Legal

Privacy Policy

IQ8 Technology, Inc. · Version Date: July 2, 2026

1. Introduction

IQ8 Technology, Inc. (“IQ8,” “we,” “us,” or “our”) provides a work management software platform (the “Platform”), together with our websites and related services. This Privacy Policy explains how we collect, use, disclose, and protect personal information, and describes the rights and choices available to individuals.

This Policy applies to personal information we process as a controller (or business) in connection with our marketing, sales, website, and administrative activities. Where IQ8 processes personal information on behalf of and at the direction of our customers while providing the Platform, IQ8 acts as a processor or service provider, and that processing is governed by the applicable Data Processing Addendum (“DPA”) between IQ8 and the customer rather than by this Policy. In those cases, the customer is the controller or business, and individuals should direct privacy requests to that customer.

2. Scope and Roles

Our role under privacy law depends on the context in which we process personal information:

  • Controller / Business. When we determine the purposes and means of processing — for example, personal information collected through our website, marketing programs, sales activities, support interactions, account administration and billing, service-generated usage, telemetry, security, and diagnostic data relating to use of the Platform, and employment or vendor relationships.
  • Processor / Service Provider. When we process personal information contained in customer data submitted to or generated within the Platform, on behalf of and under the instructions of our customers, subject to the applicable DPA. This includes, for example, the contents of data fields, documents, files, prompts, and work product submitted to or generated within the Platform on a customer’s behalf.

We process personal information in accordance with applicable privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), other applicable U.S. state privacy laws, and, where applicable, the EU General Data Protection Regulation (“GDPR”) and the UK GDPR. This Policy is designed to describe the rights and choices available to you under those laws.

3. Personal Information We Collect

We collect the following categories of personal information, depending on how you interact with us:

CategoryExamplesSource
IdentifiersName, email address, postal address, telephone number, account credentials, IP address, online identifiersDirectly from you; automatically; customers
Professional / employment informationEmployer, job title, business contact details, professional roleDirectly from you; customers; third parties
Commercial informationProducts or services considered or purchased, transaction and billing recordsDirectly from you; automatically
Internet / network activityUsage data, log data, device information, pages viewed, interactions with the PlatformAutomatically
Geolocation dataApproximate location derived from IP addressAutomatically
Audio / electronic informationRecordings of support or sales calls (where permitted and disclosed)Directly from you
InferencesPreferences and characteristics derived from the aboveGenerated by us

We generally do not seek to collect sensitive personal information through our website or marketing activities. We do not knowingly collect personal information from children under 18. The Platform is not directed to, and may not be used by, individuals under 18 as Authorized Users. Customer Data may incidentally include personal information about individuals under 18 where Customer has lawful authority to submit and process that information and the data is not prohibited by the Agreement or AUP.

4. How We Use Personal Information

We use personal information for the following business and commercial purposes:

  • Providing, operating, maintaining, and securing the Platform and our website.
  • Communicating with you, responding to inquiries, and providing customer support.
  • Marketing, advertising, and promoting our products and services, including sending communications you may opt out of.
  • Processing transactions, managing accounts, and administering contracts.
  • Analyzing and improving the Platform, our website, and our business operations.
  • Detecting, preventing, and responding to fraud, security incidents, and misuse.
  • Complying with legal obligations and enforcing our agreements and policies.

4.1 Automated Decision-Making and Profiling

For the activities described in this Policy (i.e., where IQ8 acts as a controller or business in connection with its website, marketing, sales, and administrative operations), we do not use automated processing, including profiling, to make decisions that produce legal or similarly significant effects concerning you without human involvement. We may use limited automated analysis to support marketing, website analytics, fraud prevention, and security, but such processing is not used to make decisions of that kind about you on a solely automated basis. Where you have a right under applicable law to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, you may exercise that right as described in Section 7.

Our Platform includes features that use machine learning and generative artificial intelligence. Where IQ8 processes personal information contained in customer data through those features, IQ8 does so as a processor or service provider on behalf of and under the instructions of the relevant customer, and that processing, including any automated decision-making or profiling, is governed by the applicable DPA and the customer’s own privacy notices rather than by this Policy.

5. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

  • Service providers and processors that perform services on our behalf (e.g., hosting, analytics, payment processing, communications), under contractual confidentiality and data-protection obligations.
  • Customers and their authorized users, where relevant to the Platform.
  • Professional advisors such as legal, accounting, and audit advisors.
  • Corporate transaction parties in connection with a merger, acquisition, financing, or sale of assets.
  • Authorities and other parties where required by law, legal process, or to protect rights, safety, and security.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not sold or shared personal information in the preceding 12 months.

6. Cookies and Similar Technologies

Our website uses cookies and similar technologies to operate the site, remember preferences, measure performance, and understand usage. You can manage cookies through your browser settings and, where available, through our cookie preference controls. Some features may not function properly without certain cookies. Where required by applicable law, we recognize and honor opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information and of targeted advertising for the browser or device from which the signal is received.

7. Your Privacy Rights

Depending on your jurisdiction and your relationship with us, you may have some or all of the following rights regarding personal information for which IQ8 is the controller or business:

  • Right to know or access the personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to delete personal information, subject to legal exceptions.
  • Right to data portability.
  • Right to opt out of the sale or sharing of personal information, and of targeted advertising and certain profiling (we do not sell or share).
  • Right to limit the use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.
  • Where the GDPR or UK GDPR applies: rights to object to or restrict processing, to withdraw consent, and to lodge a complaint with a supervisory authority.

7.1 How to Exercise Your Rights

You may submit a request by contacting us at privacy@iq8.ai. We will verify your request before responding, and we will respond within the timeframes required by applicable law. You may use an authorized agent to submit a request on your behalf where permitted by law.

If you are an individual whose personal information we process on behalf of a customer (i.e., where IQ8 acts as a processor or service provider), please direct your request to that customer; we will assist the customer in responding as required under the applicable DPA.

7.2 Appeals

In jurisdictions that provide a right to appeal, if we decline to act on your request, you may appeal by contacting us at privacy@iq8.ai. If your appeal is denied, you may contact your state attorney general or relevant regulator.

8. International Users (EEA and UK)

IQ8 is a United States of America-based company, and the substance of this Policy is directed primarily to U.S. privacy laws. The following applies where the GDPR or UK GDPR governs our processing of your personal information.

  • Legal bases. Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases: performance of a contract; our legitimate interests (such as operating and improving our business, where not overridden by your rights); compliance with a legal obligation; and your consent (which you may withdraw at any time).
  • Additional rights. In addition to the rights described in Section 7, you may object to or request restriction of processing, withdraw consent, and lodge a complaint with your local data protection authority.
  • International data transfers. We may transfer, store, and process personal information in the United States and other countries. Where required, we implement appropriate safeguards for cross-border transfers, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Agreement or Addendum.

8.1 UK Representative

We value your privacy and your rights as a data subject and have appointed Prighter Group, together with its local partners, as our privacy representative and your point of contact for the United Kingdom under Article 27 of the UK GDPR.

Prighter gives you an easy way to exercise your privacy-related rights (for example, requests to access or erase personal information). To contact us through our representative, or to exercise your data subject rights, please visit app.prighter.com/portal/11326384617.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Retention periods vary based on the type of information and the purpose for which it is processed. In determining the appropriate retention period for each category of personal information, we consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it and whether we can achieve those purposes through other means; the duration of our ongoing relationship with you; and applicable legal, accounting, tax, or regulatory requirements. By way of illustration, we generally retain account and contact information for the duration of our relationship with you or your organization and for a reasonable period afterward; marketing and prospect information until you opt out or the information is no longer useful for that purpose, and for a reasonable period afterward; website, log, and analytics data for a shorter period appropriate to the analytics, security, and fraud-prevention purposes for which it is collected; and transaction, billing, and other records that we are required to keep for the period required by applicable legal, tax, accounting, and regulatory obligations. Actual retention periods may be longer where required to comply with law, establish or defend legal claims, or address security or integrity issues. When personal information is no longer needed, we delete, anonymize, or de-identify it, or securely store and isolate it from further use.

Where we maintain information in de-identified form, we commit to maintaining and using that information only in de-identified form and will not attempt to re-identify it, except that we may attempt re-identification solely to test whether our de-identification processes comply with applicable law.

10. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Third-Party Links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy with a revised “Version Date” and, where required by law, provide additional notice. The updated Policy will apply from its version date.

13. Contact Us

If you have questions or concerns about this Policy or our privacy practices, please contact us:

IQ8 Technology, Inc.
Email: privacy@iq8.ai

For individuals in the European Economic Area or the United Kingdom, you may also have the right to contact your local data protection authority.