Sign in Request access
← All legal documents

Privacy Policy

The Intelligence Company AB (publ) · Last updated

This privacy policy describes how The Intelligence Company AB (publ) (“TIC”) processes personal data in connection with the HQ service. The policy is directed at you who use HQ and at others whose personal data is processed within the scope of the Service. Capitalised terms have the same meaning as in the Terms of Service for HQ.

1 CONTROLLER AND CONTACT

1.1 The controller for the processing described in section 3.1 is:

The Intelligence Company AB (publ), reg. no. 559487-1682 Box 33, 824 21 Hudiksvall, Sweden

1.2 TIC’s data protection contact can be reached at dpo@hq.zone.

2 TIC’S ROLE - CONTROLLER AND PROCESSOR

2.1 TIC is the controller for the processing of personal data relating to your account, your Users, invoicing, security and use of the Service (see section 3.1).

2.2 For personal data contained in Customer Content - that is, data that the Customer or its Users provide to the Service, or that is retrieved via Integrations - the Customer is the controller and TIC is the processor. Such processing is governed by the Data Processing Agreement for HQ. If you are a data subject whose data is contained in a Customer’s Customer Content, you should contact that Customer to exercise your rights.

3 PERSONAL DATA THAT TIC PROCESSES AS CONTROLLER

3.1 As a controller, TIC processes, among other things:

  • Account data: name, work email, telephone number and organisational affiliation.
  • User identifiers: user ID, login and permission data.
  • Usage and log data: events in the Service, consumption of Credits, security and audit logs, and technical metadata (e.g. IP address).
  • Billing and contract data.
  • Communications with TIC, e.g. support cases.
  • Website data: cookies and similar identifiers in accordance with section 9.

4.1 TIC processes the data in section 3.1 for the following purposes and on the following legal bases:

  • Providing and administering the Service (performance of a contract).
  • Invoicing and financial administration (performance of a contract and legal obligation).
  • Security, operation, troubleshooting and improved reliability (legitimate interest).
  • Communication and support (legitimate interest and performance of a contract, respectively).
  • Compliance with law (legal obligation).
  • Non-essential cookies and any marketing (consent).

5 RECIPIENTS AND SUB-PROCESSORS

5.1 TIC shares personal data with providers that process data on TIC’s behalf, including:

  • Hosting and infrastructure (cloud provider within the EU/EEA).
  • Model Serving via a cloud platform (e.g. AWS Bedrock or Azure AI Foundry) and Model Providers for the generation of Output.
  • Payment: Stripe.
  • Providers for messaging, analytics and support.

5.2 A list of sub-processors is set out in Annex C to the Data Processing Agreement for HQ. TIC does not use Customer Content to train its own or third-party models and does not sell personal data.

5.3 TIC may also disclose data to public authorities where required by law.

6 TRANSFERS TO THIRD COUNTRIES

6.1 TIC processes personal data within the EU/EEA as a standard. Transfer to a third country may, however, occur, e.g. where a Model is only provided via a Model Provider’s direct interface outside the EU/EEA. Such transfer takes place with appropriate safeguards, e.g. the European Commission’s standard contractual clauses.

7 RETENTION

7.1 Personal data that TIC processes as a controller is retained for as long as necessary for the purpose, during the term and thereafter for as long as required for invoicing, accounting (under the Swedish Bookkeeping Act) or to handle legal claims.

7.2 The processing of personal data in Customer Content, for which TIC is the processor, is governed by the Data Processing Agreement. On expiry of the agreement, Customer Content is deleted or returned; deletion from active systems takes place within approximately thirty (30) days and data in encrypted backups is phased out in line with ordinary backup rotation.

8 YOUR RIGHTS

8.1 You have the right to request access to your personal data, to have inaccurate data rectified, to have data erased, to object to or request restriction of the processing, and to request data portability. You also have the right to withdraw consent given and to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

8.2 For data where TIC is the processor (Customer Content), you should contact the Customer that is the controller.

9 COOKIES AND TRACKING TECHNOLOGY

9.1 TIC’s website may use cookies and similar technology. Information and, where required, consent are obtained via a separate cookie notice.

10 SECURITY

10.1 TIC implements appropriate technical and organisational security measures, including encryption of personal data at rest and in transit, access control and multi-factor authentication, logging and monitoring, and procedures for incident response and backup. TIC is certified under ISO/IEC 27001.

11 CHANGES TO THIS POLICY

11.1 TIC may update this privacy policy. The version in force from time to time is published by TIC, and the date of the most recent update is stated above. In the event of material changes, TIC will inform in an appropriate manner.

12 CONTACT

12.1 For questions about this policy or TIC’s processing of personal data, contact TIC’s data protection contact under section 1.2.