LAST UPDATED ON JUNE 29TH, 2026
Privacy Policy
Relevant Links
1. Introduction & Scope
This Privacy Policy explains how LUNEM Tech, S.A.S., trading as “SegmentOS” (“SegmentOS,” “we,” “us,” or “our”), collects, uses, shares, and protects personal data in connection with our survey-research platform, our websites, and related products and services (together, the “Services”). The Services include a survey builder, research templates, an analytics suite, AI-assisted translation and analysis, and an optional audience panel that sources respondents through third-party partners.
This Policy describes our practices as a business. Where we handle data on behalf of our customers, separate rules apply (see §4, controller/processor roles). For respondents sourced through our panel, please also read the Third-Party Panel Privacy Notice.
2. Who This Policy Covers
• Creators — individuals who register for a SegmentOS account to build, launch, and analyze surveys.
• Respondents — individuals who answer a survey powered by SegmentOS, whether reached through a Creator’s own channels or through our audience panel.
• Visitors — individuals who visit our websites without registering.
3. Personal Data We Collect
3.1 What “personal data” means. Personal data is any information relating to an identified or identifiable individual.
3.2 Categories we collect.
• Account & contact data — name, email, password (hashed), organization, and (for paid plans) billing details processed by our payment partner, Stripe. We do not store full card numbers.
• Survey content (from Creators) — the questions, logic, media, and branding you create, and the response data you collect. For panel orders, also your targeting criteria.
• Response data (from Respondents) — answers submitted to a survey, including free-text, uploaded files (where the Creator enables the file-upload question type), and any email or contact details a Creator chooses to collect. The Creator owns and controls this data; we process it on their behalf.
• Usage data — pages viewed, features used, surveys created, and timestamps.
• Device & technical data — IP address, approximate location inferred from IP, device type, operating system, and browser. For quality control, we generate a device fingerprint to prevent duplicate responses and detect fraudulent or automated submissions.
• Quality-control signals — completion time (to detect “speeding”), attention-check results, and screener outcomes.
• Cookies & similar technologies — see our Cookies Notice.
• Support data — your name, email, and the content of any message you send our support team.
• Referral & marketing data — the source that referred you and any referral code used.
4. Our Roles: Controller and Processor
4.1 SegmentOS as processor. For response data collected through a Creator’s survey, the Creator is the data controller and SegmentOS is the processor. We process that data only on the Creator’s documented instructions, as set out in our Terms of Use and Data Processing Addendum (see Governing Services Agreement). Respondents who wish to exercise rights over their answers should contact the relevant Creator.
4.2 SegmentOS as controller. We act as a controller for account data, billing data, usage and device data, website and marketing data, support data, and de-identified/aggregated analytics we generate to operate and improve the Services.
5. How We Use Personal Data & Legal Bases (GDPR)
Where the EU/UK GDPR applies, we rely on the following legal bases (purpose — legal basis):
• Provide and operate the Services (run accounts, build/launch surveys, deliver responses, analytics) — performance of a contract (Art. 6(1)(b)).
• Process payments and maintain financial records — contract; legal obligation (Art. 6(1)(b),(c)).
• Quality controls (duplicate prevention, fingerprinting, speeding/fraud detection) — legitimate interests in data integrity and fraud prevention (Art. 6(1)(f)).
• AI-assisted translation and analysis (see §6) — contract (the feature you request); legitimate interests for service improvement.
• Security, troubleshooting, abuse prevention — legitimate interests; legal obligation.
• Service and transactional communications — contract.
• Marketing communications — consent, or legitimate interests where permitted; opt-out anytime.
• Cookies / analytics / advertising — consent where required (see Cookies Notice).
• Comply with law and respond to lawful requests — legal obligation.
6. Artificial Intelligence Features
6.1 What the AI features do. SegmentOS offers (a) AI-assisted translation (“AI Translate All”) of survey content into supported languages, and (b) AI-assisted analysis that summarizes and detects patterns in response data. To provide these, relevant survey content and/or response data is processed by AI service providers acting as our sub-processors.
6.2 Human oversight. AI outputs (translations, summaries, insights) are assistive and may contain errors; Creators are responsible for reviewing them before relying on them. AI features do not make decisions producing legal or similarly significant effects about Respondents.
7. How We Share Personal Data
We do not sell personal data. We share it only as described here:
• Service providers / sub-processors — including payment processing (Stripe), cloud hosting (AWS), AI providers for translation and analysis (Anthropic, OpenAI), email delivery, and product analytics (Microsoft Clarity) and advertising measurement (Microsoft Advertising).
• Audience panel partners — where a Creator orders panel responses, we exchange targeting criteria and fielding data with our panel provider(s). See the Third-Party Panel Privacy Notice.
• On a Creator’s instruction — e.g., integrations or exports the Creator initiates.
• Legal & safety — to comply with law, enforce our terms, or protect rights, property, or safety.
• Corporate transactions — in a merger, acquisition, or asset sale, subject to this Policy.
8. International Data Transfers
SegmentOS is established in Mexico and uses service providers located in various countries, and our panel reaches respondents in many jurisdictions. Where we transfer personal data out of the EEA, UK, or Switzerland to a country without an adequacy decision (including Mexico), we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum / Swiss equivalents), together with supplementary measures where appropriate. A copy of the relevant transfer mechanism is available on request at privacy@segmentos.io.
9. Data Retention
We keep personal data only as long as needed for the purposes described, then delete or de-identify it. Indicative periods:
• Account data — while the account is active; deleted 30 days after account closure.
• Survey and response data — controlled by the Creator; deleted 30 after the Creator deletes it or closes the account.
• Billing records — as required by tax/accounting law (typically [5–10] years).
• Device / quality-control and fingerprint data — 12 month for fraud-prevention purposes.
• Backups — rolling 30 days, after which deleted data is purged.
10. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, network protection, and secure hosting. No method of transmission or storage is completely secure; we work to protect your data but cannot guarantee absolute security. If we become aware of a security incident affecting personal data, we will notify affected parties and authorities as required by law.
11. Children / Minors
The Services are not directed to, and may not be used by, minors. We define a “minor” as anyone under 16 (or a higher age where local law requires). We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.
12. Your Privacy Rights
12.1 EEA/UK (GDPR). You may have rights to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent. You may also lodge a complaint with your supervisory authority.
12.2 California (CCPA/CPRA). California residents may request to know, access, correct, and delete personal information, and to opt out of “sale” or “sharing” and limit use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CPRA. We do not discriminate against you for exercising your rights. You may exercise rights via privacy@segmentos.io. Other US state laws (e.g., Virginia, Colorado, Texas) provide similar rights, which we honor where applicable.
12.3 Mexico (LFPDPPP). Under Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties (in force since 21 March 2025), you may exercise your ARCO rights (Access, Rectification, Cancellation, Opposition) and revoke consent by contacting us at privacy@segmentos.io. The supervisory authority is the data-protection body within the Secretariat of Anti-Corruption and Good Governance (Transparencia para el Pueblo), which succeeded the former INAI.
12.4 How to exercise rights. Creators can manage much of their data in-app. For other requests, contact us at the address in §14. We will verify your identity and respond within the period required by applicable law. Respondents exercising rights over response data should contact the relevant Creator (the controller); we will help route the request if needed.
13. Changes to This Policy
We may update this Policy. If changes are material, we will notify account holders by email or in-app notice before they take effect. The “Last updated” date shows the current version.
14. Contact Us
Controller: LUNEM Tech, S.A.S., Polanco, Miguel Hidalgo, Mexico City, Mexico. Privacy contact: privacy@segmentos.io (general: hello@segmentos.io).