arbitrIQ arbitrIQ ← Back to Home

Privacy Policy

Last Updated: December 2025

1. Introduction

This Privacy Policy explains how The Smart Blend SRL ("The Smart Blend", "we", "us") collects, uses, discloses, and safeguards personal data when you use the arbitrIQ platform (the "Service"). We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is: The Smart Blend SRL, Avenue des Gerfauts 10/34, 1170 Watermael-Boitsfort, Belgium.

If you have any questions about this Privacy Policy or our data practices, you can contact us at privacy@arbitrIQ.com.

3. Personal Data We Collect

3.1 Account Information

When you register for an account, we collect information such as your name, email address, password (stored in hashed form), and, where applicable, company or organisation details.

3.2 Usage and Interaction Data

We collect information about how you use the Service, including your login times, features used, navigation paths, credit consumption, and interaction history. This information helps us operate, secure, and improve the Service.

3.3 Analysis Data and Content You Provide

When you use the Service, we process the questions you submit, the parameters you configure, and any documents or text you upload or input ("Analysis Data"). This may incidentally include personal data, depending on what you choose to submit.

You are responsible for ensuring that you have all necessary rights and a lawful basis to upload or input any personal data or confidential information into the Service.

3.4 Billing and Transaction Data

If you purchase credits or subscriptions, we or our payment processors collect billing-related information such as billing address, VAT number (if applicable), partial payment card details, and transaction history. Payment card data is typically processed directly by our payment service providers and not stored in full by us.

3.5 Technical and Log Data

When you access the Service, we may automatically collect technical information such as your IP address, browser type and version, device type, operating system, and general location derived from your IP address. We also generate log data related to access, errors, and security events.

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

  • To create and manage your account and provide the Service (performance of a contract);
  • To process your analyses and queries and display AI-generated outputs (performance of a contract);
  • To handle billing, payments, and accounting (performance of a contract and legal obligation);
  • To maintain and improve the security, performance, and features of the Service (legitimate interest);
  • To prevent misuse, fraud, or security incidents (legitimate interest);
  • To communicate with you about updates, changes, and service notifications (performance of a contract or legitimate interest);
  • To comply with legal obligations, including tax and accounting requirements (legal obligation);
  • Where required, to process data based on your consent (consent).

We may also use aggregated and de-identified Analysis Data to improve, test, and optimise the Service (for example, to refine templates, prompts, or analysis workflows). We do not use such data to train general-purpose AI models in a way that would make your specific inputs or outputs identifiable to other customers.

5. AI Processing and Third-Party Providers

To provide the Service, we send certain elements of your Analysis Data to third-party AI model providers and infrastructure providers. These providers process the data to generate the analyses and outputs you see in arbitrIQ.

We use reputable providers that commit to appropriate technical and organisational measures to protect personal data. These providers act either as our data processors (processing data on our behalf) or, in some cases, as independent controllers with their own privacy policies.

We do not sell your personal data or Analysis Data to third parties.

5.1 Sub-Processors

We engage the following categories of sub-processors to provide the Service:

  • AI model providers (e.g., Anthropic, OpenAI) for generating analyses and outputs;
  • Cloud infrastructure providers (e.g., AWS, Google Cloud) for hosting and data storage;
  • Payment processors (e.g., Stripe) for handling billing and transactions;
  • Authentication and security providers for account management and protection.

An up-to-date list of our main sub-processors is available upon request by contacting privacy@arbitrIQ.com. We may update this list from time to time as we evolve the Service.

6. Data Sharing

We may share your personal data in the following situations:

  • With service providers that support the operation of the Service (e.g., hosting, AI processing, payment processing, customer support);
  • With professional advisors (e.g., lawyers, accountants) where necessary for the operation of our business and compliance with legal obligations;
  • With authorities or regulators where required by law or to protect our rights or the rights of others;
  • In connection with a business transaction such as a merger, acquisition, or sale of assets, in which case your personal data may be transferred to the acquiring entity subject to appropriate safeguards.

7. International Data Transfers

Some of our service providers, including AI providers, may process personal data in countries outside the European Economic Area (EEA). Where such transfers occur, we take steps to ensure that an adequate level of protection is in place, for example by using standard contractual clauses approved by the European Commission or by relying on other valid transfer mechanisms under applicable law.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

  • Account data is generally retained while your account remains active;
  • Analysis history may be retained to allow you to revisit prior analyses and for Service improvement, unless you request deletion where applicable;
  • Billing and transaction data are retained for the period required by tax and accounting laws;
  • Technical logs and security-related data are retained for a period necessary to ensure the security and integrity of the Service.

If you close your account or request deletion, we will delete or anonymise your personal data, except where we are required or permitted by law to retain certain information.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures may include encryption in transit (TLS), hashed passwords, access controls, and monitoring of infrastructure.

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of the Service or your data. You are responsible for keeping your login credentials confidential and for choosing strong, unique passwords.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority in accordance with Article 33 of the GDPR, without undue delay and where feasible within 72 hours of becoming aware of the breach.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, providing details of the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address the breach. We may use the email address associated with your account for such notifications.

11. Your Rights

Depending on applicable law (in particular under the GDPR if you are in the EEA), you may have the following rights regarding your personal data:

  • Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy of such data;
  • Right to rectification – to have inaccurate or incomplete personal data corrected;
  • Right to erasure – to request deletion of your personal data in certain circumstances;
  • Right to restriction – to request restriction of processing in certain circumstances;
  • Right to data portability – to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible;
  • Right to object – to object to certain processing based on legitimate interests;
  • Right to withdraw consent – where processing is based on consent, to withdraw that consent at any time.

To exercise your rights, you can contact us at privacy@arbitrIQ.com. We may need to verify your identity before responding to your request. You also have the right to lodge a complaint with your local data protection authority.

12. Cookies and Similar Technologies

We use essential cookies and similar technologies that are necessary for authentication, session management, and security. These cookies enable the Service to function properly and cannot usually be disabled without affecting basic functionality.

If we use non-essential cookies in the future (for example, for analytics), we will provide you with appropriate information and, where required, obtain your consent.

13. Children's Privacy

The Service is not directed to and should not be used by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can take appropriate action.

14. Your Responsibility When Using the Service

You are responsible for ensuring that any personal data or confidential information you submit to the Service can be lawfully processed by us and our providers. You should avoid entering more personal or sensitive data than is strictly necessary for your use of the Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you through the Service, by email, or by other appropriate means. The updated Privacy Policy will apply from the date indicated as "Last Updated".

16. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or our handling of personal data, please contact us at: privacy@arbitrIQ.com or by post at The Smart Blend SRL, Avenue des Gerfauts 10/34, 1170 Watermael-Boitsfort, Belgium.