Privacy & security

01 Who we are

getAIQ is operated by getAIQ LLC ("getAIQ", "we", "us"). For privacy questions or to exercise any right described here, contact hey@getaiq.ai. We act as the controller of the personal information you provide to us.

02 Information we collect

Information you provide

• Account details — your name, email address, and (for Business AIQ) your organization name and role.
• Assessment responses — the answers you give to generate your Personal or Business AIQ.
• Communications — messages you send us and your support requests.
• Payment details — if you upgrade, payments are processed by a third-party payment provider; we do not store full card numbers on our systems.

Information collected automatically

• Usage data — pages viewed, features used, and actions taken, to operate and improve the product.
• Device and technical data — IP address, browser type, device type, and similar diagnostic data.
• Cookies and similar technologies — used for sign-in, preferences, and basic analytics (see Section 09).

03 How we use your information

• To generate, deliver, and update your AIQ score, tier, and roadmap.
• To operate, secure, maintain, and improve the service and the QOS methodology.
• To respond to you and provide support.
• To send product and account communications you have opted into (you can opt out anytime).
• To detect, prevent, and address fraud, abuse, and security incidents.
• To comply with legal obligations.

We use aggregated and de-identified data (which cannot reasonably identify you) to build benchmarks and improve scoring. We do not use your individual responses to train third-party models without your consent.

04 Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: contract (to deliver the service you request), legitimate interests (to secure and improve the product, balanced against your rights), consent (for optional marketing and non-essential cookies), and legal obligation (where required by law). You may withdraw consent at any time.

05 How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share limited information only with:

• Service providers (subprocessors) — vetted vendors who host, process payments, send email, and provide analytics on our behalf, under contracts that restrict their use of your data to providing services to us.
• Legal and safety — when required by law, or to protect the rights, safety, and security of users, the public, or getAIQ.
• Business transfers — if getAIQ is involved in a merger, acquisition, or asset sale, your information may transfer subject to this policy; we will notify you of any change in control or use.

06 Security

Security is foundational to getAIQ, not an afterthought. We apply layered, defense-in-depth practices, including:

• Encryption in transit — all traffic is encrypted using TLS (HTTPS) across the platform.
• Encryption at rest — stored data is encrypted at rest by our infrastructure providers.
• Access control — least-privilege access, role-based permissions, and multi-factor authentication for internal systems.
• Network and application security — segregation, secure configuration, dependency and vulnerability management, and a secure software development lifecycle.
• Monitoring and logging — activity logging and monitoring to detect and respond to anomalies.
• Vendor due diligence — we assess the security posture of subprocessors before granting access to data.
• Incident response — a defined process to investigate, contain, and — where required by law — notify affected users and authorities of security incidents.

07 Data retention

We keep personal information only as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion of your account and associated personal data at any time (see Section 08). De-identified, aggregated data may be retained for analytics and benchmarking.

08 Your rights and choices

Subject to your location, you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and to opt out of sale or sharing — and getAIQ does not sell or share personal information. EEA/UK residents have rights under the GDPR. We will not discriminate against you for exercising any right.

To exercise any right, email hey@getaiq.ai. We will verify your request and respond within the timeframe required by applicable law.

09 Cookies and tracking

We use strictly necessary cookies for sign-in and security, and limited preference and analytics cookies to understand and improve usage. You can control non-essential cookies through your browser settings or our cookie controls where offered. We honor recognized opt-out signals where required.

10 International transfers

We may process and store information in the United States and other countries. Where we transfer personal information across borders, we use appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.

11 Children's privacy

getAIQ is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will delete it.

12 Changes to this policy

We may update this policy as the product and the law evolve. We will revise the "last updated" date and, for material changes, provide additional notice. Your continued use after changes take effect constitutes acceptance.

13 Contact

Questions, requests, or concerns: getAIQ LLC · hey@getaiq.ai.