This Policy explains how JcurveIQ ("JcurveIQ," "we," "us") collects, uses, discloses and protects information relating to identified or identifiable individuals ("Personal Data") when you:
If a capitalised term is not defined here, it has the meaning given in our End-User License Agreement (EULA) or Data Processing Addendum (DPA). Where the EULA/DPA and this Policy conflict, the DPA controls for privacy matters.
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, business-email, phone, employer, role | You (web form, onboarding, emails) |
| Account credentials | Password hashes, SSO tokens, API keys | You / your employer |
| Commerce data | Billing contacts, PO numbers, last 4 digits of card (if paid tier) | You / payment processor |
| Usage data | IP address, device/OS, timestamps, click-streams, feature flags | Automatic (server logs, first-party cookies, Datadog) |
| Diagnostics | Error traces, crash dumps, minimal model prompts | Automatic |
| Marketing data | Newsletter opt-in, event attendance, LinkedIn lead ads | You / B2B lead providers |
| Derived insights | Heat-maps, aggregate analytics | Our analytics pipeline |
We do not intentionally collect special-category data (GDPR Art 9) or children's data (< 16 yo). If you believe we hold such data inadvertently, email hello@jcurveiq.com.
| Purpose | Legal basis (GDPR) | Typical data used |
|---|---|---|
| Provide, secure & maintain the Service | Art 6 (1)(b) contract; Art 6 (1)(f) legitimate interest in security | Identifiers, account, usage, diagnostics |
| Respond to demo requests & support tickets | Contract / legitimate interest | Identifiers, diagnostics |
| Product analytics & feature planning | Legitimate interest (Art 6 (1)(f)); opt-out available | Usage, derived insights |
| Marketing emails & webinars | Consent (Art 6 (1)(a)) for EEA; soft opt-in for B2B under PECR | Identifiers, marketing data |
| Legal & compliance (export control, AML, CPRA requests) | Legal obligation (Art 6 (1)(c)) | Identifiers, commerce, logs |
| AI model improvement (optional) | Consent (opt-in toggle) | De-identified prompts |
Under India's DPDP Act we act as a Data Fiduciary; under CPRA we are a Service Provider/Contractor; under GDPR/UK GDPR we are a Controller for Site visitors and a Processor for in-product Customer Data.
We use first-party, non-advertising cookies to:
A banner on your first visit lets EU/UK users refuse non-essential cookies (analytics). You can also clear cookies in your browser settings.
We currently run every part of JcurveIQ on infrastructure we directly own or control. We do not disclose, sell, rent, trade or otherwise share Personal Data with any third-party service provider, processor, sub-processor, advertiser or analytics vendor.
We will only disclose Personal Data in the following narrow circumstances:
| Circumstance | Typical safeguard |
|---|---|
| Legal or regulatory demand | We comply only with lawful requests and will notify you (unless legally prohibited). |
| Protect our rights or the rights of others | Disclosure limited to what is strictly necessary to investigate or prevent fraud, security incidents, or legal claims. |
| Business re-organisation (e.g., future incorporation or asset sale) | Personal Data would transfer subject to this Privacy Policy and applicable law; you will receive prior notice and the ability to opt out if legally required. |
Should we begin using any external sub-processor (for hosting, email delivery, analytics, payments, etc.), we will update this Section 5 at least 10 business days before the new provider receives Personal Data.
Technical & organisational measures (TOMs):
Despite these controls no system is 100% secure; see § 11 for liability limits.
Default retention periods:
| Data | Live | Archived / anonymised |
|---|---|---|
| Demo-form submissions | 24 months | Deleted |
| Account & billing | Life of contract + 7 years (tax) | Deleted |
| Usage & diagnostics logs | 18 months | Aggregated, then deleted |
| Marketing unsubscribes | Indefinite (suppression list) | — |
You can request earlier deletion (subject to legal holds).
| Region | Rights | How to exercise |
|---|---|---|
| EEA / UK | Access, rectification, deletion, restriction, portability, objection, lodge complaint with DPA | Email hello@jcurveiq.com |
| California (CPRA) | Know, access, correct, delete, opt-out of "sale/share", limit use of sensitive data, no retaliation | hello@jcurveiq.com |
| Virginia / Colorado / Utah / Connecticut | Access, correct, delete, data portability, opt-out of profiling | hello@jcurveiq.com |
| Brazil (LGPD) | Confirm processing, access, correct, anonymise, delete, portability, revocation | hello@jcurveiq.com |
| India (DPDP) | Access, correction, erasure, grievance redress (§ 13) | hello@jcurveiq.com |
We will verify your identity (email confirmation or reasonable KYC) and respond within the statutory deadline (30 – 45 days, region-specific).
The Site and Service are business-to-business (B2B) and not directed to children under 16. We do not knowingly collect children's Personal Data. If you believe we have done so, contact hello@jcurveiq.com for deletion.
Site-visit data is provided "as is." We make no warranties beyond those in our EULA. To the maximum extent permitted by law, our total liability for privacy-related claims is limited to USD 100 (or fees paid in the preceding 12 months for paying customers). See EULA § 10 for details.
We may update this Policy from time to time. Material changes will be announced by:
Continued use after the effective date constitutes acceptance.
We collect: identifiers; professional info; internet activity (logs).
Purposes: as set out in § 3 above.
Retention: see § 8.
We do not sell or share Personal Data as "sell/share" is defined by the CPRA. You can exercise CPRA rights via hello@jcurveiq.com.