Company: CollectivIQ, Inc. (headquartered in Florida, USA)

This Privacy Policy explains how CollectivIQ, Inc. (“CollectivIQ,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit our marketing website (collectiviq.ai) and when you use the CollectivIQ platform, apps, APIs, and marketing website (together, the “Service”). It also describes your choices and rights. If you do not agree with this Policy, please do not use the Service.

Scope and roles

• Marketing site: CollectivIQ is the controller of personal information collected on our public website and through our marketing activities.
• Platform/workspaces: For enterprise workspaces, your organization (the “Organization”) is generally the controller of personal information in that workspace, and CollectivIQ acts as a processor/service provider. Our Data Processing Addendum (DPA) applies to those relationships.

1. Information We Collect

A) Information you provide

• Account and profile: name, email address, password or SSO identifiers, role, organization, and optional profile details.
• Workspace content (“User Content”): prompts, instructions, files you upload, data source connections, conversation history, feedback, and outputs generated for you.
• Communications and support: messages to support, survey responses, issue reports, and feedback.
• Billing (if applicable): billing contact details and subscription status. Payment card data is collected and processed by our payment processor (e.g., Stripe) and not stored by CollectivIQ.

B) Information we collect automatically

• Usage and device data: IP address, device and browser type, operating system, language, referral URLs, pages/screens viewed, time on page, clicks, model selections, session timestamps, error logs, and performance data.
• Cookies and similar tech: cookies, pixels, tags, SDKs, and local storage to run the site, keep you signed in, measure performance, and personalize content/ads. See “Cookies and tracking” below.

C) Information from third parties

• SSO/identity and integrations: if you sign in through your Organization (e.g., Okta, Azure AD, Google, Microsoft) or connect third-party tools, we receive identifiers and profile/authorization data needed for the integration.
• Analytics/ads and enrichment: services such as Google Analytics, Google Tag Manager, Google Ads, and business-to-business data providers like ZoomInfo for audience insights and to keep our business contact records current.
• Partners/referrals: we may receive your contact details from partners or colleagues who invite you to collaborate.

We do not seek to collect sensitive personal data. Please avoid sharing sensitive data unless it is necessary and permitted by your Organization’s policies.

2. How we use information

We use information to:

• Provide and operate the Service, including multi-model AI orchestration, collaboration, search, and account administration.
• Secure, monitor, and troubleshoot the Service; prevent fraud, abuse, and security incidents.
• Improve the Service, develop new features, quality-assure prompts/outputs, and perform analytics and research (using aggregated or de-identified data where possible).
• Communicate with you about the Service (onboarding, product updates, support) and send marketing communications where permitted (you can opt out).
• Personalize content and measure marketing effectiveness, including through Google Ads and similar platforms.
• Comply with law, enforce terms, and protect rights, safety, and property.

3. AI/model processing and data handling

• No training on your data by default: We do not use your prompts, files, or outputs to train foundation models or third-party models unless you or your Organization explicitly opt in in writing.
• Third-party model providers: To generate results, the platform may send prompts and necessary context to third-party large language models (e.g., OpenAI, Anthropic, Google). We configure and contractually request those providers to disable training on your data and to apply appropriate privacy and security controls. Their independent logging/retention practices are described in their policies.
• Ephemeral processing and history: Model inference is designed to be ephemeral. We store application history and metadata to power collaboration, sharing, audit, and continuity. Organizations may set retention policies and can limit or disable history where supported.
• Human access: Our staff may access limited information to operate the Service, resolve support requests, investigate abuse/security issues, or when required by law and subject to confidentiality obligations.

4. Cookies and tracking; consent and preferences

What we use

• We use OneTrust to manage cookie consent and a preference center. Cookie categories include:
  • Strictly necessary (required for the site to function).
  • Performance/analytics (e.g., Google Analytics).
  • Functional (remembering preferences).
  • Targeting/advertising (e.g., Google Ads; audience insights with ZoomInfo).

Your choices

• On your first visit and at any time thereafter, you can manage cookie preferences through the OneTrust banner or preference center on our site. You can also control cookies via your browser settings. Note that some features may not function without certain cookies.
• Do Not Track/Global Privacy Control: We honor browser-level Global Privacy Control (GPC) signals where required by law. We do not currently respond to legacy “Do Not Track” signals.
• Ad choices: Manage Google Ads personalization at adssettings.google.com and opt out of interest-based advertising via the NAI/DAA tools (networkadvertising.org/choices and aboutads.info/choices). You can opt out of Google Analytics via tools.google.com/dlpage/gaoptout.

5. How we share information

We do not sell your personal information. We may share information as follows:

• Service providers (“processors”): hosting, storage, security, logging/monitoring, analytics (Google Analytics), tag management (Google Tag Manager), advertising measurement (Google Ads), data enrichment (e.g., ZoomInfo), customer support, communications, email delivery, and payments. These providers process data under contracts that limit use to providing services to us.
• AI model providers: large language model APIs used to generate outputs, as described in Section 3.
• Your Organization and collaborators: admins may access your account and content within the Organization’s workspace. If you share a thread, those recipients can view and reuse the included content. Public links may be accessible by anyone with the link—share thoughtfully.
• Legal, safety, and compliance: to comply with law or lawful requests, or to protect the rights, safety, and property of users, the public, and CollectivIQ.
• Business transfers: as part of a merger, acquisition, financing, or sale of assets (we will take steps to ensure your privacy rights continue).
• Aggregated/de-identified data: we may share aggregate insights that do not identify you.

6. Your rights and choices

Product controls

• Access, export, delete: Within the platform, you can view and export conversation history and files, and you may request deletion. For enterprise workspaces, contact your admin; we process such requests under our DPA.
• Sharing controls: You control who you share with. You may revoke sharing at any time.

Communications

• Marketing emails: Click “unsubscribe” in any marketing email or manage preferences in your account. We will continue to send essential service and security notices.

Cookies and ads

• Use the OneTrust preference center to manage cookie categories. You may also use browser and platform ad controls (see Section 4).

Privacy rights (based on where you live)

• United States (e.g., CA/VA/CO/CT/UT): You may have the right to access, correct, delete, or receive a portable copy of your personal information; opt out of “sales,” “sharing,” or targeted advertising; and limit the use of sensitive personal information. We do not sell personal information for money, but we may “share” identifiers and internet activity with advertising partners for cross-context behavioral advertising. Use the OneTrust “Your Privacy Choices” link (if available on our site) or contact us to exercise rights. We will verify your request and respond within statutory timelines. You may use an authorized agent where permitted. You will not be discriminated against for exercising rights. If we deny your request, you may appeal by replying to our decision email.
• EEA/UK/Switzerland (GDPR): You may request access, correction, deletion, restriction, or portability of your personal data, and object to processing, including for direct marketing. Where we rely on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your local data protection authority.
  
  

Submit privacy requests by emailing privacy@collectiviq.ai. For workspace data, we may redirect your request to your Organization.

7. Legal bases for processing (EEA/UK/Switzerland)

We process personal data based on: performance of a contract (to provide the Service), our legitimate interests (to secure and improve the Service, communicate with you, and market to business contacts), consent (for cookies/ads and certain marketing), and compliance with legal obligations.

8. Data retention

• Account and profile data: kept for the life of your account and a reasonable period thereafter (e.g., up to 24 months) if needed for support, audits, or to comply with law.
• Workspace content: retained per your Organization’s settings and our contract; we delete or anonymize within agreed timelines after termination, subject to legal holds and backup cycles.
• Logs and diagnostics: typically 30–180 days, unless needed for security or investigations.
• Marketing/analytics: typically up to 24–26 months, unless you opt out sooner.
• Backups: normally rotate within 30–90 days.
  
  

We may keep de-identified or aggregated data that does not identify you.

9. Security

We use industry-standard safeguards to protect information, including encryption in transit and at rest, access controls and least-privilege policies, monitoring, and regular security reviews. No method of transmission or storage is 100% secure. Please protect your account credentials and notify us immediately of suspected unauthorized access.

Security contact: security@collectiviq.ai

10. International transfers

We are based in the United States and may process information in the U.S. and other countries. When transferring personal data from the EEA/UK/Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) and supplementary measures as needed. Our DPA provides more detail for enterprise customers.

11. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it promptly. In some jurisdictions, higher age thresholds may apply.

12. Third-party links and services

Our site and platform may link to or integrate with third-party websites or services (e.g., SSO providers, cloud storage, productivity tools). Their privacy practices are governed by their own policies; we are not responsible for them.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you (for example, by email, in-product notice, or posting the update on our site). The “Effective date” above reflects the latest version.

14. Contact us

• Privacy requests and questions: privacy@collectiviq.ai
• General support: support@collectiviq.ai
• Legal/data protection inquiries: legal@collectiviq.ai
• Security issues: security@collectiviq.ai
• Mailing address: CollectivIQ, Inc., Attn: Privacy, [Florida business address]
  
  

Additional notices

California “Notice at Collection”

• Categories we collect: identifiers (e.g., name, email, IP), commercial information (subscriptions), internet/network activity (usage, logs), geolocation (approximate from IP), professional information (title/company), and inferences (product interest segments).
• Sources: you, your Organization, devices/browsers, cookies/trackers, SSO/integrations, partners, and data providers (e.g., ZoomInfo).
• Purposes: as listed in Section 2. We do not sell personal information for money. We may “share” identifiers and internet activity with advertising partners for cross-context behavioral advertising; you can opt out via “Your Privacy Choices” (when available) or through OneTrust.
• Retention: see Section 8.
• Sensitive information: we do not use or disclose sensitive personal information for purposes other than those permitted by law (e.g., to provide the service or ensure security).

Controller/processor summary

• For marketing and self-serve accounts, CollectivIQ is the controller.
• For enterprise workspace data, your Organization is the controller; CollectivIQ is the processor/service provider under the DPA.