Privacy Policy

Last updated: January 9, 2025

1. Information We Collect

Account Information

When you create a BlindsideIQ account, we collect:

  • Name and email address
  • Organization name and domain
  • Password (encrypted and never stored in plain text)

Microsoft 365 Data

With your explicit consent, we access and analyze:

  • Email metadata (sender, recipient, subject, date/time)
  • Email content for AI-powered analysis
  • Calendar metadata for meeting insights
  • Contact information from your organization's directory

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Performance metrics and error reports
  • Feature usage analytics

2. How We Use Your Information

We use your information to:

  • Provide our service: Analyze email patterns, generate insights, and track customer relationships
  • Improve our platform: Enhance AI accuracy, develop new features, and optimize performance
  • Communicate with you: Send service updates, security alerts, and support responses
  • Ensure security: Monitor for fraud, protect against threats, and maintain data integrity
  • Comply with legal obligations: Meet regulatory requirements and respond to legal requests

3. Data Processing and AI

AI Analysis

We use advanced AI models (including Llama 3.1) to:

  • Classify emails by category (sales, support, finance, etc.)
  • Analyze sentiment and communication patterns
  • Generate summaries and extract insights
  • Identify customer relationship trends

Data Security

All AI processing is performed:

  • On secure, encrypted infrastructure
  • With strict access controls and monitoring
  • Following best practices aligned with ISO 27001 standards
  • Without human review of email content

4. Data Sharing and Disclosure

We never sell your personal information. We may share data only in these limited circumstances:

  • Service providers: Trusted vendors who help operate our platform (cloud hosting, analytics)
  • Legal compliance: When required by law, court order, or government request
  • Business transfers: In connection with mergers, acquisitions, or asset sales
  • Safety and security: To protect users, prevent fraud, or address technical issues

All third-party integrations are bound by strict confidentiality agreements and data processing terms.

5. Data Retention and Deletion

We retain your data only as long as necessary to provide our services:

  • Account data: Until account deletion
  • Email analysis data: 7 years for business records compliance
  • Usage logs: 90 days for security and troubleshooting
  • Backup data: 30 days in secure, encrypted backups

You can request account deletion at any time through your account settings or by contacting support.

6. Your Rights and Choices

Access and Control

You have the right to:

  • Access and download your personal data
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Restrict or object to certain data processing
  • Data portability in machine-readable formats

Microsoft 365 Permissions

You can:

  • Revoke Microsoft 365 access permissions at any time
  • Select specific mailboxes for monitoring
  • Export or delete analyzed data before disconnecting

7. Data Processing Location

BlindsideIQ operates with a data residency-first approach:

  • UK/EU customers: All data processing occurs within the UK and EU/EEA
  • Future US customers: Would receive a dedicated US-based deployment
  • No international transfers: Your data never leaves your region

This approach ensures compliance with local data protection laws and eliminates the need for international data transfer mechanisms.

8. Security Measures

We implement industry-leading security practices:

  • Encryption: AES-256 encryption at rest and TLS 1.3 in transit
  • Access controls: Multi-factor authentication and role-based permissions
  • Monitoring: Comprehensive security monitoring and logging
  • Standards: Security practices aligned with ISO 27001 best practices
  • Incident response: Documented procedures for security breaches
  • Regular audits: Ongoing security assessments and improvements

9. Children's Privacy

BlindsideIQ is designed for business use and not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your account email address
  • Prominent notice on our website
  • In-app notifications for significant changes

Your continued use of BlindsideIQ after changes take effect constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions, concerns, or requests, contact us:

Email: hello@blindsideiq.com

Data Protection Officer: dpo@blindsideiq.com

Address: BlindsideIQ Ltd, London, United Kingdom

We will respond to your inquiry within 30 days as required by applicable privacy laws.