SageSims Privacy Policy

Effective Date: December 1, 2025

This Privacy Policy explains how [SageSims legal entity name] (“SageSims”, “we”, “us”, “our”) collects, uses, shares, and protects personal information when you visit our websites, use our products and services, or participate in SageSims simulations and programs.

This Policy applies to:

  • SageSims Decision Readiness Lab

  • SageSims Campus Lab

  • SageSims Simulation Coach Academy

  • SageSims Onsite and Virtual Decision Readiness Intensives

  • SageSims Onsite and Virtual All Hands Simulation Days and add-on sessions

  • SageSims Decision Readiness Blueprint

  • SageSims Decision Readiness Action Lab

  • Any related websites, portals, and support channels that link to this Privacy Policy

This Policy does not override any privacy obligations in a signed agreement between SageSims and your organization. If there is a conflict, the signed agreement usually controls.

1. Who is responsible for your information

For visitors to our public website, prospects, and direct customers, SageSims acts as a data controller. We decide how and why your personal information is processed, consistent with applicable data protection laws.

For most simulation participants who use SageSims under an organizational license, your employer, institution, or sponsoring organization is the primary controller. SageSims typically acts as a data processor or service provider, processing personal data on their instructions. In those cases, you should review your organization’s own privacy notices and direct most privacy requests to them.

You can contact us at:

SageSims LLC

privacy@sagesims.com

If required by law, we will also identify a Data Protection Officer or local representative and include their contact details here.

2. Information we collect

The information we collect depends on who you are and how you interact with SageSims. Typical categories include:

2.1 Information you provide directly

  • Contact and account information: name, business email, job title, role, organization, team, phone number, login credentials.

  • Professional details: department, functional role in simulations (for example board member, executive, risk leader, student), facilitation credentials and training history.

  • Simulation and program data: decisions you make in simulations, responses to prompts or surveys, notes or reflections, chat messages, assignments and feedback.

  • Event and logistics information: dietary or accessibility needs you choose to share for onsite events, travel preferences or constraints where relevant.

  • Support and communication: information you provide when you contact us for support, respond to surveys, or participate in user research.

2.2 Information provided by your organization

Your employer, institution, or sponsoring organization may provide information so we can create accounts, assign roles, or tailor simulations, such as:

  • Name, work email, job title, team and reporting line.

  • Role in the simulation (for example board director, CEO, CISO, student).

  • Organizational structures, generic role descriptions, and scenario parameters.

Where this occurs, your organization is responsible for confirming it has a lawful basis to share that information with us.

2.3 Information collected automatically

When you visit our websites or use our products, we automatically collect certain information, including:

  • Usage data: features used, pages viewed, buttons clicked, time spent, simulation modules started and completed.

  • Device and technical data: IP address, browser type, operating system, device identifiers, and basic system configuration.

  • Log data: timestamps, authentication events, error logs, and diagnostic information.

We typically collect this information using cookies, web beacons, and similar technologies.

2.4 Information from third parties

We may receive limited personal information from:

  • Your organization or institution.

  • Service providers such as payment processors, analytics platforms, or video conferencing tools.

  • Publicly available sources, professional networking sites, or event registration platforms used to manage invitations and participation.

3. How we use your information

We use personal information for the following purposes:

  1. To provide and operate our products and services, including creating and managing accounts, running simulations, delivering reports and debriefs, issuing facilitator certifications, and supporting Blueprint and Action Lab engagements.

  2. To tailor simulations and learning experiences to organizational context, roles, and agreed learning objectives.

  3. To provide support and respond to inquiries, including troubleshooting, security incidents, and technical issues.

  4. To maintain security and integrity of our services, including authentication, access control, fraud prevention, monitoring for abuse, and compliance with our Acceptable Use Policy.

  5. To improve our products, including analytics on feature usage, performance, and user journeys so we can refine content, scenarios, and platform design.

  6. To manage our business relationships, including invoicing, contract administration, and account management.

  7. To send administrative and service-related messages, such as account notices, session reminders, policy updates, and security communications.

  8. Where permitted, to send relevant marketing communications about SageSims products and events, with the ability to opt out at any time.

  9. To comply with legal obligations and respond to lawful requests from regulators, courts, or other authorities.

4. Legal bases for processing (EEA, UK and similar jurisdictions)

Where data protection law requires a legal basis, we rely on:

  • Contract performance: to provide services under our agreements with your organization or with you directly.

  • Legitimate interests: to secure and improve our services, run our business, prevent abuse, and communicate with customers about relevant offerings, provided these interests are not overridden by your rights and freedoms.

  • Consent: for certain uses, such as specific marketing communications or optional research activities, where required.

  • Legal obligations: to comply with applicable laws, regulations, and court orders.

When we act as a processor for your organization, they determine the applicable legal basis. You should consult their privacy notice for details.

5. How we share information

We do not sell personal information in the conventional sense. We share information in these limited situations:

  1. With your organization or institution:

    • Simulation outputs, aggregated insights, and participation data are usually provided to your sponsoring organization according to the program design and contract.

  2. With service providers:

    • Third parties that help us operate our services, such as hosting, infrastructure, analytics, communications platforms, payment processors, and customer support tools. These providers are bound by contractual obligations to protect personal information and use it only on our instructions.

  3. With facilitators and coaches:

    • Authorized facilitators and coaches, including those trained through Simulation Coach Academy, may access participant information relevant to sessions they are leading, under confidentiality and contractual obligations.

  4. For legal and safety reasons:

    • When we believe in good faith that disclosure is necessary to comply with law, protect rights or safety, investigate potential violations, or respond to lawful requests from public authorities.

  5. Business transfers:

    • In connection with a merger, acquisition, financing, or sale of all or part of our business, where information may be transferred as part of the transaction, subject to appropriate protections.

We may also share de-identified or aggregated information that does not identify individuals, for research, product development, or thought leadership.

6. International transfers

SageSims may process and store information in countries other than where you are located. Where we transfer personal information from the EEA, UK, or similar jurisdictions to countries that do not provide an equivalent level of data protection, we will use appropriate safeguards such as standard contractual clauses or other mechanisms approved by regulators.

7. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law or contract, including:

  • For active customer relationships, as long as your organization maintains an account and for a reasonable period after termination for recordkeeping, dispute resolution, and legal compliance.

  • For simulation content and activity data, for periods agreed in our contract with your organization or as configured by them.

  • For marketing contacts, until you opt out or we determine the information is no longer accurate or useful.

We may retain de-identified or aggregated information that no longer identifies individuals for longer periods.

8. Security

We apply technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are described in more detail in our Security and Technical and Organizational Measures schedules and may include access controls, encryption, logging, backups, and staff training.

No system is perfectly secure. We encourage you and your organization to use strong passwords, protect your accounts, and tell us promptly about any suspected security issues.

9. Cookies and similar technologies

We use cookies and similar technologies on our websites and products to:

  • Recognize you when you sign in.

  • Keep your session active and secure.

  • Understand how our services are used so we can improve them.

  • Support basic marketing and site performance analytics.

You can usually control cookies through your browser or device settings. Some cookies are essential for the service to work. Blocking them may limit functionality. For more detail, we can provide a separate Cookie Notice where required.

10. Your rights

Your rights depend on where you live and how we process your information. Subject to applicable law and our role as controller or processor, you may have the right to:

  • Access the personal information we hold about you.

  • Request correction of inaccurate or incomplete information.

  • Request deletion of your information, in some circumstances.

  • Object to or request restriction of certain processing activities.

  • Request a copy of your information in a portable format.

  • Withdraw consent where we rely on consent, without affecting prior processing.

When SageSims processes your information on behalf of your organization, we may need to redirect your request to them. We will inform you if that is the case.

You can exercise your rights by contacting us at the details above. We may need to verify your identity and will respond within the time limits set by applicable law.

11. California privacy rights (CCPA / CPRA)

If you are a California resident and we act as a business for your information, you may have additional rights under the California Consumer Privacy Act and related laws, including:

  • The right to know the categories and specific pieces of personal information we have collected about you and the sources and purposes of collection.

  • The right to request deletion of personal information, subject to certain exceptions.

  • The right to correct inaccurate personal information.

  • The right to limit use and disclosure of sensitive personal information where applicable.

  • The right to be free from discrimination for exercising your privacy rights.

We typically collect identifiers (such as name, email address, IP address), professional or employment information (such as job title and organization), internet or network activity (such as usage logs), and in some contexts educational information for Campus Lab. We do not sell personal information as that term is generally defined.

To exercise these rights, contact us at [privacy email address] with “California Privacy Request” in the subject line. When we act as a service provider to your organization, we may direct you to submit your request through them.

12. Children’s privacy

SageSims services are designed for adults in professional or higher education contexts and are not directed at children under 16. We do not knowingly collect personal information from children under 16 without appropriate consent and institutional involvement. If you believe we have collected information from a child inappropriately, contact us and we will investigate and take appropriate steps.

13. Links to other sites

Our services may contain links to third-party websites or services. This Privacy Policy does not cover those sites. Their privacy practices are governed by their own policies, and we encourage you to review them before sharing information.

14. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our services, laws, or business practices. When we make material changes, we will update the “Effective Date” and, where appropriate, provide additional notice through our services or to customer contacts.

Your continued use of SageSims services after an updated Policy takes effect means you acknowledge the changes.

15. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, you can contact us at:

SageSims LLC

privacy@sagesims.com

You also have the right to contact your local data protection authority if you believe our processing of your personal information violates applicable law.

Get In Touch
Let Us Contact You

info@sagesims.com

© 2025. All rights reserved.

+1 (206) 679-1685