Privacy Policy

1. Introduction

This Privacy Policy explains how BlackIQ KLG (“BlackIQ”, “we”, “us” or “our”) processes personal data in connection with the website and services available at studio.blackiq.ai (the “Service”).

We process personal data in accordance with applicable data protection laws, including the Swiss Federal Act on Data Protection (“FADP”) and, where applicable, the General Data Protection Regulation (“GDPR”).

Our Service is designed according to the principle of data minimization. We process personal data only to the extent necessary to provide, secure and improve the Service, to manage user accounts and subscriptions, and to comply with applicable legal obligations.

2. Scope and Applicable Laws

This Privacy Policy applies to the use of our website, account area and AI-based services.

For users located in Switzerland, the Swiss Federal Act on Data Protection applies. For users located in the European Union or the European Economic Area, the GDPR may additionally apply.

BlackIQ KLG operates primarily from Switzerland. Where applicable, we comply with the requirements of the GDPR for users located in the European Union.

3. Age Restrictions

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

4. Categories of Personal Data Processed

Depending on how users interact with the Service, we may process different categories of personal data.

When users create an account, we process account and authentication data, such as email address, login credentials and technical account identifiers. Passwords are stored in encrypted or hashed form and are not accessible to us in plain text.

When users purchase a paid subscription, billing-related data may be processed. Payment information is processed by our payment provider Stripe. We do not store full credit card numbers or complete payment credentials on our own systems.

When users access the Service, technical data may be processed automatically. This includes IP address, device and browser information, access time, request details, system logs and aggregated usage data. This data is used to provide the Service, ensure security, detect abuse and maintain system stability.

When users contact us, we process the information contained in the communication, such as email address, message content and any information voluntarily provided by the user.

5. Chat Content and AI Interactions

BlackIQ Studio enables users to interact with artificial intelligence systems.

User inputs (“prompts”) and AI-generated outputs may be stored within the user account solely to enable functionality, continuity and access to previous interactions. This storage is provided exclusively for the user’s own use and control.

Any technical access by infrastructure providers is strictly limited to what is necessary for system operation and is subject to contractual, technical and organizational safeguards.

We do not actively access or review user-generated chat content for its own purposes.

Technical access may occur where necessary for system operation, security, troubleshooting or support requested by the user.

Processing of chat content is carried out automatically and solely for the purpose of providing the Service. Depending on the selected functionality, user inputs may be transmitted to external AI infrastructure providers, including Google Gemini, in order to generate responses.

While we implement a privacy-first and security-focused system architecture designed to minimize data exposure and prevent unauthorized access, users remain responsible for the content they submit and for ensuring that their use of the Service complies with applicable laws and regulations.

AI-generated outputs are created automatically by third-party models and system processes. We do not control, verify or guarantee the accuracy, completeness or suitability of such outputs and we assume no responsibility for their content or any use made of them.

6. Purposes of Processing

We process personal data for the following purposes:

• to create and manage user accounts,
• to authenticate users,
• to provide access to the Service,
• to process subscriptions and payments,
• to provide AI-based functionality,
• to maintain and secure our systems,
• to prevent abuse and fraud,
• to respond to support requests,
• to comply with legal obligations,
• and to analyze aggregated usage patterns where consent has been provided.

7. Legal Bases for Processing

For users in Switzerland, personal data is processed in accordance with the principles of lawfulness, good faith, proportionality and purpose limitation under the Swiss Federal Act on Data Protection (FADP).

Where the GDPR applies, we rely on the following legal bases:

• Account registration, authentication, subscription management, payment processing and the provision of the Service are processed on the basis of contract performance pursuant to Art. 6(1)(b) GDPR.
• Technical logs, security measures, abuse prevention and system stability are processed on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR.
• Analytics cookies, Google Analytics and other non-essential tracking technologies are used only on the basis of user consent pursuant to Art. 6(1)(a) GDPR.
• Where processing is required to comply with legal obligations, such as accounting or tax obligations, processing is based on Art. 6(1)(c) GDPR.

8. Website Access and Log Files

When users access our website or Service, our systems may automatically process log data. This may include the IP address, date and time of access, requested URL, referrer URL, browser type, operating system, device information and technical request metadata.

Log data is processed to ensure the secure and stable operation of the Service, to detect technical errors, to prevent misuse and to protect our infrastructure.

Log files are generally retained between 7 and 30 days depending on system requirements, unless a longer retention period is necessary in individual cases for security, troubleshooting, abuse prevention or legal enforcement.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate the website and improve the Service.

Strictly necessary cookies are used to enable core website functionality, including storing cookie preferences. These cookies are essential for the operation of the website and cannot be disabled.

With user consent, we use analytics services to better understand how visitors interact with our website. This includes Google Analytics (implemented via Google Tag Manager). These services may collect information such as pages visited, time spent on the site and general usage patterns. Analytics cookies are only activated if the user provides explicit consent.

The use of reCAPTCHA may be based on consent or, where strictly necessary for security, on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Google reCAPTCHA analyzes user behavior to determine whether interactions are legitimate. If consent is not provided, features requiring reCAPTCHA protection may not be available.

Users may manage or withdraw their consent at any time through the cookie settings available on our website. Users may also delete or block cookies through their browser settings. Disabling certain cookies may affect the functionality of the website.

The legal basis for strictly necessary cookies is our legitimate interest in providing a functional and secure website pursuant to Art. 6(1)(f) GDPR. The legal basis for analytics and non-essential third-party services is consent pursuant to Art. 6(1)(a) GDPR.

10. Google Analytics

We use Google Analytics to analyze how users interact with our website and to improve the Service.

Google Analytics may process information such as page views, session duration, approximate location, device information, browser information, interaction events and usage patterns. Where possible, Google Analytics is configured to reduce identifiability, for example through IP anonymization or similar privacy-enhancing settings.

Google Analytics is only used if the user has given consent through the cookie settings. Users may withdraw consent at any time.

Users may also opt out of Google Analytics tracking via browser add-ons or privacy settings provided by Google.

We have entered into a data processing agreement with Google in accordance with Art. 28 GDPR.

Where data is transferred to the United States, appropriate safeguards such as Standard Contractual Clauses are used.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Depending on the service setup, data may also be processed by Google LLC in the United States.

The legal basis is Art. 6(1)(a) GDPR.

11. Payment Processing

Payments for paid subscriptions are processed by Stripe.

The payment provider may process billing data, payment method information, transaction data, fraud prevention data and related metadata. Full payment credentials, such as complete credit card numbers, are processed directly by Stripe and are not stored by us.

The legal basis for payment processing is contract performance pursuant to Art. 6(1)(b) GDPR. Where we are required to retain billing or accounting records, processing is based on legal obligations pursuant to Art. 6(1)(c) GDPR.

12. Authentication Providers

Users may register or sign in using authentication providers such as Google Sign-In or Sign in with Apple.

When using such authentication providers, we may receive personal data necessary for account creation and login, such as email address, name or authentication identifiers, depending on the user’s provider settings.

The legal basis is contract performance pursuant to Art. 6(1)(b) GDPR.

13. Support and Communication

If users contact us by email or through support channels, we process the information provided in the communication. This may include email address, message content, technical details, account information and any other information voluntarily provided.

We use Zoho for email, support and customer communication.

The legal basis is contract performance pursuant to Art. 6(1)(b) GDPR where the communication relates to an existing or prospective contractual relationship, and our legitimate interest pursuant to Art. 6(1)(f) GDPR in responding to inquiries and managing communication.

14. Data Sharing and Third Parties

We use carefully selected service providers necessary to operate the Service.

Key providers include:

• Hetzner Online GmbH – hosting infrastructure
• RunPod Inc. – compute infrastructure
• Stripe, Inc. – payment processing
• Google Ireland Limited / Google LLC – authentication (Google Sign-In), Google Analytics, Google Tag Manager, Google reCAPTCHA and Gemini AI infrastructure
• Apple Inc. – authentication (Sign in with Apple)
• Zoho Corporation – customer support / CRM

Personal data is not sold under any circumstances.

Where service providers process personal data on our behalf, we use appropriate contractual safeguards, including data processing agreements where required.

Where data is transferred to the United States, there is a possibility that authorities may access personal data. We implement appropriate safeguards to mitigate such risks.

15. External Links and Third-Party Platforms

The Service may contain links to external platforms and community services. If users access such links, they leave our website and the privacy practices of the respective third-party provider apply. We do not control and are not responsible for the processing of personal data by such external platforms.

We also maintain online presences on external platforms in order to provide information about our services and to communicate with users.

This includes in particular:

• our main website: https://blackiq.ai
• our LinkedIn page: https://www.linkedin.com/company/blackiq-ai
• our Discord community: https://discord.gg/VhHRrCCfq6
• our Reddit presence: https://www.reddit.com/user/BlackIQAI

When users access these platforms, personal data is processed by the respective provider in accordance with their own privacy policies and terms of use. We have no influence over such data processing activities.

Where applicable, the processing of personal data in connection with our online presences is based on our legitimate interest in providing information about our services and maintaining communication with users pursuant to Art. 6(1)(f) GDPR.

16. International Data Transfers

Some service providers may process personal data outside Switzerland, the European Union or the European Economic Area, in particular in the United States.

Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, Swiss equivalents where applicable, data processing agreements and additional technical or organizational safeguards where required.

Where required, we implement additional technical and organizational safeguards, such as encryption or pseudonymization, to ensure an adequate level of data protection.

17. Data Retention

We retain personal data only for as long as necessary for the respective processing purpose.

Account data is generally retained for as long as the user account exists. After account deletion, account-related data is deleted unless legal retention obligations or legitimate security interests require longer storage.

Chat content stored within the user account is retained until the user deletes it or the account is deleted, unless legal obligations require longer retention.

Billing and contract-related data may be retained for up to 10 years where required by accounting, tax or commercial law.

Support and communication data is retained for as long as necessary to handle the request and for a limited period thereafter as required for documentation, legal compliance and defense against potential claims.

Technical log data is generally retained between 7 and 30 days depending on system requirements, unless longer retention is required for security, troubleshooting, abuse prevention or legal enforcement.

18. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures include encrypted connections, secure hosting infrastructure, access controls, data minimization, system monitoring and separation of access rights.

The Service is designed in a way that BlackIQ does not actively access or review user-generated chat content. This architecture is intended to reduce data exposure and limit access to personal data by design.

19. User Rights

Users may have the following rights under applicable data protection law:

• the right to request access to personal data,
• the right to request rectification of inaccurate data,
• the right to request deletion of data,
• the right to request restriction of processing,
• the right to object to processing,
• the right to data portability,
• and the right to withdraw consent at any time where processing is based on consent.

Requests may be submitted to:

contact@blackiq.ai

We may need to verify the identity of the requesting user before responding to a request.

We will respond to requests within the timeframes required by applicable law.

20. Automated Decision-Making

We do not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects concerning users or similarly significantly affects them.

21. Right to Lodge a Complaint

Users have the right to lodge a complaint with a competent data protection authority.

For users in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).

Users in the European Union or European Economic Area may lodge a complaint with the supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.

22. AI Outputs and User Responsibility

The Service may generate outputs using artificial intelligence systems. AI-generated outputs may be inaccurate, incomplete or unreliable and do not constitute professional advice.

This section does not limit any mandatory privacy rights of users. Contractual limitations of liability are governed by our Terms and Conditions.

23. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if our Service, technical setup, legal obligations or processing activities change.

The latest version will always be available on this page. Where required by law, we will inform users separately or request renewed consent.

24. Contact

For any privacy-related inquiries, users may contact us at:

BlackIQ KLG

Sonnenstrasse 51

8280 Kreuzlingen

Switzerland

Data protection inquiries: contact@blackiq.ai