Privacy Policy

Last updated April 22, 2026

This Privacy Policy (“Privacy Policy”) for 3rd Brain Inc., doing business as Seena Labs, and our subsidiaries and affiliates (together, “Seena”, “Seena Labs”, “3rd Brain”, “Company”, "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information or personal data (“Information” or “Personal Data”) when you use our services ("Services"), such as when you:

  • Visit our website at https://seenalabs.io, or any website of ours that links to this Privacy Policy
  • Use the Seena Labs Dashboard to manage product research
  • Interact with the Seena Widget embedded on a third-party website as a Visitor
  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@seenalabs.io.

Table of Contents

  1. Key Definitions
  2. What Information Do We Collect?
  3. How Do We Process Your Information?
  4. When and With Whom Do We Share Your Information?
  5. Our Use of AI and Automated Processing
  6. How Do We Handle Voice and Audio Data?
  7. What Is Our Role — Controller or Processor?
  8. How Long Do We Keep Your Information?
  9. How Do We Keep Your Information Safe?
  10. Do We Collect Information From Minors?
  11. What Are Your Privacy Rights?
  12. California Privacy Rights (CCPA)
  13. Do We Use Cookies and Tracking Technologies?
  14. Do-Not-Track Features
  15. Do We Make Updates to This Policy?
  16. How Can You Contact Us About This Policy?
  17. How Can You Review, Update, or Delete Your Data?

1. Key Definitions

For clarity, this Privacy Policy uses the following terms consistently:

  • "Customer" means a person or entity that registers for an account on the Seena Labs Dashboard to use the Services for product research purposes. Customers are our direct clients.
  • "Visitor" means an end user of a Customer's website who interacts with the Seena Widget, including by having behavioral signals collected or by participating in an interview.
  • "Widget" means the embeddable JavaScript code snippet that Customers install on their websites to enable Seena's data collection and interview capabilities.
  • "Dashboard" means the Seena Labs web application where Customers view insights, manage research settings, and administer their account.
  • "Interview" means a structured conversation conducted by the Widget with a Visitor, either via text chat or voice, for the purpose of gathering qualitative product feedback.

2. What Information Do We Collect?

Information You Provide to Us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, or otherwise when you contact us.

Customer Account Data. When you register for a Dashboard account, we collect your email address. We support multiple sign-in methods, including magic link (passwordless) authentication and email/password authentication. If you choose password-based sign-in, your password is securely hashed and stored by our authentication provider; we do not store passwords in plaintext. We also store authentication tokens (in your browser's local storage and via cookies) to maintain your session.

Billing Data. If you purchase credits or subscribe to a paid plan, our payment processor (Stripe) collects your payment information. We receive from Stripe a record of the transaction, your billing email, and a partial card identifier, but we do not store your full payment card details on our servers.

Support and Communications. If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Information Collected Through the Widget (Visitor Data)

When a Customer installs the Seena Widget on their website, the Widget collects information about that Customer's Visitors. The Widget may begin collecting basic, non-identifying behavioral signals (such as page views and session metadata) upon loading, before a Visitor interacts with the consent prompt. The Widget presents a consent mechanism before initiating interviews or collecting more detailed interaction data. The Customer is responsible for providing appropriate notice and obtaining any necessary consent from their Visitors before deploying the Widget, and for ensuring that the overall consent framework on their website complies with applicable laws, including any requirements to obtain consent before basic analytics collection.

The Widget may collect:

  • Behavioral Signals: Page views, scroll depth, click patterns, time on page, navigation paths, rage clicks, dead clicks, form hesitation signals, exit intent signals, and similar interaction data observed during a Visitor's browsing session.
  • Page Metadata: Page titles, heading text, call-to-action text, form labels, navigation items, and other structural page content used to provide context for AI analysis.
  • Device and Browser Information: Browser type, operating system, screen resolution, and language preference.
  • Interview Responses (Text): If a Visitor participates in a text-based interview, the Widget collects the Visitor's typed responses.
  • Interview Responses (Voice): If a Visitor participates in a voice-based interview, the Visitor's audio is streamed in real time to our AI provider for processing. We do not retain voice recordings of Visitor responses over the long-term. Only a text transcript of the conversation is retained. Audio data may be processed transiently by our sub-processors to ensure quality and safety. We reserve the right to retain anonymized transcripts for model performance evaluation. See Section 6 for details on voice data handling.
  • Session Identifiers: Randomly generated session identifiers used to associate activity within a browsing session, as well as a persistent visitor identifier stored in local storage to associate repeat visits. These identifiers are random strings and are not linked to a Visitor's real identity.
  • Inferred Data: Including extrapolated insights or conclusions based on observation or analysis of the provided data.

The Widget does not require Visitors to provide their name, email address, phone number, or other directly identifying personal information. Visitor interview responses are stored as verbatim transcripts associated with a random session identifier. However, if a Visitor voluntarily discloses personal information during an interview (for example, by stating their name or email), that information will be included in the stored transcript. We do not intentionally solicit personally identifying information from Visitors during interviews.

As applicable, the customer is responsible for any legal notices for voice recording, and ensuring their Cookies Consent Manager allows the Services. The customer is responsible for preventing any sensitive data from being shared with the Widget.

The Services utilize AI agents to conduct interviews. By interacting with the Widget, you acknowledge that you are interacting with an artificial intelligence and not a human representative of Seena or the Customer.

Information Collected Automatically

When you access the Dashboard or our website, we automatically collect certain information, including:

  • Log and Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, access times, and interactions with the Dashboard.
  • Device Data: Device type, operating system, and unique device identifiers.

This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

Information from the Dashboard (Customer Usage Data)

When Customers use the Dashboard, we collect analytics events to improve the product, including which features are used, how often, and workflow patterns. This data is associated with the Customer's account and is used for product analytics, debugging, and customer support.

3. How Do We Process Your Information?

We process your information for a variety of reasons, depending on how you interact with our Services:

  • To facilitate account creation and authentication when you register for the Dashboard.
  • To deliver the Services to Customers, including collecting Visitor data via the Widget, generating AI-powered insights, and providing the Dashboard experience.
  • To process transactions and manage billing, including tracking credit consumption and processing payments through Stripe.
  • To respond to your inquiries and provide customer support.
  • To monitor and improve our Services, including analyzing usage patterns, diagnosing technical issues, and developing new features.
  • To protect our Services, including detecting and preventing fraud, abuse, and security incidents.
  • To comply with legal obligations, including responding to lawful requests and enforcing our terms.
  • To send administrative information to you, such as changes to our terms, conditions, and policies.
  • For product development and research purposes

We process Customer data on the basis of contractual necessity (to provide the Services you signed up for), legitimate interest (to improve and secure the Services), and, where applicable, your consent. For Visitor data, see Section 7 on our role as a data processor.

We may use Information to create de-identified, aggregated data sets. We use this data for benchmarking, improving our machine learning models, and general research. Because this data does not identify you, it is not Personal Data and we may use and share it for any business purpose.

4. When and With Whom Do We Share Your Information?

We may share information in the following situations:

Service Providers (Sub-Processors)

We share data with third-party service providers who perform services on our behalf. These providers are contractually bound to use your information only for the purposes we specify and in accordance with this Privacy Policy. The categories of service providers we use include:

  • Cloud Infrastructure and Hosting: We use third-party providers to host our application, database, and serverless functions. These providers may process request metadata (such as IP addresses) transiently as part of normal operations.
  • AI Processing: We use third-party AI model providers to power interviews (voice and text), generate insights, and produce audio briefings. Interview transcripts and Visitor responses are transmitted to these providers for processing. Data submitted through their APIs is not used by these providers to train their models, per our agreements with them.
  • Payment Processing: We use a third-party payment processor to handle subscriptions and credit purchases. This processor receives billing details and payment method information. We do not store full payment card details on our servers.
  • Email Delivery: We use a third-party email service to send transactional emails such as magic link sign-in messages, account notifications, and system alerts.
  • Authentication and Database: We use a third-party backend-as-a-service platform for user authentication, database hosting, and file storage.

A current list of our specific sub-processors is available upon request by contacting privacy@seenalabs.io.

With Customers (Regarding Visitor Data)

Visitor data collected through the Widget is processed to generate insights that are made available to the Customer who deployed the Widget. Customers can view aggregated insights, interview transcripts, and behavioral data through the Dashboard. Customers cannot access Visitor data belonging to other Customers.

We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. Our Use of AI and Automated Processing

Seena Labs uses artificial intelligence extensively throughout the Services. It is important you understand how:

Interview Conversations. The Widget conducts AI-powered interviews with Visitors using third-party large language models. For voice interviews, audio is streamed in real time to the AI provider's API (currently OpenAI), which handles speech-to-text, conversation logic, and text-to-speech. For text interviews, Visitor responses are sent to the AI provider's API. The AI guides the interview based on the Customer's research goals and the site context.

Dashboard AI Features. Certain Dashboard features — such as the Librarian (an AI research assistant) and insight generation — use third-party AI models (including models from OpenAI and Anthropic) to process Customer Data and generate analysis, summaries, and audio briefings.

No Automated Decision-Making with Legal Effects. The Services do not use AI or automated processing to make decisions that produce legal or similarly significant effects on any individual. Insights are informational and are reviewed by Customers before any action is taken.

AI Accuracy. AI-generated content, including insights, transcripts, and briefings, may contain inaccuracies. We do not guarantee the accuracy, completeness, or reliability of any AI-generated output. Customers should exercise their own judgment when acting on insights.

6. How Do We Handle Voice and Audio Data?

Voice interviews are an optional feature. When a Visitor chooses to participate in a voice interview:

  • Real-Time Streaming: The Visitor's audio is streamed directly from their browser to the AI provider's API over a secure WebSocket connection. The AI provider processes the audio for speech recognition and generates AI responses in real time.
  • No Voice Recording Storage: We do not store voice recordings of Visitor responses. Visitor audio is processed in real time for transcription purposes only. Once the audio has been transcribed, no raw audio from the Visitor is retained by Seena Labs.
  • Transcript Storage: A text transcript of the voice conversation is generated and stored in our database as part of the interview record. This transcript does not contain personally identifiable information unless the Visitor voluntarily states such information during the conversation.
  • Consent: The Widget obtains the Visitor's consent before activating the microphone. Visitors may decline voice interviews and use text-based interviews instead.

7. What Is Our Role — Controller or Processor?

Seena Labs operates in a B2B context where understanding data roles is important:

When We Act as a Data Controller:

  • For Customer account data (email, authentication, billing)
  • For Dashboard usage analytics
  • For our website visitors' browsing data
  • For communications and support inquiries

As a controller, we determine the purposes and means of processing and are directly responsible to you under applicable data protection laws.

When We Act as a Data Processor:

  • For Visitor data collected through the Widget on a Customer's website

In this capacity, the Customer is the data controller — they decide to deploy the Widget, configure what data to collect, and determine the research questions. Seena Labs processes Visitor data on the Customer's behalf and according to the Customer's instructions. Customers are responsible for establishing a lawful basis for collecting Visitor data (such as obtaining consent) and for providing appropriate privacy notices to their Visitors.

If you are a Visitor and have questions about how your data is being used, we encourage you to contact the website operator (the Customer) directly. You may also contact us at privacy@seenalabs.io and we will assist where we can.

8. How Long Do We Keep Your Information?

We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless otherwise required by law. In certain circumstances we may store your Personal Data or Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.

Customer Data. We retain your account information for as long as your account is active. If you delete your account, your data — including sites, interviews, insights, and associated records — is deleted from our active systems promptly. You should export any data you wish to keep before deleting your account, as deletion is immediate and cannot be reversed.

Soft Deletion. When you delete items within the Services (such as sites, insights, or research data), those items are soft-deleted — marked as deleted and hidden from the interface — rather than immediately removed from the database. Soft-deleted data is purged from our systems in accordance with our data retention schedule.

Visitor Data. Visitor behavioral data, interview transcripts, and associated insights are retained for as long as the Customer's account is active. When a Customer deletes their account, associated Visitor data is deleted along with it. Customers may request deletion of specific Visitor data at any time while their account is active.

Billing Records. Transaction records and credit consumption logs are retained for the period required by applicable tax and financial regulations, which is typically 7 years.

Backup Copies. Residual copies in backups are overwritten on a rolling basis and are not used for active processing.

9. How Do We Keep Your Information Safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include:

  • Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and sub-processors, uses TLS encryption.
  • Encryption at Rest: Data stored in our database is encrypted at rest using the encryption features provided by our hosting provider.
  • Authentication Security: Customer authentication supports passwordless magic links and password-based sign-in. Passwords are securely hashed by our authentication provider. Auth tokens are stored in the browser's local storage and via cookies. Admin access is restricted by role.
  • Access Controls: Access to production data is restricted to authorized personnel only. Row-level security (RLS) policies in our database ensure that Customers can only access their own data.
  • Domain Verification: Customers are required to verify ownership of their domain. Verification can occur through DNS record, meta tag, or file-based methods. In some cases, initial Widget events may be accepted before verification is complete in order to streamline onboarding, but full Widget functionality requires a verified domain.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

10. Do We Collect Information From Minors?

We do not knowingly solicit data from or market to children under 18 years of age. The Dashboard is restricted to users who are at least 18 years old. The Widget may be encountered by Visitors of any age on Customer websites; however, the Widget does not knowingly collect personally identifying information from minors. If a Customer deploys the Widget on a website directed at children, the Customer is responsible for complying with applicable laws, including the Children's Online Privacy Protection Act (COPPA).

If we learn that personal information from users less than 18 years of age has been collected through the Dashboard, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@seenalabs.io.

11. What Are Your Privacy Rights?

Depending on your location, applicable privacy laws may grant you certain rights regarding your personal information.

Accessing, Correcting, or Deleting Your Information. You may review, change, or request deletion of your personal information at any time. Customers can manage much of their data directly through the Dashboard. For requests you cannot fulfill through the Dashboard, or if you are a Visitor seeking access to your data, contact us at privacy@seenalabs.io.

Withdrawing Consent. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing conducted prior to withdrawal.

Account Deletion. If you wish to delete your Customer account, you may do so through the Dashboard or by contacting us. Account deletion is immediate — your data (including sites, interviews, insights, and associated records) will be deleted from our active systems promptly. Please export any data you wish to keep before deleting your account.

Complaints. If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority. For users in the European Economic Area, you can find your local authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

12. California Privacy Rights (CCPA)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

Categories of Personal Information Collected. In the preceding twelve months, we have collected the following categories of personal information: identifiers (email addresses, IP addresses, session identifiers), internet or other electronic network activity information (browsing history, interactions with the Widget and Dashboard), audio information (voice audio streamed in real time to AI providers for transcription — we do not store voice recordings), and commercial information (billing and transaction records).

Sale and Sharing of Personal Information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Your Rights Under the CCPA. You have the right to: (1) request that we disclose the categories and specific pieces of personal information we have collected about you; (2) request that we delete personal information we have collected from you; (3) request that we correct inaccurate personal information; and (4) not be discriminated against for exercising any of these rights.

How to Exercise Your Rights. To exercise your rights, contact us at privacy@seenalabs.io. We will verify your identity before processing your request. We will respond to your request within 45 days. If we need more time, we will inform you of the reason and extension period.

Authorized Agent. You may designate an authorized agent to submit a request on your behalf. We may require you to verify your identity directly with us and confirm that you authorized the agent.

13. Do We Use Cookies and Tracking Technologies?

On the Dashboard and Website. We use analytics and technical identifiers on the Dashboard and our website. We do not use third-party advertising cookies or cross-site tracking pixels.

In the Widget. The Widget stores identifiers in the Visitor's browser using local storage. This includes a session token (scoped to the current site visit) and a randomly generated visitor identifier that persists across browsing sessions to associate repeat visits. These identifiers are random strings and are not linked to a Visitor's real-world identity. The Widget does not set advertising cookies or cross-site tracking cookies on Visitor browsers.

We may use strictly necessary cookies for authentication and session management on the Dashboard.

14. Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

15. Do We Make Updates to This Policy?

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Policy. If we make material changes, we will notify you either by prominently posting a notice of such changes or by sending you a notification directly. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

16. How Can You Contact Us About This Policy?

If you have questions or comments about this policy, you may email us at privacy@seenalabs.io or by post to:

3rd Brain Inc., doing business as Seena Labs 169 Madison Ave STE 49114 New York, NY 10016

17. How Can You Review, Update, or Delete Your Data?

Customers: You can review and update your account information through the Dashboard at any time. To request a full export or deletion of your data, contact us at privacy@seenalabs.io.

Visitors: If you interacted with the Seena Widget on a third-party website and wish to access, correct, or delete your data, you may contact us at privacy@seenalabs.io. Because Visitor data is typically not linked to a real-world identity, we may need to work with you and the relevant Customer to locate your specific data. You may also contact the website operator (Customer) directly, as they are the data controller for Visitor data collected through the Widget.

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. To make such a request, please use the contact details provided above.