Privacy Policy

What we collect and why

Spradley processes data that emerges from AI-moderated employee interviews. This includes the content of the conversation itself, what employees share in their own words, whether through voice or text, as well as basic metadata such as timestamps and session duration.

Before each interview, the client organization may also provide contextual information to help shape themes in the interview: Things like what themes are relevent, as well as some context around the themes. This context helps the AI interviewer ask better follow-up questions, it is unable to identify or evaluate individual employees, our platform is specifically designed to protect employees privacy.

The purpose is for all of this is straightforward. We help organizations understand what's actually going on beneath the surface — the general trends around experiences, frustrations, and ideas that traditional surveys miss. We exists to surface qualitative insight that improves workplace culture.

How the AI processes your data

When an employee completes an interview, the AI applies semantic analysis to understand the meaning and context of what was shared. The individual conversation is never reported as a standalone record. Instead, the content is folded into a larger segment of responses, where it becomes part of a collective dataset.

From that aggregated pool of qualitative text, we extract general trends, where friction exists, what ideas are circulating, where energy is high or low. Because we work with large datasets of text rather than individual data points, we are able to apply k-anonymity, a privacy technique that ensures no single person can be distinguished from the group. A theme only surfaces when enough people have expressed something similar that no individual voice can be traced back.

What reaches the organization is never tied to a person. It is a picture of patterns: aggregated, anonymized, and presented as collective insight. No individual profiles, and untraceable.

EU Data hosting

All data processed by Spradley is stored on servers located within the European Union. We do not transfer employee data outside of Europe.

Our AI interviews are powered through a private API deployment with Mistral, meaning your data is not used to train models, is not shared with third parties, and is not accessible outside of your dedicated environment. You can read more about Mistral's private hosting and data protection commitments here.

In addition to infrastructure choices, we apply standard security practices throughout the platform: data is encrypted both in transit and at rest, access is restricted on a need-to-know basis, and we maintain clear retention policies so data is not kept longer than necessary. We regularly review our security posture as the platform evolves.

GDPR compliance

Spradley is built from the ground up with the General Data Protection Regulation as a baseline, not an afterthought.

Lawful basis for processing

The processing of employee interview data is carried out under the lawful basis of legitimate interest. The employer — as the data controller — has a legitimate interest in understanding workplace culture and employee experience in order to improve working conditions. Spradley acts as a data processor, handling data strictly on behalf of and under the instructions of the client organization. We do not determine the purpose of data collection — your organization does.

Your employees' rights

Every employee whose data is processed through Spradley has the right to access the data held about them, request deletion of their data, object to the processing, request portability of their data, and withdraw from participation at any point. These rights can be exercised by contacting the employer directly or by reaching out to us at [privacy@spradley.io].

Data Processing Agreement

We offer a Data Processing Agreement to every client organization, outlining exactly how data is handled, what security measures are in place, who has access, and how long data is retained. If your legal or HR team needs a DPA before getting started, we are happy to provide one.

Data retention

We do not hold on to data longer than necessary. Retention periods are agreed upon with each client, and data is securely deleted once the agreed period expires or when a client requests it.