Study Privacy Notice
This notice applies to Keystone behavior data collection studies and is distinct from the general website privacy policy.
We at Keystone (Keystone Strategy LLC and our subsidiaries and affiliates) are committed to protecting your privacy. This Privacy Notice is intended to comply with applicable U.S. state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA).
Information We Collect
We collect the following categories of personal data, which may vary depending on how you interact with our services: identifiers; internet or other electronic network activity; device and technical information; geolocation data; commercial information; and inferences drawn from such data.
Automated Data Collection and Browser Data
Certain services involve automated data collection technologies, including the scraping or collection of web browser data, such as URLs, page content, interaction data, and technical metadata, where necessary to provide, secure, or improve the services.
Purposes of Processing
We process personal data for the following purposes: providing, operating, maintaining, securing, and improving the services; analytics, research, and development; customer support; communications regarding the services; compliance with legal obligations; fraud, security, and misuse prevention.
Data Processing Roles
Depending on the context, Keystone acts as a data controller/business or as a processor/service provider, processing personal data only for the purposes described in this Notice or as instructed by our customers.
Sharing of Personal Data
We may disclose personal data to affiliates, subsidiaries, service providers, contractors, and business partners solely to provide and support the services, comply with law, or protect our rights. We do not sell personal data or share it for targeted advertising.
Data Security
We maintain comprehensive security practices designed to protect personal and sensitive user data. All such data is encrypted in transit using HTTPS, WSS, or an equivalent secure protocol, and we do not use any IETF denylisted cipher suites. Data at rest is encrypted using strong, industry-standard cryptographic methods such as AES, RSA, or equivalent modern cryptography. We implement reasonable administrative, technical, and physical safeguards to ensure data protection, restrict access strictly to authorized personnel, and actively monitor for misuse. Our security posture includes robust access controls, secure storage protections, and established incident response measures to prevent, detect, and respond to potential security events.
Your U.S. State Privacy Rights
Residents of certain U.S. states have rights regarding their personal data, including the right to access, delete, correct, and obtain a copy of their data, to opt out of targeted advertising, sale, or profiling, and to appeal decisions regarding privacy requests, subject to applicable law.
Exercising Your Rights
You may submit a privacy request by contacting us at privacy@keystone.com or by calling +1-617-224-9100. We will respond within the timeframes required by applicable law.
Contact
privacy@keystone.com | +1-617-224-9100 | 116 Huntington Avenue, Floor 12, Boston, MA 02116
Updated
March 2026