powered Features through the Platform, including by transmitting such information to Third-Party AI Service Providers for processing on our behalf.

5. Legal Basis for Processing (Applicable to EEA, UK, and Swiss Users)

If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, we process your Personal Information on the following legal bases:

  • Performance of a Contract. Processing is necessary to perform our obligations under the agreement governing your use of the Platform.
  • Legitimate Interests. Processing is necessary for our legitimate interests, such as improving the Platform, preventing fraud, and ensuring network security, provided those interests are not overridden by your rights and freedoms.
  • Consent. Where required by applicable law, we process your information based on your freely given, informed consent. You may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
  • Legal Obligation. Processing is necessary to comply with a legal obligation to which we are subject.

With respect to data processed through Third-Party AI Service Providers, including OpenAI, the legal bases for such processing are as follows: (a) Contractual Necessity — processing is necessary to deliver the AI-Powered Features that form part of the services you have contracted to receive through the Platform; and (b) Legitimate Interests — processing is necessary for our legitimate interest in providing and improving AI-powered workflow automation and content generation capabilities within the Platform, provided that such interest is not overridden by your data protection rights and freedoms.

6. Information Sharing and Disclosure

We do not sell, rent, or trade your Personal Information or Sensitive Business Information. We may disclose your information only in the following limited circumstances:

  • Service Providers. We share information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting, payment processing, analytics, and customer support.
  • Third-Party AI Service Providers. As described in Section 8, we share certain categories of User data with Third-Party AI Service Providers, including OpenAI, for the purpose of delivering AI-Powered Features.
  • With Your Consent. We may share your information with third parties when you have provided explicit, informed consent to such disclosure.
  • Legal Requirements. We may disclose your information if required to do so by law, regulation, subpoena, court order, or other governmental or regulatory request.
  • Protection of Rights. We may disclose information where we reasonably believe disclosure is necessary to enforce our Terms of Service, protect our rights, property, or safety, or protect the rights, property, or safety of our Users or others.
  • Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
  • Aggregated or De-Identified Data. We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analytics, or other purposes.

7. Data Security

We implement administrative, technical, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption. We employ end-to-end encryption (TLS 1.2 or higher) for data in transit and AES-256 encryption for data at rest, including Sensitive Business Information.
  • Access Controls. We enforce role-based access controls, multi-factor authentication, and the principle of least privilege.
  • Security Audits. We conduct regular internal and third-party security audits, vulnerability assessments, and penetration testing.
  • Personnel Training. All personnel with access to User data receive regular training on data security and privacy practices.
  • Incident Response. We maintain and regularly test incident response procedures to address potential data breaches.
  • Vendor Due Diligence. We conduct due diligence on our third-party service providers, including Third-Party AI Service Providers, to evaluate their data protection and security practices.

No system is completely secure. While we employ commercially reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

8. AI and Machine Learning

The Platform uses artificial intelligence and machine learning technologies to provide personalized recommendations, generate documents, and enhance the User experience.

8.1 Use of Third-Party AI Services

We use third-party AI services, including OpenAI, to process certain user-submitted data for the purpose of generating responses, insights, recommendations, documents, and other automated outputs within the Platform. OpenAI acts as a data processor on behalf of Successionly. Successionly remains the data controller with respect to all data transmitted to OpenAI and other Third-Party AI Service Providers.

8.2 Categories of Data Shared

The categories of data that may be transmitted to Third-Party AI Service Providers include:

  • Text entered by Users, such as questions, instructions, and uploaded content summaries;
  • Business information Users provide during workflows, including succession planning inputs, organizational details, and structured planning data; and
  • Metadata necessary to generate outputs, such as user role, contextual information, and structured fields.

We do not transmit login credentials, payment card information, Social Security numbers, or other government-issued identification numbers to Third-Party AI Service Providers.

8.3–8.5 Data Minimization and Handling

Data is transmitted to Third-Party AI Service Providers solely for generating summaries, recommendations, analyses, and draft documents; assisting with workflow automation; and enhancing the user experience. We limit the information shared to only what is reasonably necessary to perform the requested features.

Data sent to OpenAI via its API is processed in accordance with OpenAI's API data-usage policies. As of the effective date of this Privacy Policy, OpenAI's policies provide that data submitted through the API is not used to train OpenAI's models, may be temporarily retained for abuse monitoring, and is encrypted in transit and at rest.

8.6 General AI Principles

  • Purpose Limitation. AI processing of your data is performed solely for the purpose of delivering and improving the services you have requested through the Platform.
  • Data Isolation. Your Sensitive Business Information is not used to train general-purpose AI models or models made available to other Users.
  • Data Ownership. You retain full ownership of all data you submit to the Platform and all content generated by the Platform using your data.
  • Transparency. When content or recommendations are generated by AI, the Platform will identify them as AI-generated.
  • Human Oversight. AI-generated outputs are intended to assist, not replace, professional judgment. Successionly does not represent that AI-generated recommendations constitute legal, financial, or tax advice.

9. Data Retention

  • Account Data. Retained for the duration of your active account and for 30 days following account closure.
  • Business and Succession Planning Data. Retained for seven (7) years following account closure to comply with applicable legal, regulatory, and audit requirements.
  • Payment Records. Retained in accordance with applicable financial recordkeeping regulations, typically for seven (7) years.
  • Communication Records. Retained for three (3) years from the date of the communication.
  • Usage and Log Data. Retained for up to two (2) years for analytics and security purposes.

10. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your Personal Information:

  • Right of Access. You have the right to request confirmation of whether we process your Personal Information and to obtain a copy of that information.
  • Right to Rectification. You have the right to request correction of inaccurate or incomplete Personal Information.
  • Right to Deletion. You have the right to request deletion of your Personal Information, subject to certain exceptions.
  • Right to Data Portability. You have the right to receive your Personal Information in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing. You have the right to request that we restrict the processing of your Personal Information under certain circumstances.
  • Right to Object. You have the right to object to the processing of your Personal Information for certain purposes, including direct marketing.
  • Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time.
  • Right to Opt Out of Sale or Sharing. We do not sell or share your Personal Information as those terms are defined under applicable law.

To exercise any of these rights, please contact us at support@successionly.co.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Platform, analyze usage, and enhance your experience. We use the following categories:

  • Strictly Necessary Cookies. Essential for the operation of the Platform (authentication, session management, security).
  • Analytics Cookies. Help us understand how Users interact with the Platform by collecting aggregated, anonymous usage data.
  • Preference Cookies. Remember your settings and preferences for a more personalized experience.
  • Security Cookies. Support fraud detection and prevention measures.

We do not use advertising or behavioral tracking cookies.

12. International Data Transfers

The Platform is hosted and operated in the United States. If you access the Platform from outside the United States, your information will be transferred to, stored in, and processed in the United States. For Users located in the EEA, UK, or Switzerland, we rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office.

13. Children's Privacy

The Platform is not directed to individuals under the age of 18, and we do not knowingly collect Personal Information from children. If we become aware that we have collected Personal Information from a child without appropriate parental or guardian consent, we will take steps to delete that information promptly.

14. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). We do not sell or share Personal Information as defined under the CCPA/CPRA. To exercise your rights, please contact us at support@successionly.co.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on the Platform at least thirty (30) days before the changes take effect. Your continued use of the Platform after the effective date constitutes your acceptance of the revised terms.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Successionly, Inc.

Attn: Lyndon Bradshaw

Email: support@successionly.co

Subject Line: Privacy Policy Inquiry