S·O·I·L
Sign In
legal

Privacy Policy

Last Updated: December 22, 2025

1. Introduction

Welcome to SOIL (Studies of Organizational Illness and Loss). This Privacy Policy explains how SOIL Foundation, a Delaware 501(c)(3) nonprofit organization ("SOIL," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use our website, platform, and services (collectively, the "Services").

SOIL is a research-first project devoted to collecting organizational autopsy data at scale to advance the scientific understanding of organizational mortality. We are committed to protecting your privacy while fulfilling our research mission.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect several types of information from and about users of our Services:

2.1 Account Information

  • Email address
  • Name (optional display name)
  • Profile information you choose to provide
  • Authentication data (passwords are securely hashed)

2.2 Organizational Autopsy Data

When you contribute data about an organization through our interview wizard, we collect:

  • Basic Information: Organization name, type, industry, location, founding and closure dates, lifecycle stage, team size
  • Functional Mapping: Organizational structure, function assessments, health indicators, staffing details
  • Financial Picture: Revenue metrics, funding history, financial events, optional document uploads (financial statements, pitch decks)
  • Dynamic Picture: Timeline events, organizational changes, crisis events
  • Environment Analysis: Market conditions, external events, resource availability
  • Founder Context: Background, experience, personal impact of closure (health, relationships, finances)
  • Narrative: Your interpretation of events, lessons learned, advice for others

2.3 Verification Data

To ensure data quality, we collect verification information from colleagues and stakeholders you invite:

  • Verifier email addresses (provided by you)
  • Relationship type to the organization
  • Confirmation of basic organizational facts
  • Optional: Their perspective on organizational dynamics

2.4 Automatically Collected Information

  • Device information (browser type, operating system)
  • IP address
  • Pages visited and actions taken on our platform
  • Referring website
  • Date and time of visits

2.5 Communication Data

  • Emails you send to us
  • Waitlist subscriptions and newsletter preferences
  • Support inquiries

2.6 Payment Information

For paid services (such as the Therapeutic Course or Crypt Storage), payment processing is handled by Stripe. We do not store your full credit card number. Stripe may share with us:

  • Last four digits of your card
  • Card expiration date
  • Billing address
  • Transaction history

3. How We Use Your Information

3.1 Research Purposes

Our primary mission is scientific research. We use organizational data to:

  • Identify patterns in organizational mortality
  • Develop and validate diagnostic frameworks
  • Create predictive models for organizational health
  • Publish academic research (using anonymized, aggregated data only)
  • Advance the field of Organizational Medicine

3.2 Platform Operations

  • Create and manage your account
  • Process your organizational data contributions
  • Generate and display your cenotaph (memorial)
  • Facilitate the verification process
  • Provide customer support
  • Process payments for optional services

3.3 Communications

  • Send verification request emails to colleagues you designate
  • Notify you about your cenotaph status and verification progress
  • Send reminders about incomplete data submissions (with your consent)
  • Send newsletters and updates to waitlist subscribers (with explicit opt-in)
  • Respond to your inquiries

3.4 Improvement and Analytics

  • Analyze usage patterns to improve our Services
  • Detect and prevent technical issues
  • Measure the effectiveness of our platform

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

  • Consent: When you voluntarily contribute organizational data through our interview wizard, subscribe to our newsletter, or opt into specific features.
  • Contract Performance: When processing is necessary to provide our Services to you (account management, cenotaph creation).
  • Legitimate Interests: For research purposes (with appropriate safeguards), platform improvement, and security.
  • Legal Obligation: When we must comply with applicable laws.
  • Scientific Research (GDPR Article 89): Processing for scientific research purposes with appropriate safeguards.

5. Information Sharing and Disclosure

What We Never Do

  • We never sell your raw, identifiable data
  • We never share individual founder stories without explicit consent
  • We never use your data against your interests
  • We never provide individual data to potential employers or investors

5.1 Public Display (Cenotaph)

Stories and cenotaphs are always anonymized by default. Based on your privacy settings, you can choose to reveal limited identifying information:

  • Full Anonymity (default): No identifying information displayed - organization and founder names are hidden
  • Organization Name Visible (opt-in): You may choose to reveal your organization's name while keeping your personal identity private
  • Founder Name Visible (opt-in): You may choose to reveal your name for networking and consultation purposes, in addition to or separately from your organization name

Important: Even with visibility settings enabled, the narrative content and organizational details in your cenotaph remain anonymized. Only the organization name and/or founder name can be revealed - never other individuals mentioned in your story (employees, co-founders, investors, etc.).

You control your visibility settings and can change them at any time.

5.2 Research Access

Qualified academic researchers may access anonymized, aggregated datasets for scientific research. This access:

  • Requires approval from our Data Access Committee
  • Is governed by strict data use agreements
  • Never includes individual identifying information
  • Is limited to legitimate research purposes

5.3 Commercial Services (Aggregated Data Only)

Future commercial spin-offs may use:

  • Aggregated patterns (e.g., "X% of organizations with Y characteristics experienced Z")
  • Anonymized predictive models
  • Industry benchmarks without individual identification

These services never have access to your individual, identifiable data.

5.4 Service Providers

We share information with trusted service providers who assist our operations:

  • Supabase: Database hosting, authentication, file storage
  • Vercel: Website hosting and delivery
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • Google Analytics: Website analytics (see Cookies section)

These providers are contractually bound to protect your information and use it only for the services they provide to us.

5.5 Legal Requirements

We may disclose information when required by law or in good faith belief that:

  • Compliance with a legal obligation is necessary
  • Protection of our rights or property is required
  • Prevention of illegal activity is necessary
  • Protection of personal safety of users or the public is required

6. Your Privacy Controls

We believe founders should maintain control over their data. You have the following controls:

6.1 Visibility Settings

  • Choose your anonymity level (from full anonymous to full public)
  • Select how your organization name appears (veiled, unnamed, undisclosed)
  • Control which parts of your story are visible
  • Change visibility settings at any time

6.2 Data Deletion

  • Delete your cenotaph and associated data at any time
  • Request deletion of your account and all personal information Request deletion of your account and all personal information
  • Note: Anonymized data that has already been included in published research cannot be removed, as it is no longer identifiable

6.3 Access and Portability

  • View all data you have provided
  • See who has accessed your data and how
  • Export your data in a portable format

6.4 Consent Granularity

  • Opt in or out of specific research uses
  • Control email preferences (newsletters, reminders)
  • Withdraw consent at any time

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data is encrypted at rest and in transit using industry-standard protocols
  • Access Controls: Role-based access ensures only authorized personnel can access specific data types
  • Audit Logging: All data access is logged and monitored
  • Secure Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure (Supabase, Vercel)
  • Regular Security Reviews: We periodically assess and update our security practices

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active, plus 30 days after deletion request
  • Cenotaph Data: Retained permanently as part of our research archive (this is the purpose of the memorial), unless you request deletion
  • Anonymized Research Data: Retained indefinitely for research purposes (cannot be linked back to individuals)
  • Communication Logs: Retained for 3 years for support and legal purposes
  • Payment Records: Retained as required by law (typically 7 years for tax purposes)

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, improve, and protect our Services. You can manage your cookie preferences at any time using the "Cookie Preferences" link in our footer.

9.1 Essential Cookies

Required for the platform to function. These cannot be disabled without breaking core functionality:

  • Authentication cookies (Supabase) - Session management and secure login
  • soil_analytics_consent - Stores your cookie preference choice (1 year)

9.2 Analytics Cookies (Requires Consent)

The following cookies and tracking technologies are only activated after you give consent:

  • Google Analytics (GA4) - Collects anonymized data about pages visited, time spent, traffic sources, and device information
  • Vercel Analytics - Performance monitoring and page view tracking provided by our hosting platform
  • soil_visitor - Anonymous visitor identifier used for features like preventing duplicate "Pay Respects" actions (1 year, HTTP-only)
  • Internal analytics - Event tracking for platform improvement (stored in Supabase)
  • Referral tracking - Tracks ?ref= parameters for measuring share link effectiveness

You can opt-out of Google Analytics separately by installing the Google Analytics Opt-out Browser Add-on.

9.3 Managing Cookies

You can manage your cookie preferences at any time by clicking the "Cookie Preferences" link in our website footer. You can also control cookies through your browser settings. Note that disabling essential cookies may impact your ability to use our Services.

10. International Data Transfers

SOIL is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers with appropriate certifications (e.g., SOC 2)
  • Data processing agreements with all third-party processors

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@soilplatform.org, and we will take steps to delete such information.

12. Your Rights

12.1 Rights Under GDPR (EEA, UK, Switzerland)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

12.2 Rights Under CCPA (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and disclosed
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, please contact us at privacy@soilplatform.org. We will respond to your request within 30 days.

13. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending you an email notification (for significant changes affecting your rights)

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any modifications constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

SOIL Foundation

(Delaware 501(c)(3) Nonprofit - In Formation)

Email: privacy@soilplatform.org

General Inquiries: hello@soilplatform.org

Privacy Summary

We Do:

  • ✓ Collect data you voluntarily provide
  • ✓ Use data for scientific research
  • ✓ Anonymize data for publications
  • ✓ Give you control over visibility
  • ✓ Let you delete your data
  • ✓ Protect your data with encryption

We Don't:

  • ✗ Sell your personal data
  • ✗ Share identifiable stories without consent
  • ✗ Use data against your interests
  • ✗ Give individual data to employers/investors
  • ✗ Collect data from children