Privacy Policy

1. Scope of This Policy

This Policy applies to:

• our public websites, including hightech.dev;
• contact, demo, sales, and support interactions;
• user accounts for clients, moderators, observers, translators, administrators, and other authorized users;
• research-session infrastructure, recordings, transcripts, translations, logs, and related artifacts that we process through our platform.

This Policy does not replace any client-specific study notice, consent notice, or project instructions provided by the research owner or sponsor. In many research workflows, High Tech provides the platform while the client controls the study and determines the purpose of the processing.

2. Who We Are

High Tech provides secure streaming and workflow technology for qualitative research, including remote sessions, mobile ethnography, hybrid and facility-based studies, and related observer and output workflows.

3. Our Privacy Approach

We design our Services around the following principles:

• data minimization;
• privacy by design;
• client-controlled research governance;
• role-based access and project isolation;
• limited retention;
• no sale of personal data;
• no use of personal data for cross-context behavioral advertising;
• no respondent personally identifiable information required by default for participation where the workflow can be delivered without it.

4. Our Role: Controller vs. Processor

Our role depends on the context.

4.1 When High Tech acts as a controller / business

We generally act as a controller or business for information we collect and use for our own operations, such as:

• website visits;
• contact and demo requests;
• sales and support communications;
• account administration;
• security, fraud prevention, logging, and service reliability;
• contracting, billing, and general business operations.

4.2 When High Tech acts as a processor / service provider

We generally act as a processor or service provider when we process research content and related user information on behalf of a client that controls the study, including:

• session access management;
• streaming and recording;
• transcripts and translations;
• clips, notes, chat, markers, and exports;
• optional privacy features such as face blur, voice alteration, watermarking, or PII redaction.

In those cases, our client is typically the controller or business responsible for the study design, participant instructions, legal basis, and retention decisions.

5. Information We Collect

We collect only the information reasonably necessary for the relevant purpose.

5.1 Information you provide directly

Depending on how you interact with us, we may collect:

• name;
• company name;
• work email address;
• work phone number;
• job title;
• account credentials or authentication-related information;
• meeting, demo, or support request details;
• communications you send to us;
• billing, contracting, or business-contact information.

5.2 Account and platform information

For authorized platform users such as clients, moderators, observers, translators, and administrators, we may process:

• email address;
• user role and permissions;
• account identifiers;
• project and session membership;
• access and audit logs;
• actions taken in the platform.

5.3 Research and session information

When our platform is used for research delivery, we may process:

• video, audio, screen-share, and live-stream data;
• transcripts, translations, subtitles, and captions;
• chat messages, notes, markers, clips, and exports;
• session metadata such as timestamps, room or session identifiers, and role assignments;
• optional privacy or workflow outputs such as watermarking, blur, voice transformation, or PII-redaction artifacts.

5.4 Automatically collected technical information

When you use our websites or platforms, we may automatically collect limited technical information such as:

• IP address;
• browser or device type;
• operating system;
• session timestamps;
• referring page or domain;
• diagnostic and network information such as bitrate, latency, packet loss, and connection quality;
• security logs and event records.

We use this information for security, routing, support, reliability, troubleshooting, abuse prevention, and service improvement.

6. Information We Do Not Collect by Default

Where the workflow allows it, we do not require respondents to provide personal information such as:

• full legal name;
• home address;
• personal phone number;
• demographic profile;
• social media identifier;
• payment information.

In many workflows, respondents may join using nickname-based or token-based access managed by the client or study owner.

7. How We Use Information

We use personal information to:

• provide, operate, secure, and maintain the Services;
• authenticate users and manage access permissions;
• respond to inquiries, demos, and support requests;
• deliver recordings, transcripts, translations, clips, and other requested outputs;
• detect, prevent, and investigate fraud, abuse, downtime, or security incidents;
• monitor performance, reliability, and quality;
• comply with legal obligations;
• enforce our agreements and protect our rights, users, clients, and systems;
• improve our websites, documentation, onboarding, and support.

We do not use personal information for cross-context behavioral advertising.

8. Legal Bases for Processing

Where EU GDPR or UK GDPR applies, we rely on one or more of the following legal bases, depending on the context:

• performance of a contract or steps taken at your request before entering into a contract;
• legitimate interests, such as securing our systems, providing support, preventing abuse, improving reliability, and running our business responsibly;
• consent, where required by law, including for certain non-essential cookies or similar technologies;
• legal obligation, where processing is necessary to comply with applicable law;
• vital interests or other lawful bases where exceptionally applicable.

If we process research content on behalf of a client, the client is generally responsible for determining the appropriate legal basis for the study itself.

9. Research Content, Streaming, and Client Ownership

Research content processed through the Services is generally controlled by the client that created or commissioned the study.

That content may include:

• live and recorded audio/video;
• transcripts and translated outputs;
• notes, chat, clips, and markers;
• workflow metadata associated with the study.

High Tech generally processes this content under the client’s instructions and does not treat itself as the owner of the research data.

During live sessions, the platform may perform optional in-flight processing such as:

• transcription;
• translation;
• subtitle generation;
• PII redaction;
• face blurring;
• voice alteration;
• watermarking;
• export and packaging workflows.

10. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies for:

• security;
• session continuity;
• authentication;
• accessibility preferences;
• load balancing or basic platform functionality;
• performance and reliability diagnostics.

We do not use third-party advertising cookies.

Where required by law, we will request consent before placing or using non-essential cookies or similar technologies. You can also control cookies through your browser settings, although disabling certain essential cookies may affect account login or core platform functionality.

11. Sharing and Disclosure

We do not sell or rent personal data.

We may disclose personal information only as reasonably necessary in the following cases:

• to infrastructure, hosting, security, communications, support, or similar service providers acting on our behalf;
• to subprocessors or delivery partners where needed to provide a client-requested feature, such as transcription, translation, or related workflow support;
• to the client or research owner that controls the relevant study;
• to advisors, auditors, insurers, or professional service providers under appropriate safeguards;
• to law enforcement, regulators, courts, or other authorities where required by law or where necessary to protect rights, safety, property, or systems;
• in connection with a merger, acquisition, financing, corporate reorganization, or sale of all or part of our business or assets, subject to appropriate confidentiality and transition protections.

12. International Transfers and Data Location

High Tech operates region-aware infrastructure and may process or store data in different jurisdictions depending on:

• project configuration;
• client requirements;
• service availability;
• applicable legal obligations.

Where required, we use appropriate safeguards for international transfers, such as contractual commitments and other recognized transfer mechanisms.

For client-controlled research projects, data location and transfer decisions may also be shaped by the client’s selected configuration and instructions.

13. Retention

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, including to satisfy contractual, legal, accounting, security, support, and operational requirements.

Retention may vary depending on the data type and context.

Typical examples:

• inquiry and support records: as needed for follow-up, support history, and business administration;
• account and audit logs: as needed for security, access control, and compliance;
• research content and artifacts: according to client instructions, platform configuration, or applicable contractual requirements;
• ephemeral buffers or live-session DVR data: short-lived or automatically cleaned up according to platform design and session settings.

When data is no longer needed, we delete it, de-identify it, or securely limit access to it as appropriate.

14. Security

We use administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

• encryption in transit;
• encryption at rest where applicable;
• access controls and role-based permissions;
• audit logging;
• project and session isolation;
• network and infrastructure security controls;
• least-privilege operational access;
• monitoring and incident-response procedures.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

15. Your Privacy Rights

Depending on your location and the applicable law, you may have rights that include:

• access to your personal information;
• correction of inaccurate information;
• deletion of personal information;
• restriction of processing;
• objection to certain processing;
• withdrawal of consent where processing is based on consent;
• portability, where applicable;
• complaint to a supervisory or regulatory authority.

To exercise privacy rights, contact us at privacy@hightech.dev.

If your request relates to research content controlled by one of our clients, we may direct you to that client or coordinate with them as appropriate, because they may be the controller or business responsible for the study.

16. California and Other U.S. State Privacy Rights

If a U.S. state privacy law applies to High Tech and your request falls within its scope, you may have rights including:

• the right to know what personal information is collected, used, disclosed, or otherwise processed;
• the right to delete certain personal information;
• the right to correct inaccurate personal information;
• the right to opt out of the sale or sharing of personal information, if applicable;
• the right to limit certain uses of sensitive personal information, if applicable;
• the right not to be discriminated against for exercising your rights.

High Tech does not sell personal information and does not use personal information for cross-context behavioral advertising.

Requests may be sent to privacy@hightech.dev.

We may need to verify your identity before fulfilling certain requests, and we may deny or limit requests where permitted by law.

17. Respondent Withdrawal and Data Removal

Where a participant or authorized requester seeks withdrawal or deletion, a request to privacy@hightech.dev is generally sufficient to begin the process.

Because High Tech often acts on behalf of the research owner, we may need to verify the request and coordinate with the client that controls the study before taking action. We will respond within the timeframes required by applicable law.

18. Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children where prohibited by law.

If a client conducts research involving minors, the client is responsible for obtaining any required notices, consents, or authorizations and for configuring the study appropriately. If you believe personal information from a child has been provided to us improperly, contact privacy@hightech.dev.

19. Third-Party Links

Our websites and Services may contain links to third-party websites, tools, or services. We are not responsible for the privacy, security, or content practices of third parties. You should review their privacy notices separately.

20. Changes to This Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the “Last updated” date and, where required, provide additional notice through the website, platform, or other appropriate means.

21. Contact Us

For privacy questions, requests, or complaints, contact:

If applicable law gives you the right to complain to a supervisory authority or regulator, you may also do so.