Privacy Policy
IQIUU Research Ltd. — Effective: March 1, 2026 · Last updated: March 11, 2026
1. Information We Collect
We collect the following categories of information when you use our Services:
Account Information: Email address, username, authentication credentials, and any profile information you provide during registration.
Usage Data: Information about how you interact with the Services, including pages visited, features used, API endpoints called, timestamps, and session duration.
Conversations: Messages and content submitted through the chat interface, including prompts, responses, and any files or data you upload during a session.
Analytics Data: We collect technical information including your IP address, approximate geographic location (via ip-api.com), device type, operating system, browser type and version, screen resolution, and referral source.
2. How We Use Information
We use the collected information for the following purposes:
- Providing Services: To operate, maintain, and deliver the features and functionality of the platform, API, chat interface, and playground.
- Improving AI Models: To evaluate, improve, and develop our AI models and research. Conversation data may be used for model evaluation and safety analysis.
- Analytics: To understand usage patterns, measure performance, and make data-driven improvements to the Services.
- Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
- Communication: To send you service-related notifications, updates, and responses to your inquiries.
3. Data Storage
Your data is stored and processed as follows:
- Primary data is stored in SQLite databases on our infrastructure.
- All data is encrypted at rest using industry-standard encryption.
- Our servers are located in the European Union, hosted on Hetzner infrastructure in Germany.
- Backups are maintained in encrypted form and stored within the EU.
4. Cookies & Tracking
We use the following tracking mechanisms:
- Session IDs: To maintain your authenticated session and provide continuity across page views.
- Analytics Events: We track page views, interactions, scroll depth, time on page, and funnel progression to understand how the Services are used.
- No Third-Party Cookies: We do not use third-party advertising cookies or tracking pixels. We do not share your browsing data with ad networks.
5. Third-Party Services
We use the following third-party services in the operation of our platform:
- ip-api.com: For IP-based geolocation to provide analytics and regional service optimization. Your IP address is sent to this service.
- Gemini (Google): For certain AI processing tasks. Data sent to Gemini is governed by Google's data processing terms.
- Telegram: For internal notifications and administrative alerts. No user personal data is shared via Telegram.
We do not sell your personal data to any third party.
6. Data Retention
We retain your data for the following periods:
- Conversations: Retained until you request deletion or delete them through the interface.
- Analytics Data: Retained for up to 2 years from the date of collection, then anonymized or deleted.
- Waitlist Data: Retained until you unsubscribe or request removal.
- Account Data: Retained for the duration of your account and for a reasonable period thereafter for legal and operational purposes.
7. Your Rights
Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete personal data.
- Right to Erasure: You may request deletion of your personal data, subject to legal retention obligations.
- Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
- Right to Object: You may object to the processing of your personal data for certain purposes, including direct marketing.
- Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
To exercise any of these rights, contact us at privacy@iqiuu.com. We will respond within 30 days.
8. Children's Privacy
The Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@iqiuu.com.
9. International Transfers
All data processing takes place within the European Union. Our primary infrastructure is hosted on Hetzner servers in Germany. In the event that data must be transferred outside the EU, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Security Measures
We implement comprehensive security measures to protect your data:
- Encryption at rest and in transit (TLS 1.3).
- Access controls and authentication for all internal systems.
- Regular security audits and vulnerability assessments.
- Intrusion detection and monitoring systems.
- Incident response procedures for potential data breaches.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
Material changes may be communicated via email or through a notice on the Services.
12. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
IQIUU Research Ltd.
Email: privacy@iqiuu.com
Data Protection Officer (DPO)
Email: dpo@iqiuu.com
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.