Teamphoria

Teamphoria Privacy Policy

Effective Date: May 29, 2026 · Last Updated: May 29, 2026

This Privacy Policy supersedes the version dated June 20, 2022.

This Privacy Policy explains how Teamphoria and its affiliates (“Teamphoria,” “we,” “us,” or “our”) collect, use, share, and protect personal information in connection with the Teamphoria website, products, software, applications, and services that link to this Policy (collectively, the “Service”). Teamphoria provides an AI-powered employee-engagement and HR platform that includes AI features such as Linda (an AI HR assistant), an AI voice agent (also referred to as the Workforce Wave voice agent), and AI-assisted performance and engagement tools.

In short: we collect the information needed to operate the Service for our customers and their authorized users; we act as a processor for the workforce data our customers put into the Service and as a controller for our website and account data; we do not sell or “share” your personal information; we do not use Customer Data to train general-purpose AI models; AI outputs are decision-support subject to human oversight; and you have meaningful rights over your information, described below.

If we make material changes to this Policy, we will provide notice and, where required by law, obtain your consent before the change takes effect. We will not rely solely on posting a revised date.

1. Our Role: Controller and Processor

Teamphoria acts as a “processor” (and, under U.S. state privacy laws, a “service provider”) when it processes personal information about a customer organization’s employees and authorized users on that customer’s instructions through the Service. In that case the customer organization (the “Customer”) is the “controller,” and the Customer’s own privacy notice governs that processing. Where Teamphoria is a processor, the Data Processing Addendum (“DPA”) governs.

Teamphoria acts as a “controller” for personal information about website visitors, prospects, and the account administrators who manage a Customer’s subscription.

For the purposes of this Policy, “Customer” means the organization or employer that subscribes to the Service, and “Authorized User” means a person the Customer identifies to use the Service. “Customer Data” means the personal information and other content that a Customer or its Authorized Users submit to or generate within the Service.

2. Information We Collect

The Service collects certain information directly from you and automatically through the Service's technologies.

A. Information you provide

When you create a Teamphoria account or use the Service, the types of personal information we collect directly from you may include:

  • Contact information (name, email address, and telephone number)
  • Username and password
  • Payment and billing information
  • Education and employment information
  • Comments, feedback, and content you submit
  • Voice and audio data, and the associated transcripts, when you interact with the AI voice agent
  • Interests and communication preferences

The Service also collects any other information that Teamphoria expressly asks you to enter and submit.

B. Information collected automatically

The Service automatically collects certain information about your use of the Service, such as:

  • Internet protocol (IP) addresses used to connect your device to the Internet
  • Device, browser, operating system, mobile platform, connection information, and unique device and other technical identifiers
  • Uniform Resource Locator (URL) clickstream data, including the date and time of access and the content viewed or searched
  • Usage and interaction data generated by AI features (for example, prompts to Linda, voice interactions, and engagement signals)

We use automatically-collected information for the purposes described in this Policy and as permitted by law. If we combine automatically-collected information with personal information, we treat the combined information as personal information. We may use de-identified or aggregated data that does not identify you for any lawful purpose.

C. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies are set only with your consent where required (including in the EEA and the UK). You can manage your preferences through our cookie banner and your browser settings. We honor the Global Privacy Control (GPC) signal as an opt-out of sale, “share,” and targeted advertising where applicable.

D. Data retention

Where Teamphoria is a processor, we retain Customer Data for as long as necessary to provide the Service and in accordance with the Customer’s instructions and the DPA. Where Teamphoria is a controller, we retain personal information only as long as necessary for the purposes described in this Policy or as required by law, applying the following general approach by category:

  • Account and administrator data: retained for the duration of the subscription and for a limited period afterward to meet legal, tax, and audit obligations.
  • Website, prospect, and marketing data: retained until you unsubscribe or object, and then deleted or de-identified, subject to legal retention obligations.
  • Voice and transcript data: retained only as long as necessary to provide the AI voice agent feature and then deleted in accordance with Section 5.
  • Security, fraud-prevention, and log data: retained for the period necessary to protect the Service.

Administrators and users may request deletion of their information. We carry out verified deletion requests within 30 days, subject to legal retention obligations and ordinary backup cycles. Information residing in routine backups is purged on the ordinary backup rotation cycle. Where a legal hold or other legal obligation requires retention, we retain the affected information for the period required and then delete it.

3. Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies and Teamphoria is a controller, we rely on the following legal bases:

  • Performance of a contract — to provide the Service to you and to administer your account.
  • Our legitimate interests — to operate, secure, analyze, and improve the Service, and to communicate with customers and prospects, balanced against your rights.
  • Your consent — where we request it, including for non-essential cookies and certain communications. You may withdraw consent at any time.
  • Compliance with legal obligations — to meet our legal, tax, and regulatory duties.

4. Artificial Intelligence and Automated Processing

The Service includes AI features: Linda (an AI HR assistant), an AI voice agent, and AI-assisted performance and engagement tools. These features process the inputs you or your organization provide and generate suggestions, summaries, insights, and other outputs.

AI outputs are intended as decision-support and are subject to human oversight. They are not a substitute for human judgment. Teamphoria does not make solely-automated decisions that produce legal or similarly significant effects about individuals. Where AI features assist employment-related processes (for example, performance or engagement analysis), a human reviews the relevant output and remains responsible for any decision. Consistent with the transparency and human-oversight principles of the EU AI Act and applicable U.S. state automated-decision-making technology (ADMT) laws, you may request human review of, and a meaningful explanation about, AI-assisted processing that significantly affects you, and you may contest the outcome. Where U.S. state ADMT laws apply, you may receive notice of, and where required opt out of or appeal, the use of automated decision-making technology in connection with consequential decisions.

Teamphoria does not use Customer Data to train its own or any third party’s general-purpose AI models.

5. Voice and Biometric Data

If you use the AI voice agent, we process audio and/or transcripts solely to provide the feature. Teamphoria does not create, store, or use voiceprints or other biometric identifiers, and we do not sell biometric data.

Where any biometric data is processed, we provide notice and, where required by applicable law (including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington law), obtain written consent before collection. Any such biometric data is retained only as long as necessary to provide the feature and is permanently destroyed when that purpose is satisfied or upon expiration of the applicable statutory retention period, whichever occurs first, in accordance with a defined retention-and-destruction schedule.

6. How We Use Information

We use the information we collect to:

  • Provide, maintain, secure, and improve the Service and provide support
  • Operate AI features and generate insights, subject to human oversight
  • Communicate with you about the Service and relevant updates
  • Conduct analytics, audits, and product development, and measure the effectiveness of the Service
  • Prevent and detect security threats, fraud, or other malicious activity
  • Comply with legal obligations, resolve disputes, and enforce our agreements

We do not use your personal information to contact you about third parties’ products or services without your opt-in consent.

7. How We Share Information

We share personal information only in these limited circumstances:

  • Service providers and subprocessors who help us operate the Service, under contract and confidentiality obligations. The categories of subprocessors we engage are described in the Subprocessor List.
  • The Customer organization, where you access the Service through an employer-sponsored subscription. Usage and engagement data may be shared with your employer for administration and analytics.
  • Authorities and other third parties, to comply with law, respond to legal process, investigate and prevent fraud or security threats, and protect the rights, property, and safety of Teamphoria, our users, and the public.
  • A successor, in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Policy.

We do not sell or “share” (as those terms are defined under the CCPA/CPRA) your personal information.

8. International Data Transfers

When we transfer personal information out of the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on an approved transfer mechanism. Our operative mechanism is the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), Module Two (controller-to-processor), together with the UK International Data Transfer Addendum/IDTA and the Swiss amendments, as applicable. We apply supplementary technical, organizational, and contractual measures where needed and undertake a transfer-impact assessment for relevant transfers. The operative clauses are incorporated into and attached to the DPA, which prevails on transfer matters.

We do not claim self-certification under the EU-US Data Privacy Framework; the Standard Contractual Clauses are our operative transfer mechanism. This Policy replaces the prior reliance on the EU-US Privacy Shield, which is no longer a valid transfer mechanism.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures are described in the Security Measures annex to the DPA and include encryption of personal information in transit and at rest, access controls, logging and monitoring, and personnel confidentiality obligations. We restrict access to personal information to employees, contractors, and agents who need it to operate the Service and who are bound by confidentiality obligations.

We will notify affected parties of a personal-data breach as required by applicable law and our contractual commitments. Nothing in this section restricts, limits, or supersedes the warranties and disclaimers in the Terms of Service.

10. Your Privacy Rights

EEA / UK

Subject to applicable law, you may request access to, rectification of, erasure of, restriction of, or portability of your personal information; object to processing; and withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority. For EEA and UK data subjects, you may direct privacy requests and questions to privacy@teamphoria.com.

United States (CCPA/CPRA and other state laws)

Subject to applicable law, you may:

  • Request to know the personal information we collect, use, and disclose about you
  • Request deletion of your personal information
  • Request correction of inaccurate personal information
  • Opt out of any sale, “share,” or targeted advertising (we honor the Global Privacy Control)
  • Limit the use and disclosure of sensitive personal information
  • Exercise these rights without being discriminated against
  • Appeal a decision on your request

As stated above, Teamphoria does not sell or “share” personal information as those terms are defined under the CCPA/CPRA.

To exercise any of these rights, contact us at privacy@teamphoria.com or at the postal address below. We will verify your identity before responding. Authorized agents may submit requests with proof of authorization. When you exercise a right, we provide access and corrections free of charge, except where a request is unreasonably repetitive, technically impractical (for example, information residing only on backup media), or would jeopardize the privacy of others.

11. Children's Privacy

The Service is intended for workplace use and is not directed to anyone under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. For material changes, we will provide notice and, where required by law, obtain consent before the change takes effect. The “Last Updated” date above reflects the most recent revision.

13. Contact Us

If you have questions about this Policy or our processing of your information, or to exercise your privacy rights, contact us:

Teamphoria
665 Johnnie Dodds Blvd., Suite 201
Mount Pleasant, SC 29464
privacy@teamphoria.com

For matters relating to the Terms of Service, contact legal@teamphoria.com.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, Data Processing Addendum, and Subprocessor List.